PDA

View Full Version : Malware not detected by Malwarebytes, Spybot and Adw cleaner!



SargeP
2017-01-08, 22:11
Hi, I'm having some real issues with nasty Malware that is not being detected by the programs listed above.
As a disclaimer I will say that my browser does not show all images. And some websites, eg. youtube, do not load properly all together due to the infection. I had to make my account on this forum via my laptop as i could not see the picture that verifies that i am a human. I have had malware in the past but i have always found a way to completely remove it. The malware that I have now started showing itself today but I dont know when I was infected.
Farbar Logs and aswMBR logs following!

Farbar Logs (FRST):

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Marvin (administrator) on MARVINS_PC (08-01-2017 20:51:26)
Running from C:\Users\Marvin\Desktop
Loaded Profiles: Marvin (Available Profiles: Marvin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Scarlet.Crush Productions) C:\Program Files\PS3 Controllers\bin\ScpService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files\IJD61O2L61\IJD61O2L6.exe
() C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
() C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\USB Vibration\7906\USB Gamepad.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6625672 2016-08-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [USB Gamepad] => C:\Windows\USB Vibration\7906\USB Gamepad.exe [796784 2008-12-10] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe [117561 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => C:\Program Files\IJD61O2L61\IJD61O2L6.exe [369664 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe [369664 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [UVFmedia] => regsvr32.exe C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll <===== ATTENTION
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
HKU\S-1-5-18\...\Run: [71KFQTEHQA] => C:\Program Files\EET2FMBFLG\EET2FMBFL.exe [369664 2017-01-08] ()
HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-01-08]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{EB100C81-CB83-4438-99D2-8059C3A5BDFC}: [DhcpNameServer] 192.168.2.1 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-4016113358-843845156-2686539769-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: 5954ldyi.default
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default [2017-01-08]
FF NetworkProxy: Mozilla\Firefox\Profiles\5954ldyi.default -> autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((host == "www.abc.net.au")
(host == "iview.abc.net.au")
(host == "iviewmetered-vh.akamaihd.net")
(url.indexOf("proxmate=au") != -1)
(host == "livestream.com")
(host == "www.livestream.com")
(host == "api.new.livestream.com")
(host == "player.ooyala.com")
(host == "xnewsvidhd-vh.akamaihd.net")
(host == "www.animelab.com")
(host == "dcgm6i50yfgtk.cloudfront.net")) { return 'PROXY au-node.proxmate.me:8008' } else if ((url.indexOf("proxmate=ca") != -1)
(host == "ici.tou.tv")
(host == "toutvuniver1-vh.akamaihd.net")
(host == "geoip.radio-canada.ca")
(host == "api.radio-canada.ca")
(host == "images.tou.tv")
(host == "player.siriusxm.ca")
(host == "primary.hls-streaming.production.streaming.siriusxm.ca")
(host == "now.sportsnet.ca")
(host == "watch.sportsnet.ca")
(host == "player.9c9media.com")
(host == "metrics.ctv.ca")
(host == "capi.9c9media.com")
(host == "www.ctv.ca")) { return 'PROXY ca-node.proxmate.me:8008' } else if ((host == "arte.tv")
(host == "www.arte.tv")
(host == "geoftv-a.akamaihd.net")
(host == "hdfauthftv-a.akamaihd.net")
(host == "replayftv-vh.akamaihd.net")
(host == "ftvingest-vh.akamaihd.net")
(host == "live.francetv.fr")
(host == "d8.tv")
(host == "www.d8.tv")
(host == "us-cplus-aka.canal-plus.com")
(host == "hds_live_d8_aka-lh.akamaihd.net")
(host == "d17.tv")
(host == "www.d17.tv")
(host == "hds_live_d17_aka-lh.akamaihd.net")
(url.indexOf("proxmate=fr") != -1)
(host == "www.6play.fr")
(host == "geo.6cloud.fr")
(host == "proxy-021.dc3.dailymotion.com")
(host == "proxy-67.dailymotion.com")
(host == "prof.estat.com")
(host == "metrics.dailymotion.com")
(host == "www.dailymotion.com")
(host == "vmap.snappytv.com")) { return 'PROXY fr-node.proxmate.me:8008' } else if ((host == "vod-akamai-psd-hds.p7s1digital.de")
(host == "vas.sim-technik.de")
(url.indexOf("proxmate=de") != -1)
(host == "nightclub.de")
(host == "zdf.de")
(host == "www.zdf.de")
(host == "zdf_hds_de-f.akamaihd.net")
(host == "api.nowtv.de")
(host == "delivestream-lh.akamaihd.net")
(host == "cdnapi.kaltura.com")
(host == "disneychannel.de")
(host == "www.southpark.de")) { return 'PROXY de-node.proxmate.me:8008' } else if ((host == "www.tg4.ie")
(url.indexOf("proxmate=ie") != -1)) { return 'PROXY ie-node.proxmate.me:8008' } else if ((host == "rai.tv")
(host == "www.rai.tv")
(host == "mediapolis.rai.it")
(host == "www.rai.it")
(host == "stream5.rai.it")
(host == "stream6.rai.it")
(host == "stream7.rai.it")
(host == "sspushrai1-s.akamaihd.net")
(host == "sspushrai2-s.akamaihd.net")
(host == "sspushraisport2-s.akamaihd.net")
(host == "sspushrai3-s.akamaihd.net")
(host == "secondary.adaptiveedge.rai.it")
(host == "rai-italia01.wt-eu02.net")
(host == "download.rai.tv")
(host == "mediapolisvod.rai.it")
(host == "ww.rai.tv")
(host == ".xuniplay.fdnames.com")
(url.indexOf("xuniplay.fdnames.com") != -1)
(host == "se-to1-8.se.live3.msf.ticdn.it")
(host == "live.shinystat.com")
(host == "lic.mediaset.net")
(host == "cssr.video.mediaset.it")
(url.indexOf("proxmate=it") != -1)
(host == "www.vvvvid.it")) { return 'PROXY it-node.proxmate.me:8008' } else if ((host == "telecinco.es")
(host == "telecinco1-vh.akamaihd.net")
(host == "www.telecinco.es")
(url.indexOf("proxmate=es") != -1)
(host == "antena3.com")
(host == "www.antena3.com")
(host == "geodesprogresiva.antena3.com")
(host == "rtve.es")
(host == "www.rtve.es")
(host == "ztnr.rtve.es")
(host == "mvodt.lvlt.rtve.es")
(host == "swf.rtve.es")
(host == "cuatro.com")
(host == "www.cuatro.com")
(host == "cuatro1-vh.akamaihd.net")
(host == "peliculas-online.atresplayer.com")
(host == "servicios.atresplayer.com")
(host == "atresplayer.com")
(host == "www.atresplayer.com")
(host == "k.uecdn.es")
(host == "v.uecdn.es")
(host == "as.com")
(host == "ep00.epimg.net")) { return 'PROXY es-node.proxmate.me:8008' } else if ((host == "prosieben.ch")
(host == "www.prosieben.ch")
(host == "s1tv.ch")
(host == "www.s1tv.ch")
(host == "zba2-0-hds-live.zahs.tv")
(host == "embed-zattoo.com")
(host == "chtv.ch")
(host == "www.chtv.ch")
(host == "zba2-1-hds-live.zahs.tv")
(host == "sat1.ch")
(host == "www.sat1.ch")
(host == "rsi.ch")
(host == "www.rsi.ch")
(host == "codch-vh.akamaihd.net")
(host == "il.srgssr.ch")
(host == "ch.viva.tv")
(host == "intl.esperanto.mtvi.com")
(url.indexOf("proxmate=ch") != -1)
(host == "zattoo.com")
(host == "www.srf.ch")
(host == "srgssruni1ch-lh.akamaihd.net")
(host == "srgssruni2ch-lh.akamaihd.net")
(host == "srgssruni3ch-lh.akamaihd.net")
(host == "www.teleboy.ch")
(host == "aka-cdn-ns.adtech.de")
(host == "teleboy.customers.cdn.iptv.ch")) { return 'PROXY ch-node.proxmate.me:8008' } else if ((host == "www.bbc.co.uk")
(host == "open.live.bbc.co.uk")
(host == "fig.bbc.co.uk")
(host == "vod-hds-uk-live.edgesuite.net")
(host == "vod-hds-uk-live.bbcfmt.vo.llnwd.net")
(host == "www.bbc.co.uk")
(host == "vs-hds-uk-live.bbcfmt.vo.llnwd.net")
(host == "vs-hds-uk-live.edgesuite.net")
(host == "c.brightcove.com")
(host == "secure.brightcove.com")
(host == "metrics.brightcove.com")
(host == "stv-ak.cds1.yospace.com")
(host == "core.stvfiles.com")
(host == "player.stv.tv")
(host == "stv.brightcove.com.edgesuite.net")
(host == "uk-dev-stv.cdn.videoplaza.tv")
(host == "mercury.itv.com")
(host == "www.itv.com")
(host == "itv.com")
(host == "llnw.live.btv.simplestream.com")
(host == "players.simplestream.com")
(host == "uapi.simplestream.com")
(host == "channel5.com")
(host == "wwwcdn.channel5.com")
(host == "cassie.channel5.com")
(host == "player.channel5.com")
(host == "deliver-hls.channel5.com")
(host == "akahls.channel5.com")
(host == "llnwhls.channel5.com")
(host == "milkshake.tv")
(host == "www.milkshake.tv")
(host == "trk-euwest.tidaltv.com")
(host == "mp.adverts.itv.com")
(host == "req.tidaltv.com")
(host == "s1.2mdn.net")
(host == "pes.itv.com")
(host == "ned.itv.com")
(host == "itvdotcom.2cnt.net")
(host == "tom.itv.com")
(host == "dave.uktv.co.uk")
(host == "uktvplay.uktv.co.uk")
(host == "uktvhdse.brightcove.com.edgesuite.net")
(host == "admin.brightcove.com")
(host == "really.uktv.co.uk")
(host == "yesterday.uktv.co.uk")
(host == "drama.uktv.co.uk")
(host == "live.tvplayer.com")
(host == "tvplayer.com")
(host == "sapi.tvplayer.com")
(host == "api.tvplayer.com")
(host == "www.gamefront.com")
(url.indexOf("proxmate=uk") != -1)
(host == "channel4.com")
(host == "ais.channel4.com")
(host == "pandr.my.channel4.com")
(host == "all4nav.channel4.com")
(host == "4id.channel4.com")) { return 'PROXY uk-node.proxmate.me:8008' } else if ((host == "link.theplatform.com")
(host == "discidevflash-f.akamaihd.net")
(host == "api.geoip.dp.discovery.com")
(host == "vidtech.cbsinteractive.com")
(host == "vidtech.cbsima.com")
(host == "om.cbsi.com")
(host == "media.mtvnservices.com")
(host == "api-manga.crunchyroll.com")
(host == "crunchyroll.com")
(host == "www.crunchyroll.com")
(host == "cdn.wwtv.warnerbros.com")
(host == "hlsioscwtv.warnerbros.com")
(host == "media.cwtv.com")
(host == "servicesaetn-a.akamaihd.net")
(host == "live.mlssoccer.com")
(host == "tvewnbc-i.akamaihd.net")
(host == "tvenbceast-i.akamaihd.net")
(host == "nbcmpx-vh.akamaihd.net")
(host == "www.pandora.com")
(host == "video.pbs.org")
(host == "ga.video.cdn.pbs.org")
(host == "urs.pbs.org")
(host == "play.spotify.com")
(host == "www.spotify.com")
(host == "play.spotify.edgekey.net")
(host == "www.iheart.com")
(host == "api2.iheart.com")
(host == "api.iheart.com")
(host == "iheart.com")
(host == "nick.mtvnimages.com")
(host == "sni-vh.akamaihd.net")
(host == "api.segment.io")
(host == "www.vevo.com")
(host == "vevo.com")
(host == "apiv2.vevo.com")
(host == "songza.com")
(host == "new.songza.com")
(host == "www.daisuki.net")
(host == "bngn-vh.akamaihd.net")
(host == "bngnwww.b-ch.com")
(host == "www.hbogo.com")
(host == "catalog.lv3.hbogo.com")
(host == "profile.lv3.hbogo.com")
(host == "profile.hbogo.com")
(url.indexOf(".lv3.hbogo.com") != -1)
(host == "register.hbogo.com")
(host == "play.hbogo.com")
(host == "smetrics.hbogo.com")
(url.indexOf(".lv3.cdn.hbo.com") != -1)
(host == "comet.api.hbo.com")
(host == "play.google.com")
(host == "checkout.google.com")
(host == "store.google.com")
(host == "apis.google.com")
(host == "amc350888def-vh.akamaihd.net")
(host == "a564avoddashnsus-a.akamaihd.net")
(host == "atv-ps.amazon.com")
(host == "www.amazon.com")
(host == "amazon.com")
(host == "fls-na.amazon.com")
(host == "phds-vod.cdn.turner.com")
(host == "token.vgtf.net")
(host == "www.ondemandkorea.com")
(host == "www.fxnetworks.com")
(host == "fxvcms-f.akamaihd.net")
(host == "tvetelemundo-vh.akamaihd.net")
(host == "feed.theplatform.com")
(host == "fsvideohds-vh.akamaihd.net")
(host == "watchable.com")
(host == "cilhlsvod-f.akamaihd.net")
(host == "oxygenvod-vh.akamaihd.net")
(host == "tvesyfy-vh.akamaihd.net")
(host == "www.smithsonianchannel.com")
(host == "brightcove01.brightcove.com")
(host == "edge.api.brightcove.com")
(host == "www.eonline.com")
(host == "link.theplatform.com")
(host == "api.listenlive.co")
(host == "playerservices.streamtheworld.com")
(host == "player.listenlive.co")
(url.indexOf("live.streamtheworld.com") != -1)
(host == "www.cartoonnetwork.com")
(host == "www.viki.com")
(host == ""www.viki.com")
(host == "www.origin.com")
(host == "ht.cdn.turner.com")
(host == "aolvideoshd-vh.akamaihd.net")
(host == "syn.5min.com")
(host == "stvideos.5min.com")
(host == "www.showtime.com")
(host == "secure.showtime.com")
(url.indexOf(".vgtf.net") != -1)
(host == "phds-live.cdn.turner.com")) { return 'PROXY us-node.proxmate.me:8008' } else if ((host == "livestreams.omroep.nl")
(host == ".npostreaming.nl")
(host == "ida.omroep.nl")
(host == "npoplayer.omroep.nl")
(host == "www.zapp.nl")
(host == "tellerapi.omroep.nl")
(host == "e.omroep.nl")
(url.indexOf("proxmate=nl") != -1)) { return 'PROXY nl-node.proxmate.me:8008' } else if ((host == "tvthek.orf.at")
(host == "apasfiisl.apa.at")
(host == "orf.oewabox.at")
(host == "atvplus.oewabox.at")
(host == "cdn.atv.at")
(url.indexOf("proxmate=at") != -1)
(host == "hdsvodsportsman-vh.akamaihd.net")
(host == "streamaccess.unas.tv")
(host == "www.laola1.tv")
(host == "www.livestation.com")
(host == "livestation.com")
(url.indexOf(".emigrantas.tv") != -1)) { return 'PROXY at-node.proxmate.me:8008' } else if ((host == "netflix.com")
(host == "www.netflix.com")
(host == "cbp-us.nccp.netflix.com")
(host == "secure.netflix.com")
(host == "api-global.netflix.com")
(host == "ichnaea.netflix.com")
(host == "customerevents.netflix.com")
(host == "s.thebrighttag.com")
(url.indexOf("proxmate=us") != -1)
(url.indexOf("proxmate=us") != -1)) { return 'PROXY usnet-node.proxmate.me:8008' } else if ((host == "s.hulu.com")
(host == "www.funimation.com")
(host == "wpc.8c48.edgecastcdn.net")
(host == "southpark.cc.com")
(host == "api.utils.watchabc.go.com")
(host == "www.dramafever.com")
(host == "www.logotv.com")
(host == "api.watchabc.go.com")
(host == "theanimenetwork.com")
(host == "huluim.com")
(host == "www.hulu.com")
(host == "t2.hulu.com")
(host == "urlcheck.hulu.com")
(host == "t.hulu.com")
(host == "s.hulu.com")
(host == "play.hulu.com")
(host == "t2.huluim.com")) { return 'PROXY ush-node.proxmate.me:8008' } else if ((host == "player.ooyala.com")
(host == "l.ooyala.com")) { return 'PROXY auv-node.proxmate.me:8008' } else if ((host == "web-api-us.crackle.com")
(host == "legacyweb-us.crackle.com")) { return 'PROXY us2-node.proxmate.me:8000' } else if ((host == "counter.yadro.ru")
(host == "turbik.tv")
(host == "player.rutv.ru")
(host == "api.rutv.ru")
(host == "cdnng.v.rtr-vesti.ru")
(host == "player.vgtrk.com")
(url.indexOf("proxmate=ru") != -1)
(host == "stream.1tv.ru")
(host == "mobdrm.1tv.ru")) { return 'PROXY ru-node.proxmate.me:8008' } else if ((host == "security.video.globo.com")
(host == "api.globovideos.com")
(host == "s.videos.globo.com")
(host == "gshow.globo.com")
(host == "voddownload02.video.globo.com")
(host == "secure.nuuvem.com")) { return 'PROXY br-node.proxmate.me:8008' } else { return 'DIRECT'; }}"
FF Extension: (MEGA) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\firefox@mega.co.nz.xpi [2017-01-08]
FF Extension: (Proxmate) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-04-17]
FF Extension: (Adblock Plus) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-4016113358-843845156-2686539769-1000: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (uBlock Origin) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-20]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-09-30] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [180224 2017-01-08] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4649000 2015-09-16] (Binary Fortress Software)
R2 Ds3Service; C:\Program Files\PS3 Controllers\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-18] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-07] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-07] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-09-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2016-09-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 cdrombus; C:\Windows\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Windows (R) Codename Longhorn DDK provider)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [62576 2008-12-01] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41096 2008-12-01] (Your Corporation)
S3 MADFUMIDISPORT2010; C:\Windows\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-08] (Malwarebytes)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 20:51 - 2017-01-08 20:51 - 00039857 _____ C:\Users\Marvin\Desktop\FRST.txt
2017-01-08 20:50 - 2017-01-08 20:51 - 00000000 ____D C:\FRST
2017-01-08 20:50 - 2017-01-08 20:50 - 02419200 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
2017-01-08 20:49 - 2017-01-08 20:49 - 00019582 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-01-08 20:49 - 2017-01-08 20:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARVINS_PC-Windows-7-Ultimate-(64-bit).dat
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\RegBackup
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-01-08 20:48 - 2017-01-08 20:49 - 05766144 _____ (Tweaking.com) C:\Users\Marvin\Downloads\tweaking.com_registry_backup_setup.exe
2017-01-08 20:36 - 2017-01-08 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-08 20:15 - 2017-01-08 20:15 - 00602112 _____ (OldTimer Tools) C:\Users\Marvin\Downloads\OTL.exe
2017-01-08 16:49 - 2017-01-08 16:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-08 16:49 - 2017-01-08 16:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-08 16:49 - 2017-01-08 16:49 - 00002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 16:49 - 2017-01-08 16:49 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-08 16:48 - 2017-01-08 16:48 - 01065376 _____ (Google Inc.) C:\Users\Marvin\Downloads\ChromeSetup.exe
2017-01-08 16:17 - 2017-01-08 16:47 - 00000000 ____D C:\Users\Marvin\AppData\Local\UVFmedia
2017-01-08 16:17 - 2017-01-08 16:17 - 00000000 ____D C:\Program Files\LAT8TQJDDX
2017-01-08 16:16 - 2017-01-08 16:16 - 00000000 ____H C:\Windows\system32\BIT5D78.tmp
2017-01-08 16:16 - 2017-01-08 16:16 - 00000000 ____D C:\Program Files\IJD61O2L61
2017-01-08 15:50 - 2017-01-08 20:50 - 00000000 ____D C:\Users\Marvin\Desktop\WHEN SHIT GOES WRONG
2017-01-08 15:43 - 2017-01-08 20:12 - 00000000 ____D C:\AdwCleaner
2017-01-08 15:43 - 2017-01-08 15:43 - 03988944 _____ C:\Users\Marvin\Downloads\adwcleaner_6.042.exe
2017-01-08 15:29 - 2017-01-08 15:29 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-08 15:25 - 2017-01-08 20:09 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-08 15:23 - 2017-01-08 19:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-08 15:23 - 2017-01-08 15:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-08 15:23 - 2017-01-08 15:23 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-08 15:23 - 2017-01-08 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-01-08 15:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-01-08 15:22 - 2017-01-08 15:22 - 01496584 _____ C:\Users\Marvin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-08 15:22 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-08 15:21 - 2017-01-08 15:21 - 01496584 _____ C:\Users\Marvin\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe
2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Windows\system32\SSL
2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Users\Marvin\AppData\Local\Downloaded Installations
2017-01-08 15:20 - 2017-01-08 15:20 - 00003090 _____ C:\Windows\System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902}
2017-01-08 15:20 - 2017-01-08 15:20 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Ergickmidution
2017-01-08 14:14 - 2017-01-08 16:47 - 00000000 ____D C:\Users\Marvin\AppData\Local\Upmedia
2017-01-08 14:14 - 2017-01-08 15:32 - 00000000 ____D C:\Program Files (x86)\Mapadomcoaveck
2017-01-08 14:14 - 2017-01-08 14:15 - 00000000 ____D C:\Program Files\EET2FMBFLG
2017-01-08 14:14 - 2017-01-08 14:14 - 00006056 _____ C:\Windows\System32\Tasks\Wuzapyfuqerch Update
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____H C:\Windows\system32\BIT91AC.tmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\system32\sstmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 _____ C:\TOSTACK
2017-01-05 22:53 - 2017-01-05 22:53 - 02137268 _____ C:\Windows\f45a21687b2122533a920d405cd65568.exe
2017-01-05 20:48 - 2017-01-05 22:26 - 01445154 _____ C:\Users\Marvin\Desktop\Die Einführung des Mindestlohns.pptx
2017-01-02 13:54 - 2017-01-02 20:11 - 04767777 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation (1).pptx
2017-01-02 13:10 - 2017-01-02 14:52 - 00000000 ____D C:\Users\Marvin\Documents\Darkest
2017-01-02 13:09 - 2017-01-02 13:09 - 00003332 _____ C:\Windows\System32\Tasks\SessionControlAgent
2017-01-02 13:09 - 2017-01-02 13:09 - 00000937 _____ C:\Users\Marvin\Desktop\Darkest Dungeon.lnk
2017-01-02 12:57 - 2017-01-02 12:57 - 00015026 _____ C:\Users\Marvin\Downloads\Darkest_Dungeon_2016_RPG-CODEX.torrent
2017-01-02 12:56 - 2017-01-02 12:56 - 04510004 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation.pptx
2016-12-29 18:19 - 2016-12-29 18:19 - 00069878 _____ C:\Users\Marvin\Downloads\15696174_10210872013973089_1280108056_o.jpg
2016-12-29 18:18 - 2016-12-29 18:18 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG (2).PDF
2016-12-29 18:12 - 2017-01-03 00:44 - 00000000 ____D C:\Users\Marvin\Desktop\Virtual Reality Präsentation
2016-12-29 13:47 - 2016-12-29 13:47 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\SmartSteamEmu
2016-12-29 13:42 - 2016-12-29 13:42 - 00000000 ____D C:\Users\Marvin\AppData\LocalLow\Monomi Park
2016-12-28 19:51 - 2016-12-28 19:51 - 00077824 _____ ( ) C:\Users\Marvin\Downloads\guiformat.exe
2016-12-28 19:19 - 2016-12-28 19:19 - 00188133 _____ C:\Users\Marvin\Downloads\Fat32FormatterEN.zip
2016-12-22 19:56 - 2016-12-22 19:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\AMD
2016-12-22 19:30 - 2016-12-22 19:30 - 00013254 _____ C:\Users\Marvin\Downloads\American_Dad_-_Season_13.torrent
2016-12-22 19:12 - 2016-12-22 19:12 - 00014039 _____ C:\Users\Marvin\Downloads\American_Dad_-_Season_12_-_1080P_-_WEB-DL_-_X265-HEVC_-_O69.torrent
2016-12-22 19:11 - 2016-12-22 19:11 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv] (1).torrent
2016-12-22 19:09 - 2016-12-22 19:09 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv].torrent
2016-12-22 14:02 - 2016-12-22 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 19:42 - 2016-12-21 19:54 - 82345072 _____ C:\Users\Marvin\Downloads\Ace_Stream_Media_3.1.12.1.exe
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-18 23:46 - 2016-12-18 23:46 - 11273864 _____ C:\Users\Marvin\Downloads\AerialTraining.zip
2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\UnrealEngine
2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\DeadByDaylight
2016-12-18 19:02 - 2016-12-18 18:54 - 00395024 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-12-17 14:51 - 2016-12-17 19:28 - 00000000 ___RD C:\Users\Marvin\Desktop\Drum Rack DnB Project
2016-12-16 13:54 - 2016-12-16 13:54 - 00000000 ____D C:\Users\Marvin\Desktop\.midi files
2016-12-15 16:05 - 2016-12-15 16:41 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\discord
2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Local\Discord
2016-12-15 16:04 - 2016-12-15 16:05 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Marvin\Downloads\DiscordSetup.exe
2016-12-14 14:36 - 2016-11-21 19:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-14 14:36 - 2016-11-21 19:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-14 14:36 - 2016-11-21 19:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-14 14:36 - 2016-11-20 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-14 14:36 - 2016-11-20 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-14 14:36 - 2016-11-20 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-14 14:36 - 2016-11-20 16:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-14 14:36 - 2016-11-20 15:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 14:36 - 2016-11-17 17:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-14 14:36 - 2016-11-10 17:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 14:36 - 2016-11-10 17:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 14:36 - 2016-11-09 17:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-14 14:36 - 2016-11-09 17:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-14 14:36 - 2016-11-09 17:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-14 14:36 - 2016-11-09 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-14 14:36 - 2016-11-06 17:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 14:36 - 2016-11-06 17:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 14:36 - 2016-11-06 17:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 14:36 - 2016-10-27 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-14 14:36 - 2016-10-27 16:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-14 14:36 - 2016-10-11 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-14 14:36 - 2016-10-11 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-14 14:36 - 2016-10-11 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-14 14:36 - 2016-10-11 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-14 14:36 - 2016-10-11 16:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-14 14:36 - 2016-10-11 16:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 14:36 - 2016-10-11 16:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-14 14:36 - 2016-10-11 16:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 14:36 - 2016-10-11 15:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-14 14:36 - 2016-10-11 15:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-14 14:36 - 2016-10-11 15:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-14 14:36 - 2016-10-11 15:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-14 14:36 - 2016-10-11 15:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-14 14:36 - 2016-10-11 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 14:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 14:36 - 2016-10-11 14:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-14 14:36 - 2016-10-08 14:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-14 14:36 - 2016-10-04 16:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-13 12:59 - 2016-12-13 12:59 - 00000000 ____D C:\Users\Marvin\AppData\Local\Chromium
2016-12-11 19:11 - 2016-12-11 20:41 - 00000000 ___RD C:\Users\Marvin\Desktop\We gon try this again Project
2016-12-11 18:21 - 2016-12-11 18:21 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG (1).PDF
2016-12-11 13:58 - 2016-12-11 13:58 - 00000000 ____D C:\Users\Marvin\AppData\LocalLow\Daedalic Entertainment GmbH
2016-12-11 13:58 - 2016-12-11 13:58 - 00000000 ____D C:\Users\Marvin\AppData\Local\Daedalic Entertainment GmbH
2016-12-11 13:53 - 2016-12-11 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment GmbH
2016-12-11 13:18 - 2016-12-11 13:18 - 00001338 _____ C:\Users\Marvin\Downloads\Shadow_Tactics_Blades_of_the_Shogun-FLT.sfdl
2016-12-10 13:42 - 2016-12-10 13:42 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG.PDF
2016-12-09 15:09 - 2016-12-09 15:09 - 00013444 _____ C:\Users\Marvin\Downloads\Virtual-Reality-im-Unternehmensbereich.docx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-08 20:47 - 2016-04-06 17:24 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-08 20:36 - 2015-09-05 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-08 20:25 - 2015-09-07 00:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-08 20:12 - 2015-09-05 22:31 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\TS3Client
2017-01-08 20:09 - 2015-09-18 13:58 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\vlc
2017-01-08 19:14 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-08 19:14 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-08 19:12 - 2015-09-13 14:16 - 00000000 ____D C:\Windows\system32\MRT
2017-01-08 19:12 - 2015-09-05 14:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-08 19:12 - 2009-07-14 06:13 - 00743506 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-08 19:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-08 19:10 - 2015-09-13 14:16 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-08 19:07 - 2016-04-06 17:26 - 00000000 ___RD C:\Users\Marvin\Dropbox
2017-01-08 19:06 - 2016-04-06 17:24 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-08 19:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-08 19:05 - 2016-08-31 12:44 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-01-08 18:52 - 2015-09-18 23:51 - 00000000 ____D C:\Users\Marvin\AppData\Local\Battle.net
2017-01-08 16:49 - 2015-09-05 14:40 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-08 16:48 - 2015-09-18 23:49 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-08 16:22 - 2015-09-18 23:27 - 00000000 ____D C:\Users\Marvin\AppData\Local\Spotify
2017-01-08 16:22 - 2015-09-18 23:25 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Spotify
2017-01-08 16:19 - 2015-09-05 14:54 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-08 16:17 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-01-08 14:31 - 2015-09-05 22:16 - 00000000 ____D C:\Users\Marvin\AppData\Local\ElevatedDiagnostics
2017-01-05 20:41 - 2015-09-23 20:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\CrashDumps
2017-01-03 14:46 - 2015-09-28 17:52 - 00000000 ____D C:\ProgramData\Origin
2017-01-03 14:44 - 2015-09-28 17:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Origin
2017-01-02 22:20 - 2015-09-10 15:32 - 00000000 ____D C:\Program Files\PeerBlock
2017-01-02 13:03 - 2015-09-15 23:04 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\uTorrent
2016-12-30 22:17 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-12-29 13:46 - 2015-10-14 10:10 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2016-12-28 20:17 - 2016-04-18 17:44 - 00000000 ____D C:\Users\Marvin\AppData\Local\Windows Live
2016-12-22 16:13 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-12-22 14:02 - 2016-04-06 17:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-19 20:48 - 2016-08-11 17:53 - 00000000 ____D C:\Windows\rescache
2016-12-17 21:14 - 2016-07-22 10:14 - 00000000 ____D C:\Users\Marvin\Documents\ManiaPlanet
2016-12-17 21:06 - 2016-07-22 10:14 - 00000000 ____D C:\ProgramData\ManiaPlanet
2016-12-15 16:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-15 16:48 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\assembly
2016-12-15 16:05 - 2016-01-04 18:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\SquirrelTemp
2016-12-15 08:51 - 2015-09-05 16:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-15 08:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\winsxs
2016-12-15 08:19 - 2009-07-14 03:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-15 08:18 - 2009-07-14 05:45 - 00509392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\en-US
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-15 00:17 - 2015-09-05 14:41 - 00734476 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-14 14:44 - 2015-09-06 20:15 - 00013553 _____ C:\Users\Marvin\Desktop\Pushups Crunches.xlsx
2016-12-14 14:37 - 2015-09-07 11:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 14:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-13 19:25 - 2015-09-07 00:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 19:25 - 2015-09-07 00:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 19:25 - 2015-09-07 00:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 19:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 12:59 - 2015-09-05 14:57 - 00000000 ____D C:\Users\Marvin\AppData\Local\Steam
2016-12-12 23:52 - 2015-12-29 19:00 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Skype
2016-12-11 13:42 - 2015-12-01 13:55 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\SFDL.NET 2
2016-12-09 17:51 - 2016-12-06 15:07 - 00000000 ___RD C:\Users\Marvin\Desktop\White Blood Project

==================== Files in the root of some directories =======

2015-09-17 00:20 - 2015-09-17 00:20 - 0000037 ___SH () C:\Users\Marvin\AppData\Local\20986331705021ca58edc424.96250074
2016-02-19 10:56 - 2016-02-19 10:56 - 0000036 _____ () C:\Users\Marvin\AppData\Local\housecall.guid.cache
2016-01-03 00:59 - 2016-01-05 23:07 - 0007600 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
2015-09-18 16:55 - 2015-09-18 16:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-05 14:45 - 2015-09-05 14:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-07 21:48

==================== End of FRST.txt ============================


Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Marvin (08-01-2017 20:51:45)
Running from C:\Users\Marvin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-09-05 13:38:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4016113358-843845156-2686539769-500 - Administrator - Disabled)
Guest (S-1-5-21-4016113358-843845156-2686539769-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4016113358-843845156-2686539769-1002 - Limited - Enabled)
Marvin (S-1-5-21-4016113358-843845156-2686539769-1000 - Administrator - Enabled) => C:\Users\Marvin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM\...\{F6BA3E9F-8637-4DCE-BBA8-75A6A57A9D0B}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Skybox Labs)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Analog Lab 1.2.3 (HKLM-x32\...\Analog Lab_is1) (Version: 1.2.3 - Arturia)
Arturia Software Center 1.2.1 (HKLM-x32\...\Arturia Software Center_is1) (Version: 1.2.1 - Arturia)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bionic Dues (HKLM-x32\...\Steam App 238910) (Version: - Arcen Games, LLC)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.4 - Codeusa Software)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Catalyst Control Center Next Localization BR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DARK SOULS II - Scholar of the First Sin (HKLM-x32\...\DARK SOULS II - Scholar of the First Sin_is1) (Version: - )
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version: - )
DARK SOULS™ II: Scholar of the First Sin (HKLM\...\Steam App 335300) (Version: - FromSoftware, Inc)
Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version: - )
Darksiders II: Deathinitive Edition (HKLM\...\Steam App 388410) (Version: - Gunfire Games)
Darksiders Warmastered Edition (HKLM\...\Steam App 462780) (Version: - KAIKO)
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Discord (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
DisplayFusion 7.3 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.0.0 - Binary Fortress Software)
Distance (HKLM-x32\...\Steam App 233610) (Version: - Refract)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version: - Crows Crows Crows)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DuelystLauncher (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\launcher) (Version: 0.0.9 - Counterplay Games Inc.)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.0.0.2 - GOG.com)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.45.44416 - Electronic Arts)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FlatOut 2 (HKLM\...\Steam App 2990) (Version: - Bugbear Entertainment)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
GameRanger (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\GameRanger) (Version: - GameRanger Technologies)
Gaming Mouse Editor (HKLM-x32\...\GamingMouseEditor) (Version: 13.04.0002 - )
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Industry Giant 2 (HKLM\...\aW5kdXN0cnlnaWFudDI_is1) (Version: 1 - )
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Mafia III (HKLM-x32\...\Mafia III_is1) (Version: - )
MAGIX Common Components 1 (HKLM-x32\...\{38BF501B-F285-4A3B-99E2-09F58A130A59}) (Version: 1.7.0.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 2 (x32 Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B396DA26-0959-44BA-812B-2E6AF4F678E1}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MIDI Control Center 1.2.2 (HKLM-x32\...\MIDI Control Center_is1) (Version: 1.2.2 - Arturia)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 de)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version: - )
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Need For Speed Most Wanted Black Edition version 1.3.0.0 (HKLM-x32\...\Need For Speed Most Wanted Black Edition_is1) (Version: 1.3.0.0 - Mr DJ)
Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.1.0.0 - Electronic Arts)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Pazera Free MKV to AVI Converter 1.4 (HKLM-x32\...\{EDFA6B29-7667-4FD2-86F3-9835AFCE837A}_is1) (Version: 1.4 - Jacek Pazera)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Project Highrise (HKLM-x32\...\2018730457_is1) (Version: 2.0.0.4 - GOG.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2461 - )
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version: - Microsoft Studios)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Shadow Tactics - Blades of the Shogun 1.1.2 (HKLM-x32\...\{BB762706-65FA-44C1-B2BB-EF29CA88D7CE}_is1) (Version: 1.1.2 - Daedalic Entertainment GmbH)
Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version: - )
Skyborn (HKLM-x32\...\Steam App 278460) (Version: - Dancing Dragon Games)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SNOW (HKLM\...\Steam App 244930) (Version: - Poppermost Productions)
SONAR 8.0 Producer Edition (HKLM-x32\...\SONAR8Producer_x64_is1) (Version: 17.0 - Cakewalk Music Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold (HKLM-x32\...\{97A19679-4C07-4B34-8ACB-D5565C3440FC}) (Version: - )
Stronghold Crusader Extreme HD (HKLM\...\Steam App 16700) (Version: - Firefly Studios)
Stronghold Crusader HD (HKLM\...\Steam App 40970) (Version: - FireFly Studios)
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.4.0.5 - GOG.com)
Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Room (HKLM-x32\...\The Room_is1) (Version: - Fireproof Games)
The Room Two (HKLM\...\Steam App 425580) (Version: - Fireproof Games)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight Ltd.)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
This Is the Police (HKLM-x32\...\This Is the Police_is1) (Version: - )
TOXIKK (HKLM\...\Steam App 324810) (Version: - Reakktor Studios)
Trine 2 (HKLM\...\Steam App 35720) (Version: - Frozenbyte)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-5e1b7663-0639-46c5-882c-a64cefc97f4d) (Version: - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
USB Network Joystick (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: V3.70a - )
Velocibox (HKLM-x32\...\Steam App 317710) (Version: - Shawn Beck)
Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
White Night (HKLM-x32\...\White Night_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Goo (HKLM\...\Steam App 22000) (Version: - 2D BOY)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015D408D-BFF6-437D-86FD-B4E1CD58743B} - System32\Tasks\Wuzapyfuqerch Update => C:\Program Files (x86)\Mapadomcoaveck\vazering.exe [2017-01-08] (Glarysoft Ltd)
Task: {2075174D-DA69-43F3-B9AC-DB550763ABAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {476E2E3D-7994-4604-83C4-054AF01BD337} - System32\Tasks\SessionControlAgent => C:\windows\mfdvdec.exe
Task: {4F0AE84A-66A1-4265-A761-E8A418FA8722} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
Task: {63E4E2EA-492C-41FB-BF97-AE7231771156} - System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
Task: {72D72D62-605D-4038-8B0D-BA0D4EEC48EE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
Task: {A6ECCEEE-5AEE-416B-8968-7A0D124938D0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
Task: {BD6F6ECA-881B-4477-8788-59E26BCE7DBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
Task: {FAC70300-0CF5-4A75-A198-4F098D1518F3} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-08-11] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-29 23:49 - 2015-09-29 23:49 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-01-08 16:16 - 2017-01-08 16:16 - 00369664 _____ () C:\Program Files\IJD61O2L61\IJD61O2L6.exe
2017-01-08 16:17 - 2017-01-08 16:17 - 00369664 _____ () C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
2017-01-08 14:14 - 2017-01-08 14:14 - 00117561 _____ () C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
2016-06-22 13:09 - 2008-12-10 10:10 - 00796784 _____ () C:\Windows\USB Vibration\7906\USB Gamepad.exe
2015-10-01 21:19 - 2016-09-05 13:30 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-01-08 15:22 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-08 16:49 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-08 16:49 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-08 14:14 - 2017-01-08 14:14 - 00180224 _____ () c:\program files (x86)\mapadomcoaveck\bmssch.dll
2016-08-11 09:22 - 2016-08-11 09:22 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2015-09-05 14:57 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 13:13 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-04-06 17:25 - 2016-11-11 21:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-04-06 17:25 - 2016-11-11 21:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-22 14:02 - 2016-11-11 21:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-04-06 17:25 - 2016-11-11 21:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-22 14:02 - 2016-11-11 21:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-04 23:23 - 2016-11-11 21:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-22 14:02 - 2016-11-11 21:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-22 14:02 - 2016-12-21 19:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-22 14:02 - 2016-12-21 19:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-04-06 17:25 - 2016-11-11 21:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-22 14:02 - 2016-11-11 21:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-22 14:02 - 2016-11-11 21:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-22 14:02 - 2016-12-21 19:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-01-08 15:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-01-08 15:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-01-08 15:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-13 12:59 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-09-05 14:57 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-01-08 15:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-01-08 15:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\In Praise of Idleness.docx:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-01-08 16:16 - 00003762 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com (http://www.czzsyzgm.com)
127.0.0.1 www.czzsyzxl.com (http://www.czzsyzxl.com)
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com (http://www.czzsyzgm.com)
127.0.0.1 www.czzsyzxl.com (http://www.czzsyzxl.com)
127.0.0.1 union.baidu2019.com
34.195.153.94 www.google-analytics.com (http://www.google-analytics.com)
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com

There are 55 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Local\DisplayFusion\Wallpaper_1
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2C67024C-DC4B-4314-9C8B-057AE5ABCCE8}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52C9B7A2-64FC-4CE1-BE7D-258A25741A08}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD82BC66-3211-4AFF-AB15-A20EE4F7E229}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14E327E9-4066-49A2-8544-495618EE2CDE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{129DBF11-1F8C-497C-AA60-16B561D33EEA}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{169051FB-0C5F-4F54-BC54-4932336D2AB0}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{078093FA-5DAE-4ED3-A4CF-F4E5E7D2CB26}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{9FD1C2D6-7906-4318-A23C-E192FBD43156}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{E553F81E-6859-4F48-8BD2-2B1027A62D75}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E930793D-DE5A-4CA0-B77B-EAF8F6F960D4}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C335B409-E9C8-4696-98D0-FDB4F87DDC36}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{AE233376-CDF0-4D65-BA6A-D33D6365EDC9}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{96230585-A1DA-4710-AF5C-1304C89991D5}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{009D2D9A-0A85-4A44-B40F-73A12D35D250}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8C9891A1-1FA2-477C-BA45-A25FB9B92113}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{F93FD07B-352B-4010-B2CB-1839EFF573C7}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{520998B0-63E3-43A0-A903-3D21DF510F79}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
FirewallRules: [{FD148EBC-ABAF-4294-9F3E-8C76090C81EF}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
FirewallRules: [{4A803132-5785-4794-893E-ACA9815A0168}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83E60C6D-B439-4AD8-9B63-26360FC9002D}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD92F503-5E4B-4DB2-A168-B102BA7BB6BA}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C44DA4A-40FB-4AD2-87D9-1CB8426EFED0}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5D217C4-4EDB-4251-BC68-C42F3E0E8818}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5769C73-527D-4FE5-B2B2-D7A25EE96410}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0457E1B-4D27-4302-9D5A-A67794A081CB}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{018665DB-381B-4249-8A7C-88C910A5A92F}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{54458FA4-6EB8-42CC-A80B-FADEAB620123}] => F:\FSetup.exe
FirewallRules: [{BEA043F3-AB1B-4988-85F0-4F6B06C4223E}] => F:\FSetup.exe
FirewallRules: [{14F65062-EB39-4798-9D8A-4D5A865F06B5}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F33CCFB0-60C6-4F2B-998D-0996993D8DD4}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F7270DDA-B899-4893-A56D-642AC3120C51}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{3D086A43-BE50-472F-A1C1-3C8D1E2960FC}] => LPort=5357
FirewallRules: [{22C31F31-C114-49DD-96E9-CE31BA4A42AD}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{54FC33AE-AE9E-4ECF-8184-41857E10B6EA}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BD5A772D-7E44-4759-88BA-48E4A5F96BB5}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{60D11025-A6F7-41DD-8791-AAB06D7F61A6}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
FirewallRules: [{007CC6DF-CC7F-4BA5-BA31-40B240518B72}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
FirewallRules: [{681930F8-C1C6-429C-A186-9A2F769D7D63}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{FE48D0CF-EC49-4097-A142-ED3C5547BC19}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [TCP Query User{647A6EFE-B391-4B64-8951-4EEF599154A4}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{A5F2208D-30E9-49D1-B908-5C959896B1CA}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [{2B504F76-0490-4133-BCBF-5675D3CF0D13}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{B6657BBB-6EBE-4FBA-AADC-973EFEE18990}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{30DA0CC5-6031-49A7-8478-6D4423165B57}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{61AEC935-F92E-4BC0-B732-594F00592BF5}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{FF174677-EDC1-4CE9-94C4-CBEF8A5C2F81}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{014B0979-388C-4777-91AC-801E0E6F89AA}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CCA7CDEB-C500-460E-AE48-A3A68DA060A9}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{311DD911-DC6B-4259-A70B-97694993B5D7}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40F1223A-5435-4EB0-90A7-7D74F4EB51F5}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{A742BC14-4049-4014-BA4D-F3B48792F747}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [TCP Query User{01352EF0-7CB0-49BE-8589-EF386A74FFB5}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [UDP Query User{75D3C9EB-9B38-4358-94E5-4C62D5A6A767}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [{06291B2E-0FB5-4483-B9F0-1D6387714701}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{22583C7A-FB6E-47B6-A2ED-9DCAD531BD51}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{198581A9-1D51-4E9B-AF2A-F55FC1A06106}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{DB0FA115-A0AC-44B0-BFFC-CE32C388E04F}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{5756E919-A02F-42FA-8DA2-3C58C9988CCD}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
FirewallRules: [{A6481242-7297-4090-BD13-1775ADD7A08B}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
FirewallRules: [{E1B3C425-7A16-4AEF-86A9-FFA6FE518590}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
FirewallRules: [{07E23BBF-B0AC-4D8E-9E9B-9EB78818554D}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
FirewallRules: [{0A1D96D5-3C6F-43FB-B3E5-4C229AE224C5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E1B76222-696E-4889-8692-D1A2F162E6E3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{945393B7-0AB3-4867-A835-CFDA8A5D9CA5}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{6800929E-6C93-4D0C-B46D-89C7C172F8E3}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{2681F1A1-F6F4-4CF0-ADE4-591E5C281A3E}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
FirewallRules: [{C18C9176-B8B6-47FF-A573-A35925CF04A1}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
FirewallRules: [{AF66DE81-46C8-4BC0-A8E0-4DCBA79747CA}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
FirewallRules: [{B0852FD9-1130-4FC4-8A6E-2FFF291AE5D1}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
FirewallRules: [{69A0E37D-3266-45B2-BBCA-DA7312B41049}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9AF6C141-AF24-4985-A26E-FFA0149C8E60}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2C340C38-0B26-4BA8-8449-50F45EF51956}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E6620324-6937-4A32-9DCF-FD5AA0EC06F3}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{6C67B8D7-6D29-46E7-8C9F-C5CA4A2AA24E}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{C1C44579-42E9-45DE-8718-75E7555A834B}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{49D0AF96-8BA0-498D-82F0-6BED639B3F00}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{43E90CDC-71DE-463D-B12D-1A75D722412D}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{12BAE19A-1AA1-44FB-BE77-8960E239E938}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{16E8671D-B9D1-4115-861C-4C167191E8D2}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{C19518B1-FB8E-4656-8B09-36379EDBAB17}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [UDP Query User{9C3F3F23-32BA-4B53-AED4-671063BE47DD}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [TCP Query User{0D50C0B1-AE55-4CDC-A8E2-83FE8CCA1A40}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
FirewallRules: [UDP Query User{600D271E-D530-45C6-BDA2-5BD835F3CBCC}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
FirewallRules: [{DF9637FE-9271-4755-83CA-64EC22124DCC}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A4640C5F-93EF-475F-A849-544277DA8FBD}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BC065E74-9DFB-44F7-9093-3E8B5D901608}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9C45B3AC-4CB2-459A-8422-778B25383CB9}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{5E83E391-249A-4DB4-BE6C-F854329B3442}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{2FF6C920-B74A-4E0D-819E-D56337F2EB23}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{E27BAD56-AB74-4D21-A893-336DD260CACE}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [{2CABC0C9-2329-4A54-823E-E74629960D96}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{4A2ED845-1DBE-4666-9E54-CFDE0337583A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{763DE35C-D07C-4A62-B596-91BE2DAA1FFD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{7F45ABBA-92AF-4F8D-8BF8-27270D43A9C1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{6003E9CD-A138-4031-B09D-9D65D7BAAFF1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{A79D523A-6610-4CE5-9EF4-0C43F9F0B3DD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{6D24357E-B5EE-42E2-A7BF-ED36973295EB}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{9D9F7801-388C-49AB-82A7-74FFD38BDC4D}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{CC3BEC4B-F9EA-4A41-A74B-DBE5B5ADFE0A}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{DF06961E-9960-4F51-B55F-47624BEEB7DA}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{F15ED7ED-329F-4608-9F58-C420C07DE427}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{E5B1B159-E816-460F-BF5C-8BB6AC88CA6F}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{B443FBA7-2848-4CFC-812E-5151B025666F}] => D:\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{05950F9F-92DE-40E3-B8F0-D5F0B7FED4FF}] => D:\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{8992FF96-67B3-4CAB-BB72-ADE46920965C}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B4E7D120-3B2C-4175-B5A8-0BDDB77B3DF5}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{0AF7D012-5356-4BEA-A25D-A8A5F5525E3D}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{23FCFBDE-AFA6-4D7D-AD8E-58F54863334F}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{B34222C4-CF8D-4912-828B-98D66889BDB0}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{08313B4B-831B-4D22-89C7-A2446F2DC868}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{6EA2A39E-D5CE-4E6F-97B1-FC72AA45D541}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
FirewallRules: [{625DD56D-7837-4399-A13C-8988BBACBB28}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
FirewallRules: [{40891563-B988-46EA-9820-B7C5E464B166}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{50E31DE1-BCEB-43B2-A993-F186683BB640}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{3D9C6597-B922-4202-B955-03224C20A984}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{190A8C82-862C-4A73-B3BD-1F951E22AAF2}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{7219BC4D-3E4F-4576-988B-00DBABE989E7}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{0694F81E-A89C-4A66-977E-7F5CF48BE772}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{7CA5FEF0-87EA-4438-9DD0-17B73E15EAE5}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{D636D9FA-939C-4B65-A172-66F716596E13}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{3CDF4703-E5D5-4713-8862-17CA78560788}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{EAFF5FFF-7F7C-46CD-BAD7-84E1011B35AF}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [TCP Query User{55482BD3-AA22-4146-AA31-442043D5DDF9}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
FirewallRules: [UDP Query User{CE7A66C2-99D4-4A01-9C2E-DA0E4D070019}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
FirewallRules: [{BD410568-C2D8-4E75-B531-B9981040E885}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C6C5A191-9C82-4C67-B429-EA617663A79F}] => LPort=2869
FirewallRules: [{20479539-82B1-413E-8E2E-9FDE981C278A}] => LPort=1900
FirewallRules: [{21CC8884-23C9-440F-B3FC-8054362CEF46}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
FirewallRules: [{58D02992-1E07-43F8-86BD-440A307566FF}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
FirewallRules: [TCP Query User{DC6D1EED-0862-4BA2-B3CF-13D041B47EB2}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{541CC553-77EB-40FE-A7EE-350BD99116AA}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
FirewallRules: [{5A52CCD4-9F08-4721-BC33-33143B7BF968}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
FirewallRules: [{D5E5EEFD-2B94-4B86-9B43-19569D6E6218}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
FirewallRules: [{A0B1201F-2DEA-4133-904A-9A3E134C56BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{3FB5DB0B-A1E0-48EF-A7F9-1E11620B88BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{604CA1CF-3DA8-4987-AE2D-8F1AC569A4FE}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{3F247AF4-BCCE-4598-AF4B-F570DDE0DC4F}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{C780D536-056F-46C2-89F9-C75A4AD8D85E}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{44BE9D03-20AF-4F1E-9C20-C00BB9F15CF8}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{C3F8211B-A747-4C36-8FA7-BCD51262422F}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{50D7A03F-AAB7-4D14-9B3C-F7CB78BAC7CB}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{C813053E-85C3-4FCE-A98F-F64AB377515C}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{02AEF83E-A419-4848-9A95-BF8F65230AB4}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{A6270AD3-B51A-4767-B29E-5230302EBC74}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{BB18A7A7-A6AE-41F9-A3D2-3BA26932ABF8}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{62E27FF0-8270-41AE-A1AA-61425B2814CA}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{E2AA4C60-776A-478C-884C-4277DDCB44C5}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [TCP Query User{B36987E6-DA30-41C1-B78F-88FEB396BA37}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{F0EA91A2-71BF-492F-8A89-D459AAA35E2A}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{985B2F18-0DA9-4BE0-9519-79F679DAF809}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{6496500F-62C6-4B53-B07B-F5A3A211FC46}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{3DC9802E-1254-43AA-ACA9-ED0848637A91}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
FirewallRules: [{04B5B5DA-723A-4013-AD21-D79F57877A2C}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
FirewallRules: [TCP Query User{A3BA3E4F-10F1-4871-B872-8D0FBFA3BE0D}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
FirewallRules: [UDP Query User{4C132067-F08A-42B9-AF92-79749DDC6A03}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
FirewallRules: [{130362D6-B9CE-4064-897B-2F85AB365F5E}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{BACF3C9F-C771-40FB-9B3C-5A2BE79A8076}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [TCP Query User{6DC74B46-5DE6-4DEE-99F0-2ECE7EEEDBF6}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{27DDE796-950E-4045-AD88-DDFD83D9AE2A}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6CAFCF52-E329-419A-A260-16B830758CFE}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{E2141F5F-AE7B-4B46-9164-7B97AF28B215}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{157414F4-28E8-414E-8121-BF5BE1627F46}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{13CED9B7-DE2A-4F03-8652-2487A048341E}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{790B1BDF-25FA-454E-9D64-D9487D636CF2}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{F4AE393F-F1BF-497F-8EED-ED76D40F316F}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [TCP Query User{11F1608C-BFF3-47F3-929A-7DD7C89EF38D}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{C9965CC4-661C-4F6F-B4B3-7DD71C96796C}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{2841BF19-E797-4C58-B406-40F14C5F83F3}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [UDP Query User{75B87E49-279D-481E-AB57-53A5FB1F2833}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [{7EC9ED00-0873-4C75-98C7-8B1B633473B1}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB6F2570-1429-41C0-8DDC-22EC64725726}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB7D1C11-C2EA-4466-A264-DB2CBC34A0AD}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D2784565-EED7-413F-A033-4C79CC252477}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{03D858A8-891C-45F4-9ADE-6B03801E9B72}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{58A2C62B-3121-4CCF-B5B8-A724C6D8ABC8}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6931E6E7-A38E-415A-9A10-475B778FD92A}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D18B0565-4C37-4AB0-997F-9215093FDC82}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{68E05207-A717-49D8-B227-6B575701B61C}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{9267A602-1433-435C-AF13-D703F9C957BA}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{A4A353D7-A425-41D6-BFC4-3A085F8808BA}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{A301EB7D-7BD7-4C8E-A414-F5FA3B226930}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{0B217961-2D9E-4F00-A7BD-E6F72648CFD9}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{8B98E7E3-1C8A-465E-BE5E-83412440DD24}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{3ABD7847-D2A9-4274-9D03-FBF5F09D0EA6}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{BDBE934F-3142-416F-B96F-CB24F1C31F67}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{15FB6868-48F4-4F51-A837-A87160D1B72C}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{A8B4C5E4-3156-45B5-8468-6F7629C8CDAC}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [TCP Query User{978249A7-E3CA-4254-AA17-FD7FFC4EDF3D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
FirewallRules: [UDP Query User{972369D7-BF66-41B7-ADFC-FCBCF9908D7D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
FirewallRules: [{C8D576DD-9C55-467F-A9F1-A20256AB7B27}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{E1AE626D-105E-479C-9708-7663599A4724}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [TCP Query User{2130A400-1A75-4E97-8252-B394C98186F0}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
FirewallRules: [UDP Query User{A94C4A47-B01E-426C-9D8F-33E75F426213}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
FirewallRules: [{CC6D2B93-89D0-4C19-A1FD-725069A85B0F}] => D:\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F1694BD4-2917-4867-B2A4-155048B905ED}] => D:\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{AFD55FF9-6C2C-4514-AD82-63B8C7BEF230}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{75750E89-6CEA-44E1-8327-B37BDF9F380B}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{9E6C8FB2-16EF-4122-A53A-1B7AADA907B2}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{CE9D89F1-8B3B-4A78-96AC-18B27FC76425}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{EB0573A6-634F-42A9-8DC3-015C818D0BAF}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{C29F4CB3-CF7E-4909-946B-BE24CE91E86C}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{8CDAEB39-36B6-4964-ABD1-84DAF026AE3C}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9FF1126F-CE84-46F0-97CF-B283362D70CA}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
FirewallRules: [{2A41F4F2-B79A-4047-BE74-9EFA19E292EC}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{3370B26E-1739-400F-A0BC-04D343CA49D1}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{0E1EF994-DE8D-4AF9-B260-D3EB90382EE0}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E8FFAB56-AC8A-40C5-AC11-2A37607C0D90}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A2E6A700-BF36-4C8D-B0AC-44DBE087EB4E}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{499F64A3-381C-49E2-AF09-F10230E83B6D}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{3983C252-EAC3-4D0E-A37D-01EC41D8474E}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
FirewallRules: [{F3FBB721-9D63-4EA8-A938-4C97538C2143}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
FirewallRules: [{46398286-1FEA-426F-9352-7C75E07C02CB}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{60436BA4-6FAE-4446-8D67-FFC7E56952BC}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{D684CC3E-1515-4DA8-9E90-BF08D90E7934}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{77435157-5E03-47C1-8472-50EACA04C981}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{8B18436B-95F7-4998-A0BF-1F102B9AE7D8}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{C09F3631-6BD3-4F25-B747-521A6F57618E}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{1B759394-8789-4751-838D-11F65701AFA4}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{C7F5C3B3-76DF-4300-9BE1-5013C9DB4CEE}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [TCP Query User{0A88EE2A-FF4E-46CA-BF41-0E2EB85B0486}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{DE40AC2E-F40D-4C27-B630-A191B1DE905B}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{B5DDBC43-4B11-4512-805A-E775531D17EB}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{FD8FBE4C-B561-4F5C-B6F0-14CE5AD0CA56}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{7118BBCB-A4F8-466B-93C7-5FB3BA2A4C90}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
FirewallRules: [{1CFF5713-B412-4B15-A9EC-CF7AAF69D257}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
FirewallRules: [{114858E4-0739-48E6-94B8-BC3213F24CD0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F10342DA-92E9-4D88-8D51-61B9267D1D36}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EAEC0EA-C0BB-4E3E-8832-4E544D909F05}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{3F29D248-1DC4-4EFC-8560-0E340DCDDD10}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{CA1C2292-723D-4293-86B5-29BF865C588F}] => D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{B89451EE-ADF6-4063-8614-6B0863BA77C6}] => D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{A5C03161-B532-48BB-82BE-5AC252B0FD34}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{F4C26E9B-1BD7-4740-A63B-3F93CCAFA520}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{2830D4EF-D390-4440-AC61-38F232CBFD10}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{865F1A64-5F18-4C6F-A842-5EA3237CCC24}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{EBBE5780-1B68-47F0-A938-798E0644DD1A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{125EDD41-CEB4-4BE6-BB51-17AA8DFFC594}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{13D6559F-0FE8-472D-9E34-FB3D6212F4CE}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{9F978A16-3502-4FBD-8D72-F5D58AC5B7BF}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{5AD4D3F5-4002-4E09-AE84-477A49FBBF61}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{43C1460F-374A-4D44-A2FB-DD2470405923}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{3B5F0660-1479-4781-8580-F69A0CE5D620}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{C118E5A3-1C55-462B-9785-C4C8C6553341}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{1154AE4E-08F0-4B7B-98A2-03DCD8E16BBA}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{7CD7D6B1-C654-4A9B-8B5E-93A93FA368DB}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{3DE95129-D661-41A7-9093-31DA73F7FB36}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{96EE443A-85B4-4834-8D50-214A05604D52}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8AD68C55-30F1-4739-8CB2-9359FB15CF9D}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{9A92B0CA-3BBA-4D42-8613-1ECB0DD15BFB}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{3988CA20-3C73-4F09-A1EA-DEC8F707F0CD}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{51425A23-ADBF-464E-9D46-8AEA57E1BB88}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [UDP Query User{8CD45599-0FE4-44C4-AB50-7D61AD418F4A}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [TCP Query User{E221ACA7-1FBF-444A-AD79-DD9CAB0F49CE}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [UDP Query User{F999516F-69B3-4131-8DF3-CAB98992EB7A}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [{F44EE477-681E-4B9F-92FF-1F98466C034F}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E750B4EC-C8E4-41B5-9240-8F0EDFFC5BBD}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{11627BC6-5AAC-4944-BC75-4FDB836D1F24}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{4B75732E-6B1F-4D0F-B432-64C1816D8F92}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{122BFDFA-1959-4CAA-93F3-DDA9DC4B5F6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

08-01-2017 15:14:20 Windows Defender Checkpoint
08-01-2017 15:32:43 chip 1-click download service wurde entfernt.
08-01-2017 19:10:23 Windows Update

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/08/2017 07:06:35 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/08/2017 04:45:45 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/08/2017 04:30:58 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/08/2017 04:21:36 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/08/2017 03:46:19 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/08/2017 03:34:56 PM) (Source: chip 1-click download service) (EventID: 0) (User: )
Description: |ERORRS=;(280) error at getVersion:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe

Error: (01/08/2017 03:32:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service Double Spaced Firewall since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (01/08/2017 03:16:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11d8

Start Time: 01d269b958ba9446

Termination Time: 3

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 01262f72-d5ad-11e6-a620-94de807c80e7

Error: (01/08/2017 03:14:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {95764d89-ad32-4c36-a558-be2e89b1a400}

Error: (01/08/2017 03:00:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1304

Start Time: 01d269b74faee6cb

Termination Time: 4

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: d1d88284-d5aa-11e6-a620-94de807c80e7


System errors:
=============
Error: (01/08/2017 07:07:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/08/2017 07:07:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/08/2017 07:07:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (01/08/2017 04:46:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/08/2017 04:46:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/08/2017 04:46:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (01/08/2017 04:31:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/08/2017 04:31:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/08/2017 04:31:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (01/08/2017 04:30:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 12254.28 MB
Available physical RAM: 8473.01 MB
Total Virtual: 24506.75 MB
Available Virtual: 20581.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:15.73 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:16.64 GB) NTFS
Drive e: (Data) (Fixed) (Total:465.76 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 118BED4E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 1B2569FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 255B7F54)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

AswMBR Log:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-01-08 20:54:52
-----------------------------
20:54:52.108 OS Version: Windows x64 6.1.7601 Service Pack 1
20:54:52.109 Number of processors: 8 586 0x200
20:54:52.110 ComputerName: MARVINS_PC UserName: Marvin
20:54:53.170 Initialize success
20:54:53.186 VM: initialized successfully
20:54:53.187 VM: Amd CPU supported
20:56:10.828 AVAST engine defs: 16122701
20:56:17.897 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006b
20:56:17.902 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
20:56:17.906 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006c
20:56:17.911 Disk 1 Vendor: KINGSTON 505A Size: 114473MB BusType: 11
20:56:17.917 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d
20:56:17.923 Disk 2 Vendor: TOSHIBA_ MS2O Size: 953869MB BusType: 11
20:56:17.941 Disk 1 MBR read successfully
20:56:17.945 Disk 1 MBR scan
20:56:17.951 Disk 1 Windows 7 default MBR code
20:56:17.956 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:56:17.961 Disk 1 Boot: NTFS code=1
20:56:17.969 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
20:56:17.988 Disk 1 scanning C:\Windows\system32\drivers
20:56:21.247 Service scanning
20:56:31.840 Modules scanning
20:56:31.854 Disk 1 trace - called modules:
20:56:31.865 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:56:31.873 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800c172060]
20:56:31.880 3 CLASSPNP.SYS[fffff880013bc43f] -> nt!IofCallDriver -> [0xfffffa800ac43540]
20:56:31.888 5 amd_xata.sys[fffff880011a8d00] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa800ac4c060]
20:56:33.014 AVAST engine scan C:\Windows
20:56:33.977 AVAST engine scan C:\Windows\system32
20:57:45.671 AVAST engine scan C:\Windows\system32\drivers
20:57:49.576 AVAST engine scan C:\Users\Marvin
21:05:20.769 AVAST engine scan C:\ProgramData
21:08:48.277 Disk 1 statistics 4717012/0/0 @ 3,87 MB/s
21:08:48.282 Scan finished successfully
21:09:07.059 Disk 1 MBR has been saved successfully to "C:\Users\Marvin\Desktop\MBR.dat"
21:09:07.064 The log file has been saved successfully to "C:\Users\Marvin\Desktop\aswMBR.txt"

SargeP
2017-01-09, 13:38
I sincerely thought I had only opened one thread. I read the rules and I know it is work for you to clean them up. Sorry!

Juliet
2017-01-09, 14:46
First
C:\Windows\SysWOW64\EasyAntiCheat.exe ==> EasyAntiCheat Ltd
http://www.isthisfilesafe.com/sha1/1F241E51E5C88BFADB6FB3F6D8047E5E9B231A75_details.aspx
I'd remove this.

Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
The above should be removed for now since they are outdated and exploitable. We can download the most current version later.

~~~~~~~~~
I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms (http://en.wikipedia.org/wiki/Computer_worm), backdoor Trojans (http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99), IRCBots (http://en.wikipedia.org/wiki/IRC_bot), and rootkits (http://en.wikipedia.org/wiki/Rootkit) propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of malware is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

Risks of File-Sharing Technology (http://www.us-cert.gov/cas/tips/ST05-007.html)
P2P Software User Advisories (http://aresgalaxy.sourceforge.net/p2prisks.htm)
More malware is traveling on P2P networks these days (http://www.computerworld.com/s/article/9240067/More_malware_is_traveling_on_P2P_networks_these_days)

Your P2P software can be removed by following the instructions below.

Press the Windows Key http://i.imgur.com/pdKOQKY.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search for the aforementioned programme(s), right-click and click Uninstall. Follow the prompts.

If you choose not to, please refrain from using the programme(s) during this process.

~~~~

I have found several suspicious files/folders that I cannot get enough information on to delete off your machine so, we'll have to do some detective work.
If we can.

R2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [180224 2017-01-08] () [File not signed]
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe [117561 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => C:\Program Files\IJD61O2L61\IJD61O2L6.exe [369664 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe [369664 2017-01-08] ()
HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
HKU\S-1-5-18\...\Run: [71KFQTEHQA] => C:\Program Files\EET2FMBFLG\EET2FMBFL.exe [369664 2017-01-08] ()
HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
2017-01-08 16:17 - 2017-01-08 16:17 - 00000000 ____D C:\Program Files\LAT8TQJDDX

These seem to have the same creation date. Can you look at the files/folders and let me know if you know what these might be?

I feel like we should try to scan one or two out

Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe


Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

Also, let's try this file
C:\Program Files\EET2FMBFLG\EET2FMBFL.exe

Please post the results in your next reply.

~~~~~~~~~~~~~~~~~``

Please open [u]Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: => regsvr32.exe C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll <===== ATTENTION
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-4016113358-843845156-2686539769-1000: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
C:\Windows\SysWOW64\EasyAntiCheat.exe
C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe
Task: {63E4E2EA-492C-41FB-BF97-AE7231771156} - System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
AlternateDataStreams: C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\In Praise of Idleness.docx:com.dropbox.attributes [168]
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~``

I can see AdwCleaner is already on the machine, please right click on that and send it to the recycle bin. We'll get an updated version.

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
[u]After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~
please post
Info on files requested scanned
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

SargeP
2017-01-10, 14:57
I think you may be right about the following files, as they seem to pop up as my troubles with the malware started on the 8.10:

R2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [180224 2017-01-08] () [File not signed]
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe [117561 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => C:\Program Files\IJD61O2L61\IJD61O2L6.exe [369664 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe [369664 2017-01-08] ()
HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
HKU\S-1-5-18\...\Run: [71KFQTEHQA] => C:\Program Files\EET2FMBFLG\EET2FMBFL.exe [369664 2017-01-08] ()
HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
2017-01-08 16:17 - 2017-01-08 16:17 - 00000000 ____D C:\Program Files\LAT8TQJDDX

However i seem to have deleted some of the folders already between my first post and now. To be precise the following directories are gone:
HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"


Up next is the Virus Total scan of C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe

C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
https://www.virustotal.com/en/file/01da2fcc00388ec679f8ea96bb57b7876848fa743ecc2a99483324cf11473df7/analysis/1484049709/


C:\Program Files\EET2FMBFLG\EET2FMBFL.exe
https://www.virustotal.com/en/file/01da2fcc00388ec679f8ea96bb57b7876848fa743ecc2a99483324cf11473df7/analysis/1484050408/

(I hope this is what is meant with results link)



Up next is the Adw cleaner log. Everything seemed fine. No files were ticked that needed to stay and googling some of the names revealed virus information. However once my pc restarted my window mode was set to classic windows style and i cannot change it back to my normal windows 7 style. Im not worried, just letting you know. Here are the adw logs:

# AdwCleaner v6.042 - Logfile created 10/01/2017 at 13:33:18
# Updated on 06/01/2017 by Malwarebytes
# Database : 2017-01-09.3 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Marvin - MARVINS_PC
# Running from : C:\Users\Marvin\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: WinSAPSvc
[-] Service deleted: Archer
[-] Service deleted: iThemes5
[-] Service deleted: GubedZL


***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\WinSAPSvc
[#] Folder deleted on reboot: C:\ProgramData\winsapsvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WinSAPSvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\winsapsvc
[-] Folder deleted: C:\Program Files (x86)\WinArcher
[#] Folder deleted on reboot: C:\Program Files (x86)\winarcher
[-] Folder deleted: C:\Program Files (x86)\Gubed


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\WinArcher
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [8071 Bytes] - [08/01/2017 15:45:16]
C:\AdwCleaner\AdwCleaner[C2].txt - [10267 Bytes] - [08/01/2017 16:20:03]
C:\AdwCleaner\AdwCleaner[C3].txt - [1345 Bytes] - [08/01/2017 16:30:09]
C:\AdwCleaner\AdwCleaner[C4].txt - [4666 Bytes] - [09/01/2017 01:14:42]
C:\AdwCleaner\AdwCleaner[C5].txt - [1865 Bytes] - [10/01/2017 13:33:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [7221 Bytes] - [08/01/2017 15:44:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [10082 Bytes] - [08/01/2017 16:19:12]
C:\AdwCleaner\AdwCleaner[S2].txt - [1481 Bytes] - [08/01/2017 16:29:58]
C:\AdwCleaner\AdwCleaner[S3].txt - [1604 Bytes] - [08/01/2017 16:43:00]
C:\AdwCleaner\AdwCleaner[S4].txt - [1677 Bytes] - [08/01/2017 20:12:41]
C:\AdwCleaner\AdwCleaner[S5].txt - [4988 Bytes] - [09/01/2017 01:14:30]
C:\AdwCleaner\AdwCleaner[S6].txt - [1897 Bytes] - [09/01/2017 12:58:56]
C:\AdwCleaner\AdwCleaner[S7].txt - [2557 Bytes] - [10/01/2017 13:31:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2523 Bytes] ##########



The JRT Log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Ultimate x64
Ran by Marvin (Administrator) on 10.01.2017 at 13:42:05,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 16

Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50GTL9XJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPVY4851 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRAKWLBR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLCCXOWP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2W5SLIY (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M19NFGBN (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSTJUA0W (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYVPIPW2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50GTL9XJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPVY4851 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRAKWLBR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLCCXOWP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2W5SLIY (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M19NFGBN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSTJUA0W (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYVPIPW2 (Temporary Internet Files Folder)



Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10.01.2017 at 13:43:46,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I hope that is all. I think I didn't forget anything. Not unlikely though as the autosave of this website didn't save all the text I had written on one of the restarts.

Juliet
2017-01-10, 15:54
By chance, did you run the fixlist. I had created?

SargeP
2017-01-10, 16:04
Yes! I thought I had written that but i guess it must have gotten lost between the restarts. I closely followed every point mentioned!

Juliet
2017-01-10, 16:21
Good.

Can you search for Fixlog.txt and post the log?

~~~

Also, since you already have Malwarebytes Anti-Malware onboard let's run a new scan.

Open Malwarebytes Anti-Malware

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.

Please paste the log back into this thread for review


Exit Malwarebytes

SargeP
2017-01-10, 16:53
Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Marvin (10-01-2017 13:18:42) Run:1
Running from C:\Users\Marvin\Desktop\Fixing things
Loaded Profiles: Marvin (Available Profiles: Marvin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [UVFmedia] => regsvr32.exe C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll <===== ATTENTION
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin HKU\S-1-5-21-4016113358-843845156-2686539769-1000: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
C:\Windows\SysWOW64\EasyAntiCheat.exe
C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe
Task: {63E4E2EA-492C-41FB-BF97-AE7231771156} - System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
AlternateDataStreams: C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\In Praise of Idleness.docx:com.dropbox.attributes [168]
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UVFmedia => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2 => key not found.
"C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll" => not found.
HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2 => key not found.
"C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll" => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2 => key not found.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2 => key not found.
C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll => not found.
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.12.1 => key removed successfully
C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => not found.
"C:\Windows\SysWOW64\EasyAntiCheat.exe" => not found.
C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe => moved successfully
C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe => moved successfully
C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63E4E2EA-492C-41FB-BF97-AE7231771156} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63E4E2EA-492C-41FB-BF97-AE7231771156} => key removed successfully
C:\Windows\System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{491BF032-D6A1-4FEE-BCB9-110186A33902} => key removed successfully
C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx => ":com.dropbox.attributes" ADS removed successfully.
C:\Users\Marvin\Desktop\In Praise of Idleness.docx => ":com.dropbox.attributes" ADS removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44361292 B
Java, Flash, Steam htmlcache => 474441976 B
Windows/system/drivers => 498569504 B
Edge => 0 B
Chrome => 496393371 B
Firefox => 381544633 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 67300 B
systemprofile32 => 9015935 B
LocalService => 332914 B
NetworkService => 717644 B
Marvin => 1265678822 B

RecycleBin => 0 B
EmptyTemp: => 3 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:19:12 ====



Malwarebytes (I only have the free version so I couldn't enter the advanced settings):

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/8/17
Scan Time: 3:29 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.0
Update Package Version: 1.0.951
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marvins_PC\Marvin

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 383970
Time Elapsed: 1 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 6
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [863], [325509],1.0.951
PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009\QNSL6EBB.TMP, Quarantined, [77], [100459],1.0.951
Adware.DownloadSponsor, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\DMR\DMR_80.EXE, Quarantined, [2435], [358371],1.0.951
PUP.Optional.Komodia, C:\PROGRAM FILES (X86)\OTHERSEARCH\ZIENGINE.EXE, Quarantined, [1292], [106353],1.0.951
PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\D4CC.TMP, Quarantined, [77], [156783],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\2b4a6eef476009e5a07c0388a81cb729.exe, Quarantined, [17834], [259462],1.0.951

Module: 13
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Quarantined, [863], [318108],1.0.951
PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Quarantined, [1292], [106353],1.0.951
PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Quarantined, [1292], [106353],1.0.951
PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Quarantined, [1292], [106353],1.0.951
PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Quarantined, [1292], [106353],1.0.951
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [863], [325509],1.0.951
PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009\QNSL6EBB.TMP, Quarantined, [77], [100459],1.0.951
Trojan.Miuref.THC, C:\USERS\MARVIN\APPDATA\LOCAL\UPMEDIA\RCBTAMCJ.DLL, Quarantined, [7478], [65255],1.0.951
Adware.DownloadSponsor, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\DMR\DMR_80.EXE, Quarantined, [2435], [358371],1.0.951
PUP.Optional.Komodia, C:\PROGRAM FILES (X86)\OTHERSEARCH\ZIENGINE.EXE, Quarantined, [1292], [106353],1.0.951
PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\D4CC.TMP, Quarantined, [77], [156783],1.0.951
Adware.Elex.Generic, C:\Program Files (x86)\Qosdomckeloent Launcher\local64spl.dll, Quarantined, [2409], [358290],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\2b4a6eef476009e5a07c0388a81cb729.exe, Quarantined, [17834], [259462],1.0.951

Registry Key: 27
PUP.Optional.ConvertAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zigipyro, Delete-on-Reboot, [77], [100459],1.0.951
PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016, Delete-on-Reboot, [863], [325509],1.0.951
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [130], [170024],1.0.951
PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [130], [-1],0.0.0
PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [130], [170024],1.0.951
PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [130], [170024],1.0.951
PUP.Optional.CleanBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CleanBrowser, Delete-on-Reboot, [1859], [181961],1.0.951
PUP.Optional.OtherSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OtherSearch, Delete-on-Reboot, [707], [306041],1.0.951
Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DPower_is1, Delete-on-Reboot, [2306], [350732],1.0.951
Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mobilepcstarterkit_is1, Delete-on-Reboot, [2306], [350732],1.0.951
PUP.Optional.ConvertAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PopupProduct, Delete-on-Reboot, [77], [236933],1.0.951
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\d3a01f8ee8c49abc0a56c9bdd2e477ae, Delete-on-Reboot, [17881], [261569],1.0.951
PUP.Optional.ConvertAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NUIns, Delete-on-Reboot, [77], [246227],1.0.951
PUP.Optional.OtherSearch, HKLM\SOFTWARE\WOW6432NODE\OTHERSEARCH, Delete-on-Reboot, [707], [305744],1.0.951
PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016srv, Delete-on-Reboot, [863], [325507],1.0.951
PUP.Optional.Trovi, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Delete-on-Reboot, [6149], [244207],1.0.951
PUP.Optional.Social2Search, HKLM\SOFTWARE\WOW6432NODE\Socia2Sear Browser Enhancer, Delete-on-Reboot, [444], [345866],1.0.951
PUP.Optional.Social2Search, HKLM\SOFTWARE\Socia2Sear Browser Enhancer, Delete-on-Reboot, [444], [345866],1.0.951
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASAPI32, Delete-on-Reboot, [12875], [253642],1.0.951
PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASMANCS, Delete-on-Reboot, [12875], [253642],1.0.951
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\cltmng_RASAPI32, Delete-on-Reboot, [2455], [184777],1.0.951
PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\cltmng_RASMANCS, Delete-on-Reboot, [2455], [184777],1.0.951
PUP.Optional.AppTrailers, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\APPDATALOW\SOFTWARE\AppTrailers, Delete-on-Reboot, [1067], [324090],1.0.951
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\apc6tt41, Delete-on-Reboot, [2086], [339986],1.0.951
PUP.Optional.Wajam.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\d3a01f8ee8c49abc0a56c9bdd2e477ae, Delete-on-Reboot, [17834], [259462],1.0.951
PUP.Optional.Wajam, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\WajIEnhance, Delete-on-Reboot, [130], [244670],1.0.951
PUP.Optional.Tuto4PC, HKU\S-1-5-18\SOFTWARE\MICROSOFT\wewewe, Delete-on-Reboot, [112], [339689],1.0.951

Registry Value: 20
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|OMEWPRODUCT_OO26R, Delete-on-Reboot, [2306], [350732],1.0.951
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|OTUTPRODUCT_ZTC9C, Delete-on-Reboot, [2306], [350732],1.0.951
PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [130], [-1],0.0.0
PUP.Optional.Wajam, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [130], [-1],0.0.0
PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [130], [-1],0.0.0
Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|OMEWPRODUCT_K3D4B, Delete-on-Reboot, [2306], [350732],1.0.951
PUP.Optional.Tuto4PC, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9M71O69FYI, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9M71O69FYI, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DiskPower, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [95], [-1],0.0.0
PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [95], [-1],0.0.0
PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\d3a01f8ee8c49abc0a56c9bdd2e477ae|DISPLAYNAME, Delete-on-Reboot, [17881], [261569],1.0.951
PUP.Optional.OtherSearch, HKLM\SOFTWARE\WOW6432NODE\OTHERSEARCH|AFFID, Delete-on-Reboot, [707], [305744],1.0.951
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DPOWER_IS1|PUBLISHER, Delete-on-Reboot, [112], [314797],1.0.951
PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zigipyro|IMAGEPATH, Delete-on-Reboot, [10337], [257691],1.0.951
Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\apc6tt41|NAME, Delete-on-Reboot, [2086], [339986],1.0.951
PUP.Optional.Trovi, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, Delete-on-Reboot, [6149], [244206],1.0.951
PUP.Optional.Conduit, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SUGGESTIONSURL_JSON, Delete-on-Reboot, [715], [236867],1.0.951
PUP.Optional.Trovi, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DISPLAYNAME, Delete-on-Reboot, [6149], [244206],1.0.951
PUP.Optional.Trovi, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [6149], [293219],1.0.951

Data Stream: 0
(No malicious items detected)

Folder: 21
PUP.Optional.HDWallPaper, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\HDWallPaper, Delete-on-Reboot, [169], [314888],1.0.951
PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser\Temp, Delete-on-Reboot, [1859], [181961],1.0.951
PUP.Optional.CleanBrowser, C:\PROGRAM FILES (X86)\CleanBrowser, Delete-on-Reboot, [1859], [181961],1.0.951
PUP.Optional.HDWallPaper, C:\PROGRAM FILES (X86)\HDWallPaper, Delete-on-Reboot, [169], [314832],1.0.951
PUP.Optional.OtherSearch, C:\PROGRAM FILES (X86)\OtherSearch, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.Tuto4PC, C:\Users\Marvin\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105\2.00, Delete-on-Reboot, [112], [182348],1.0.951
PUP.Optional.Tuto4PC, C:\Users\Marvin\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105, Delete-on-Reboot, [112], [182348],1.0.951
PUP.Optional.Tuto4PC, C:\USERS\MARVIN\APPDATA\LOCAL\tuto_monetize_120170105, Delete-on-Reboot, [112], [182348],1.0.951
PUP.Optional.Tuto4PC, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105\2.00, Delete-on-Reboot, [112], [182348],1.0.951
PUP.Optional.Tuto4PC, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105, Delete-on-Reboot, [112], [182348],1.0.951
PUP.Optional.Tuto4PC, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\tuto_monetize_120170105, Delete-on-Reboot, [112], [182348],1.0.951
Adware.Wajam, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SOCIA2SEAR BROWSER ENHANCER, Delete-on-Reboot, [1771], [348378],1.0.951
PUP.Optional.Tuto4PC, C:\PROGRAM FILES (X86)\DPOWER, Delete-on-Reboot, [112], [314798],1.0.951
Adware.Elex.Generic, C:\PROGRAM FILES (X86)\QOSDOMCKELOENT LAUNCHER, Delete-on-Reboot, [2409], [358290],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\index-dir, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\USERS\MARVIN\APPDATA\LOCAL\APPTRAILERS, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009, Delete-on-Reboot, [77], [236933],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\ba6f752ba72daac512434e87abb96fc6, Delete-on-Reboot, [17834], [259462],1.0.951
PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\d3a01f8ee8c49abc0a56c9bdd2e477ae, Delete-on-Reboot, [17834], [259462],1.0.951

File: 179
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Delete-on-Reboot, [863], [318108],1.0.951
PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Delete-on-Reboot, [1292], [106353],1.0.951
PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Delete-on-Reboot, [863], [325509],1.0.951
PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009\QNSL6EBB.TMP, Delete-on-Reboot, [77], [100459],1.0.951
Trojan.Miuref.THC, C:\USERS\MARVIN\APPDATA\LOCAL\UPMEDIA\RCBTAMCJ.DLL, Delete-on-Reboot, [7478], [65255],1.0.951
Adware.DownloadSponsor, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\DMR\DMR_80.EXE, Delete-on-Reboot, [2435], [358371],1.0.951
PUP.Optional.Komodia, C:\PROGRAM FILES (X86)\OTHERSEARCH\ZIENGINE.EXE, Delete-on-Reboot, [1292], [106353],1.0.951
PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\D4CC.TMP, Delete-on-Reboot, [77], [156783],1.0.951
PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\DRIVERS\NETUTILS2016.SYS, Delete-on-Reboot, [863], [325509],1.0.951
Adware.Tuto4PC, C:\WINDOWS\TEMP\QDI1TJ9L5N.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MPCK\VVJ2V9.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\DPOWER\A91E4T.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
PUP.Optional.HDWallPaper, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HDWallPaper\config.ini, Delete-on-Reboot, [169], [314888],1.0.951
PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser\Temp\_1.zip, Delete-on-Reboot, [1859], [181961],1.0.951
PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser\uninstall.exe, Delete-on-Reboot, [1859], [181961],1.0.951
PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser\version, Delete-on-Reboot, [1859], [181961],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\freebl3.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\kke.exe, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\libnspr4.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\libplc4.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\libplds4.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\nss3.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\nssckbi.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\nssdbm3.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\nssutil3.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\slite.exe, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\smime3.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\softokn3.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\sqlite3.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\ssl3.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\uninstall.exe, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\updengine.exe, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdengine.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdengine.exe, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdengine.tlb, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdengine64.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdenginecert.dll, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdinstaller.exe, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdwfp.sys, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdwfp64.sys, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\ziengine.ini, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\ziengine64.exe, Delete-on-Reboot, [707], [306041],1.0.951
PUP.Optional.Tuto4PC, C:\Users\Marvin\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105\2.00\cnf.cyl, Delete-on-Reboot, [112], [182348],1.0.951
PUP.Optional.Tuto4PC, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105\2.00\cnf.cyl, Delete-on-Reboot, [112], [182348],1.0.951
Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\Settings.lnk, Delete-on-Reboot, [1771], [348378],1.0.951
Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\SignIn with Twitter.lnk, Delete-on-Reboot, [1771], [348378],1.0.951
Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\Social2Search Website.lnk, Delete-on-Reboot, [1771], [348378],1.0.951
Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\uninstall.lnk, Delete-on-Reboot, [1771], [348378],1.0.951
PUP.Optional.Trovi, C:\USERS\MARVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5954LDYI.DEFAULT\PREFS.JS, Replaced, [6149], [301684],1.0.951
PUP.Optional.Tuto4PC, C:\PROGRAM FILES (X86)\MPCK\MOBILEPCSTARTERKIT_WIDGET.EXE, Delete-on-Reboot, [112], [14224],1.0.951
Adware.Elex.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\ERGICKMIDUTION\TABUTAIN.DLL, Delete-on-Reboot, [2409], [356335],1.0.951
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\DPOWER\UNINSTALLER.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MPCK\UNINSTALLER.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
PUP.Optional.Tuto4PC, C:\PROGRAM FILES (X86)\DPOWER\UNINS000.DAT, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\A91E4T.exe.config, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\B16NQ2AGGD.exe, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\B16NQ2AGGD.exe.config, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\cast.config, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\config.conf, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\DiskPower.exe, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\DiskPower.exe.conf, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\LinqBridge.dll, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\unins000.exe, Delete-on-Reboot, [112], [314798],1.0.951
PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\uninstaller.exe.config, Delete-on-Reboot, [112], [314798],1.0.951
Adware.Elex.Generic, C:\PROGRAM FILES (X86)\MAPADOMCOAVECK\TABUTAIN.DLL, Delete-on-Reboot, [2409], [356335],1.0.951
PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\INSTALLATIONCONFIGURATION.XML, Delete-on-Reboot, [95], [302554],1.0.951
PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\NSB46E0.TMP, Delete-on-Reboot, [77], [290930],1.0.951
PUP.Optional.Komodia, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\ZDENGINE.LOG, Delete-on-Reboot, [1292], [257778],1.0.951
PUP.Optional.PreInstaller, C:\WINDOWS\TEMP\44D4.TMP, Delete-on-Reboot, [8553], [77080],1.0.951
Adware.Elex.Generic, C:\PROGRAM FILES (X86)\QOSDOMCKELOENT LAUNCHER\LOCAL64SPL.DLL.INI, Delete-on-Reboot, [2409], [358290],1.0.951
Adware.Elex.Generic, C:\Program Files (x86)\Qosdomckeloent Launcher\local64spl.dll, Delete-on-Reboot, [2409], [358290],1.0.951
Adware.Tuto4PC, C:\WINDOWS\TEMP\KMLN8HZGI3\APPSOFT.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\44CE.TMP, Delete-on-Reboot, [77], [100461],1.0.951
Adware.ConvertAd, C:\WINDOWS\TEMP\44CF.TMP, Delete-on-Reboot, [118], [158747],1.0.951
Bootkit.Agent.VBR, C:\WINDOWS\TEMP\SETCS86.EXE, Delete-on-Reboot, [2935], [356131],1.0.951
PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\5Q94R4H0M6\CASTER12.EXE, Delete-on-Reboot, [112], [331647],1.0.951
PUP.Optional.Freemium, C:\USERS\MARVIN\DOWNLOADS\PAZERA-FREE-MKV-TO-AVI-CONVERTER-1.4-SETUP.EXE, Delete-on-Reboot, [12540], [301050],1.0.951
PUP.Optional.SilentInstaller, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\F9626892-7A78-3199-ABD2-97BBCE96297B\OFFERINSTALLER.EXE, Delete-on-Reboot, [4042], [11846],1.0.951
PUP.Optional.AppTrailers, C:\USERS\MARVIN\APPDATA\LOCAL\APPTRAILERS\WEB DATA, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\index-dir\the-real-index, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\01ebf43b86245e64_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\02cdb733b079655d_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0457719a18f2c25e_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0531a1d1ab0cc80f_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0571c8d23ca44cda_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\08bc571418449ead_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0d38e65b97b6ca2f_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0ed73590870cfbd2_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0ed7399215f555d7_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0ef5b10d79d9f0cb_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\b76bcaff47320d20_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\bd48447363dfb226_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\be189d201694bf89_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\bfbe9938bbb38577_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c2265d7297447e4e_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c3329b5e71fb9773_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c3e54f2da56e3070_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c487316b1c7eb401_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c79eea9e3fb663aa_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c8bff37e9d993e8c_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\d19a15ac54bfa3ba_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\d1e76506be7d2271_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\d652598e0bff0a74_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\dc7c883ebdb4ce43_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\31dd53db120ebb87_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\3a977894dc0fcd39_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\404cef6e0d04e861_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\442182c02ee0a243_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\4be17a7342b462e7_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\4d75eab78299f375_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\5125b9f58b582f46_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\52992baca7882ec5_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\575096e145d8e7dc_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\5787831d921a5b92_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\5ede7465ad814101_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\60fa0cf60109e35a_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\66e510668b4796e9_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\dd1fa8967c9eedf1_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\e992121cad948854_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\ea15db24a55301bc_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\f4beaede20fc0699_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\f552ab47376f113e_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\f74a8c1655500d73_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\fbef9ceaf336383d_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\fddd11ea475c5135_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\index, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\690236e4ca6ee8d1_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\6a049d05dc31f2bf_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\76e51e810ffd774c_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\7d8cebaadfd53fbf_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\8326a92c0f293bc4_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\83a226c1379f7a18_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\8d9b27c428a8f6a3_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\8f60e69a4afd6f60_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\95232c08f503d1f3_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\a1f309cd5a3eb6fa_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\a43e398740182b4b_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\b3986aa6d1a5b1ca_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\b3edef432256edd5_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0fc3db66b9cbe75d_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\1b72c2d37a2af109_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\1dff67c9badf383d_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\1e20774a42d716f3_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\234986793e71f265_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\26968e7a0c71776d_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\2819c5233c1f77b4_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\2ac381ccd53e2ce0_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\2b11e2e523e5d524_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\3082972055161e5d_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\dcd59cd60e5c727c_0, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage\file__0.localstorage, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage\file__0.localstorage-journal, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage-journal, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\cookies, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\cookies-journal, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Web Data-journal, Delete-on-Reboot, [1067], [324095],1.0.951
PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\AD7LU40SJU.EXE, Delete-on-Reboot, [112], [314786],1.0.951
PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\SGQP2M4VR7.EXE, Delete-on-Reboot, [112], [124446],1.0.951
PUP.Optional.Komodia, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\ZIENGINE.INI.LOG, Delete-on-Reboot, [1292], [257777],1.0.951
Adware.DownloadSponsor, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\DMR\DMR_72.EXE, Delete-on-Reboot, [2435], [358371],1.0.951
Trojan.Agent, C:\WINDOWS\TEMP\HCPLCS.EXE, Delete-on-Reboot, [22], [357677],1.0.951
PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\NSC7FD5.TMP, Delete-on-Reboot, [77], [290930],1.0.951
Adware.Tuto4PC, C:\WINDOWS\TEMP\5Q94R4H0M6\ADVISE.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
PUP.Optional.Komodia, C:\WINDOWS\SYSWOW64\ZDENGINE.DLL, Delete-on-Reboot, [1292], [106353],1.0.951
PUP.Optional.Bundler, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\FSD4A58.EXE, Delete-on-Reboot, [222], [8918],1.0.951
PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\5Q94R4H0M6\CASTER19.EXE, Delete-on-Reboot, [112], [331647],1.0.951
PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\KMLN8HZGI3\CAS.EXE, Delete-on-Reboot, [112], [331647],1.0.951
Adware.Tuto4PC, C:\WINDOWS\TEMP\SKN52WL02O\APPSOFT.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009\UNINSTALL.EXE, Delete-on-Reboot, [77], [236933],1.0.951
PUP.Optional.ResultsHub, C:\USERS\MARVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_manyresultshub-a.akamaihd.net_0.localstorage, Delete-on-Reboot, [12044], [242323],1.0.951
PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\d3a01f8ee8c49abc0a56c9bdd2e477ae\ba6f752ba72daac512434e87abb96fc6\7623053ac9ebe33858647506cdbf2f89.ico, Delete-on-Reboot, [17834], [259462],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\ba6f752ba72daac512434e87abb96fc6\7bd57047150e93a8a64b87905cf54301.ico, Delete-on-Reboot, [17834], [259462],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\ba6f752ba72daac512434e87abb96fc6\7dfd53909d5f754c9c0a2510f14c807f.ico, Delete-on-Reboot, [17834], [259462],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\0108cc1966b04a525eeec2f2c19ecf06.exe, Delete-on-Reboot, [17834], [259462],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\2b4a6eef476009e5a07c0388a81cb729.exe, Delete-on-Reboot, [17834], [259462],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\3348092d021e7bca63f77820731c3243, Delete-on-Reboot, [17834], [259462],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\7bd57047150e93a8a64b87905cf54301.ico, Delete-on-Reboot, [17834], [259462],1.0.951
PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\f45a21687b2122533a920d405cd65568.exe, Delete-on-Reboot, [17834], [259462],1.0.951

Physical Sector: 0
(No malicious items detected)


(end)

Juliet
2017-01-10, 18:45
Whoa nellie!

Had no idea you had this amount of junk on your computer.

After the last scan I hope your seeing improvements?

~~~~~~~~~~~~~~~~~~~~~~


Download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download/) and save it to your desktop.
Double-click icon then click Install
A Window should open highlighting Start Emergency Kit Scanner
Right click on the icon and select Run as administrator
Click Update now!
Once the update is completed select Settings under Scan
Uncheck Join the Emsisoft Anti-Malware Network
Click Scan at the top
Click On scan completion
Click Quarantine detected objects, then click OK
Click Malware Scan
Once completed click View Report
Save the file to your Desktop using the default file name
Copy and paste the report in your reply

===============

SargeP
2017-01-10, 19:21
It seems so. Wasn't aware of it either. I am indeed noticing changes. I can use Youtube again and one program that wouldn't start up yesterday is starting up now. Whether that has anything to do with what we have done so far, I don't know.

Here is the Emisoft Emergency Kit Scan log (Unfortunately in German, must have overlooked the language selection screen):

Emsisoft Emergency Kit – Version 12.0
Letztes Update: 10.01.2017 18:02:37
Benutzerkonto: Marvins_PC\Marvin
Computer name: MARVINS_PC
OS version: Windows 7x64 Service Pack 1

Scan-Einstellungen:

Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien

PUPs-Erkennung: An
Archiv-Scan: Aus
ADS-Scan: An
Dateierweiterungen: Aus
Direkter Festplattenzugriff: Aus

Scan-Beginn: 10.01.2017 18:05:13
C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe Gefunden: Gen:Heur.MSIL.Krypt.4 (B) [krnl.xmd]
C:\Program Files\IJD61O2L61\IJD61O2L6.exe Gefunden: Gen:Heur.MSIL.Krypt.4 (B) [krnl.xmd]
C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll Gefunden: Gen:Variant.Razy.22856 (B) [krnl.xmd]
C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe Gefunden: Trojan.GenericKD.4134817 (B) [krnl.xmd]
c:\program files (x86)\mapadomcoaveck\bmssch.dll Gefunden: Gen:Variant.Graftor.313143 (B) [krnl.xmd]
C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll Gefunden: Gen:Variant.Graftor.313143 (B) [krnl.xmd]
C:\Program Files (x86)\Mapadomcoaveck\Shidpywifuph.dll Gefunden: Gen:Variant.Mikey.57567 (B) [krnl.xmd]
C:\Program Files (x86)\Mapadomcoaveck\CrashReport.dll Gefunden: Gen:Variant.Graftor.318031 (B) [krnl.xmd]
C:\Program Files (x86)\Mapadomcoaveck\Release038.dll Gefunden: Gen:Variant.Graftor.312033 (B) [krnl.xmd]
C:\Program Files\EET2FMBFLG\EET2FMBFL.exe Gefunden: Gen:Heur.MSIL.Krypt.4 (B) [krnl.xmd]
C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll Gefunden: Gen:Variant.Razy.22856 (B) [krnl.xmd]
C:\Users\Marvin\Desktop\install_patch\sonar 8 install patch.exe Gefunden: Trojan.Generic.5487364 (B) [krnl.xmd]
C:\Users\Marvin\Desktop\install_patch\sonar 8.02 update install patch.exe Gefunden: Trojan.Generic.1410268 (B) [krnl.xmd]
C:\Users\Marvin\Desktop\install_patch\sonar 8.01 update install patch.exe Gefunden: Trojan.Generic.1410268 (B) [krnl.xmd]
C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8 install patch.exe Gefunden: Virtool.21901 (B) [krnl.xmd]
C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8.01 update install patch.exe Gefunden: Virtool.22821 (B) [krnl.xmd]
C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8.02 update install patch.exe Gefunden: Virtool.21371 (B) [krnl.xmd]
C:\Users\Marvin\Downloads\Better DS3 - CHIP-Installer.exe Gefunden: Application.AdLoad (A) [283292]
C:\Users\Marvin\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe Gefunden: Application.AdLoad (A) [283292]
C:\Users\Marvin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe Gefunden: Application.AdLoad (A) [283292]
C:\Users\Marvin\Downloads\SpeedFan - CHIP-Installer.exe Gefunden: Application.AdLoad (A) [283292]
C:\Windows\f45a21687b2122533a920d405cd65568.exe Gefunden: Adware.GenericKD.4147491 (B) [krnl.xmd]

Gescannt: 80550
Gefunden 22

Scan-Ende: 10.01.2017 18:06:34
Scan-Zeit: 0:01:21

c:\program files (x86)\mapadomcoaveck\bmssch.dll Gen:Variant.Graftor.313143 (B)
C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll Gen:Variant.Razy.22856 (B)
C:\Program Files (x86)\Mapadomcoaveck\Shidpywifuph.dll Gen:Variant.Mikey.57567 (B)
C:\Program Files (x86)\Mapadomcoaveck\CrashReport.dll Gen:Variant.Graftor.318031 (B)
C:\Users\Marvin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe Application.AdLoad (A)
C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe Gen:Heur.MSIL.Krypt.4 (B)
C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe Trojan.GenericKD.4134817 (B)
C:\Users\Marvin\Desktop\install_patch\sonar 8.01 update install patch.exe Trojan.Generic.1410268 (B)
C:\Users\Marvin\Desktop\install_patch\sonar 8.02 update install patch.exe Trojan.Generic.1410268 (B)
C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8.01 update install patch.exe Virtool.22821 (B)
C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8.02 update install patch.exe Virtool.21371 (B)
C:\Program Files (x86)\Mapadomcoaveck\Release038.dll Gen:Variant.Graftor.312033 (B)
C:\Users\Marvin\Desktop\install_patch\sonar 8 install patch.exe Trojan.Generic.5487364 (B)
C:\Users\Marvin\Downloads\SpeedFan - CHIP-Installer.exe Application.AdLoad (A)
C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll Gen:Variant.Graftor.313143 (B)
C:\Users\Marvin\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe Application.AdLoad (A)
C:\Program Files\EET2FMBFLG\EET2FMBFL.exe Gen:Heur.MSIL.Krypt.4 (B)
C:\Program Files\IJD61O2L61\IJD61O2L6.exe Gen:Heur.MSIL.Krypt.4 (B)
C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll Gen:Variant.Razy.22856 (B)
C:\Windows\f45a21687b2122533a920d405cd65568.exe Adware.GenericKD.4147491 (B)
C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8 install patch.exe Virtool.21901 (B)
C:\Users\Marvin\Downloads\Better DS3 - CHIP-Installer.exe Application.AdLoad (A)

Quarantäne 22

If you want me to use the scan again in english, just tell me and I will see what I can do.

Juliet
2017-01-10, 22:58
one program that wouldn't start up yesterday is starting up now.
Which one is that?


If you want me to use the scan again in english, just tell me and I will see what I can do.
Thats up to you. At the end of the scan it said Quarantäne 22
German or English I know what that means :)


~~~~
if you would, I'd like to see a new FRST scan log.

Search for these below logs, if found right click and select delete.
FRST.txt & Addition.txt and Fixlog.txt

This will probably be our last scan to do but just want to check and make sure all that I can see is gone. Then I'll send you on your way.
~~~

Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

SargeP
2017-01-11, 10:18
Origin was the program in question.

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Marvin (administrator) on MARVINS_PC (11-01-2017 09:15:21)
Running from C:\Users\Marvin\Desktop\Fixing things
Loaded Profiles: Marvin (Available Profiles: Marvin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Scarlet.Crush Productions) C:\Program Files\PS3 Controllers\bin\ScpService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Windows\USB Vibration\7906\USB Gamepad.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6625672 2016-08-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [USB Gamepad] => C:\Windows\USB Vibration\7906\USB Gamepad.exe [796784 2008-12-10] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => "C:\Program Files\IJD61O2L61\IJD61O2L6.exe"
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => "C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe"
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
HKU\S-1-5-18\...\Run: [71KFQTEHQA] => "C:\Program Files\EET2FMBFLG\EET2FMBFL.exe"
HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-01-11]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{EB100C81-CB83-4438-99D2-8059C3A5BDFC}: [DhcpNameServer] 192.168.2.1 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-4016113358-843845156-2686539769-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF DefaultProfile: 5954ldyi.default
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default [2017-01-10]
FF NetworkProxy: Mozilla\Firefox\Profiles\5954ldyi.default -> autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((host == "www.abc.net.au")
(host == "iview.abc.net.au")
(host == "iviewmetered-vh.akamaihd.net")
(url.indexOf("proxmate=au") != -1)
(host == "livestream.com")
(host == "www.livestream.com")
(host == "api.new.livestream.com")
(host == "player.ooyala.com")
(host == "xnewsvidhd-vh.akamaihd.net")
(host == "www.animelab.com")
(host == "dcgm6i50yfgtk.cloudfront.net")) { return 'PROXY au-node.proxmate.me:8008' } else if ((url.indexOf("proxmate=ca") != -1)
(host == "ici.tou.tv")
(host == "toutvuniver1-vh.akamaihd.net")
(host == "geoip.radio-canada.ca")
(host == "api.radio-canada.ca")
(host == "images.tou.tv")
(host == "player.siriusxm.ca")
(host == "primary.hls-streaming.production.streaming.siriusxm.ca")
(host == "now.sportsnet.ca")
(host == "watch.sportsnet.ca")
(host == "player.9c9media.com")
(host == "metrics.ctv.ca")
(host == "capi.9c9media.com")
(host == "www.ctv.ca")) { return 'PROXY ca-node.proxmate.me:8008' } else if ((host == "arte.tv")
(host == "www.arte.tv")
(host == "geoftv-a.akamaihd.net")
(host == "hdfauthftv-a.akamaihd.net")
(host == "replayftv-vh.akamaihd.net")
(host == "ftvingest-vh.akamaihd.net")
(host == "live.francetv.fr")
(host == "d8.tv")
(host == "www.d8.tv")
(host == "us-cplus-aka.canal-plus.com")
(host == "hds_live_d8_aka-lh.akamaihd.net")
(host == "d17.tv")
(host == "www.d17.tv")
(host == "hds_live_d17_aka-lh.akamaihd.net")
(url.indexOf("proxmate=fr") != -1)
(host == "www.6play.fr")
(host == "geo.6cloud.fr")
(host == "proxy-021.dc3.dailymotion.com")
(host == "proxy-67.dailymotion.com")
(host == "prof.estat.com")
(host == "metrics.dailymotion.com")
(host == "www.dailymotion.com")
(host == "vmap.snappytv.com")) { return 'PROXY fr-node.proxmate.me:8008' } else if ((host == "vod-akamai-psd-hds.p7s1digital.de")
(host == "vas.sim-technik.de")
(url.indexOf("proxmate=de") != -1)
(host == "nightclub.de")
(host == "zdf.de")
(host == "www.zdf.de")
(host == "zdf_hds_de-f.akamaihd.net")
(host == "api.nowtv.de")
(host == "delivestream-lh.akamaihd.net")
(host == "cdnapi.kaltura.com")
(host == "disneychannel.de")
(host == "www.southpark.de")) { return 'PROXY de-node.proxmate.me:8008' } else if ((host == "www.tg4.ie")
(url.indexOf("proxmate=ie") != -1)) { return 'PROXY ie-node.proxmate.me:8008' } else if ((host == "rai.tv")
(host == "www.rai.tv")
(host == "mediapolis.rai.it")
(host == "www.rai.it")
(host == "stream5.rai.it")
(host == "stream6.rai.it")
(host == "stream7.rai.it")
(host == "sspushrai1-s.akamaihd.net")
(host == "sspushrai2-s.akamaihd.net")
(host == "sspushraisport2-s.akamaihd.net")
(host == "sspushrai3-s.akamaihd.net")
(host == "secondary.adaptiveedge.rai.it")
(host == "rai-italia01.wt-eu02.net")
(host == "download.rai.tv")
(host == "mediapolisvod.rai.it")
(host == "ww.rai.tv")
(host == ".xuniplay.fdnames.com")
(url.indexOf("xuniplay.fdnames.com") != -1)
(host == "se-to1-8.se.live3.msf.ticdn.it")
(host == "live.shinystat.com")
(host == "lic.mediaset.net")
(host == "cssr.video.mediaset.it")
(url.indexOf("proxmate=it") != -1)
(host == "www.vvvvid.it")) { return 'PROXY it-node.proxmate.me:8008' } else if ((host == "telecinco.es")
(host == "telecinco1-vh.akamaihd.net")
(host == "www.telecinco.es")
(url.indexOf("proxmate=es") != -1)
(host == "antena3.com")
(host == "www.antena3.com")
(host == "geodesprogresiva.antena3.com")
(host == "rtve.es")
(host == "www.rtve.es")
(host == "ztnr.rtve.es")
(host == "mvodt.lvlt.rtve.es")
(host == "swf.rtve.es")
(host == "cuatro.com")
(host == "www.cuatro.com")
(host == "cuatro1-vh.akamaihd.net")
(host == "peliculas-online.atresplayer.com")
(host == "servicios.atresplayer.com")
(host == "atresplayer.com")
(host == "www.atresplayer.com")
(host == "k.uecdn.es")
(host == "v.uecdn.es")
(host == "as.com")
(host == "ep00.epimg.net")) { return 'PROXY es-node.proxmate.me:8008' } else if ((host == "prosieben.ch")
(host == "www.prosieben.ch")
(host == "s1tv.ch")
(host == "www.s1tv.ch")
(host == "zba2-0-hds-live.zahs.tv")
(host == "embed-zattoo.com")
(host == "chtv.ch")
(host == "www.chtv.ch")
(host == "zba2-1-hds-live.zahs.tv")
(host == "sat1.ch")
(host == "www.sat1.ch")
(host == "rsi.ch")
(host == "www.rsi.ch")
(host == "codch-vh.akamaihd.net")
(host == "il.srgssr.ch")
(host == "ch.viva.tv")
(host == "intl.esperanto.mtvi.com")
(url.indexOf("proxmate=ch") != -1)
(host == "zattoo.com")
(host == "www.srf.ch")
(host == "srgssruni1ch-lh.akamaihd.net")
(host == "srgssruni2ch-lh.akamaihd.net")
(host == "srgssruni3ch-lh.akamaihd.net")
(host == "www.teleboy.ch")
(host == "aka-cdn-ns.adtech.de")
(host == "teleboy.customers.cdn.iptv.ch")) { return 'PROXY ch-node.proxmate.me:8008' } else if ((host == "www.bbc.co.uk")
(host == "open.live.bbc.co.uk")
(host == "fig.bbc.co.uk")
(host == "vod-hds-uk-live.edgesuite.net")
(host == "vod-hds-uk-live.bbcfmt.vo.llnwd.net")
(host == "www.bbc.co.uk")
(host == "vs-hds-uk-live.bbcfmt.vo.llnwd.net")
(host == "vs-hds-uk-live.edgesuite.net")
(host == "c.brightcove.com")
(host == "secure.brightcove.com")
(host == "metrics.brightcove.com")
(host == "stv-ak.cds1.yospace.com")
(host == "core.stvfiles.com")
(host == "player.stv.tv")
(host == "stv.brightcove.com.edgesuite.net")
(host == "uk-dev-stv.cdn.videoplaza.tv")
(host == "mercury.itv.com")
(host == "www.itv.com")
(host == "itv.com")
(host == "llnw.live.btv.simplestream.com")
(host == "players.simplestream.com")
(host == "uapi.simplestream.com")
(host == "channel5.com")
(host == "wwwcdn.channel5.com")
(host == "cassie.channel5.com")
(host == "player.channel5.com")
(host == "deliver-hls.channel5.com")
(host == "akahls.channel5.com")
(host == "llnwhls.channel5.com")
(host == "milkshake.tv")
(host == "www.milkshake.tv")
(host == "trk-euwest.tidaltv.com")
(host == "mp.adverts.itv.com")
(host == "req.tidaltv.com")
(host == "s1.2mdn.net")
(host == "pes.itv.com")
(host == "ned.itv.com")
(host == "itvdotcom.2cnt.net")
(host == "tom.itv.com")
(host == "dave.uktv.co.uk")
(host == "uktvplay.uktv.co.uk")
(host == "uktvhdse.brightcove.com.edgesuite.net")
(host == "admin.brightcove.com")
(host == "really.uktv.co.uk")
(host == "yesterday.uktv.co.uk")
(host == "drama.uktv.co.uk")
(host == "live.tvplayer.com")
(host == "tvplayer.com")
(host == "sapi.tvplayer.com")
(host == "api.tvplayer.com")
(host == "www.gamefront.com")
(url.indexOf("proxmate=uk") != -1)
(host == "channel4.com")
(host == "ais.channel4.com")
(host == "pandr.my.channel4.com")
(host == "all4nav.channel4.com")
(host == "4id.channel4.com")) { return 'PROXY uk-node.proxmate.me:8008' } else if ((host == "link.theplatform.com")
(host == "discidevflash-f.akamaihd.net")
(host == "api.geoip.dp.discovery.com")
(host == "vidtech.cbsinteractive.com")
(host == "vidtech.cbsima.com")
(host == "om.cbsi.com")
(host == "media.mtvnservices.com")
(host == "api-manga.crunchyroll.com")
(host == "crunchyroll.com")
(host == "www.crunchyroll.com")
(host == "cdn.wwtv.warnerbros.com")
(host == "hlsioscwtv.warnerbros.com")
(host == "media.cwtv.com")
(host == "servicesaetn-a.akamaihd.net")
(host == "live.mlssoccer.com")
(host == "tvewnbc-i.akamaihd.net")
(host == "tvenbceast-i.akamaihd.net")
(host == "nbcmpx-vh.akamaihd.net")
(host == "www.pandora.com")
(host == "video.pbs.org")
(host == "ga.video.cdn.pbs.org")
(host == "urs.pbs.org")
(host == "play.spotify.com")
(host == "www.spotify.com")
(host == "play.spotify.edgekey.net")
(host == "www.iheart.com")
(host == "api2.iheart.com")
(host == "api.iheart.com")
(host == "iheart.com")
(host == "nick.mtvnimages.com")
(host == "sni-vh.akamaihd.net")
(host == "api.segment.io")
(host == "www.vevo.com")
(host == "vevo.com")
(host == "apiv2.vevo.com")
(host == "songza.com")
(host == "new.songza.com")
(host == "www.daisuki.net")
(host == "bngn-vh.akamaihd.net")
(host == "bngnwww.b-ch.com")
(host == "www.hbogo.com")
(host == "catalog.lv3.hbogo.com")
(host == "profile.lv3.hbogo.com")
(host == "profile.hbogo.com")
(url.indexOf(".lv3.hbogo.com") != -1)
(host == "register.hbogo.com")
(host == "play.hbogo.com")
(host == "smetrics.hbogo.com")
(url.indexOf(".lv3.cdn.hbo.com") != -1)
(host == "comet.api.hbo.com")
(host == "play.google.com")
(host == "checkout.google.com")
(host == "store.google.com")
(host == "apis.google.com")
(host == "amc350888def-vh.akamaihd.net")
(host == "a564avoddashnsus-a.akamaihd.net")
(host == "atv-ps.amazon.com")
(host == "www.amazon.com")
(host == "amazon.com")
(host == "fls-na.amazon.com")
(host == "phds-vod.cdn.turner.com")
(host == "token.vgtf.net")
(host == "www.ondemandkorea.com")
(host == "www.fxnetworks.com")
(host == "fxvcms-f.akamaihd.net")
(host == "tvetelemundo-vh.akamaihd.net")
(host == "feed.theplatform.com")
(host == "fsvideohds-vh.akamaihd.net")
(host == "watchable.com")
(host == "cilhlsvod-f.akamaihd.net")
(host == "oxygenvod-vh.akamaihd.net")
(host == "tvesyfy-vh.akamaihd.net")
(host == "www.smithsonianchannel.com")
(host == "brightcove01.brightcove.com")
(host == "edge.api.brightcove.com")
(host == "www.eonline.com")
(host == "link.theplatform.com")
(host == "api.listenlive.co")
(host == "playerservices.streamtheworld.com")
(host == "player.listenlive.co")
(url.indexOf("live.streamtheworld.com") != -1)
(host == "www.cartoonnetwork.com")
(host == "www.viki.com")
(host == "\\"www.viki.com")
(host == "www.origin.com")
(host == "ht.cdn.turner.com")
(host == "aolvideoshd-vh.akamaihd.net")
(host == "syn.5min.com")
(host == "stvideos.5min.com")
(host == "www.showtime.com")
(host == "secure.showtime.com")
(url.indexOf(".vgtf.net") != -1)
(host == "phds-live.cdn.turner.com")) { return 'PROXY us-node.proxmate.me:8008' } else if ((host == "livestreams.omroep.nl")
(host == ".npostreaming.nl")
(host == "ida.omroep.nl")
(host == "npoplayer.omroep.nl")
(host == "www.zapp.nl")
(host == "tellerapi.omroep.nl")
(host == "e.omroep.nl")
(url.indexOf("proxmate=nl") != -1)) { return 'PROXY nl-node.proxmate.me:8008' } else if ((host == "tvthek.orf.at")
(host == "apasfiisl.apa.at")
(host == "orf.oewabox.at")
(host == "atvplus.oewabox.at")
(host == "cdn.atv.at")
(url.indexOf("proxmate=at") != -1)
(host == "hdsvodsportsman-vh.akamaihd.net")
(host == "streamaccess.unas.tv")
(host == "www.laola1.tv")
(host == "www.livestation.com")
(host == "livestation.com")
(url.indexOf(".emigrantas.tv") != -1)) { return 'PROXY at-node.proxmate.me:8008' } else if ((host == "netflix.com")
(host == "www.netflix.com")
(host == "cbp-us.nccp.netflix.com")
(host == "secure.netflix.com")
(host == "api-global.netflix.com")
(host == "ichnaea.netflix.com")
(host == "customerevents.netflix.com")
(host == "s.thebrighttag.com")
(url.indexOf("proxmate=us") != -1)
(url.indexOf("proxmate=us") != -1)) { return 'PROXY usnet-node.proxmate.me:8008' } else if ((host == "s.hulu.com")
(host == "www.funimation.com")
(host == "wpc.8c48.edgecastcdn.net")
(host == "southpark.cc.com")
(host == "api.utils.watchabc.go.com")
(host == "www.dramafever.com")
(host == "www.logotv.com")
(host == "api.watchabc.go.com")
(host == "theanimenetwork.com")
(host == "huluim.com")
(host == "www.hulu.com")
(host == "t2.hulu.com")
(host == "urlcheck.hulu.com")
(host == "t.hulu.com")
(host == "s.hulu.com")
(host == "play.hulu.com")
(host == "t2.huluim.com")) { return 'PROXY ush-node.proxmate.me:8008' } else if ((host == "player.ooyala.com")
(host == "l.ooyala.com")) { return 'PROXY auv-node.proxmate.me:8008' } else if ((host == "web-api-us.crackle.com")
(host == "legacyweb-us.crackle.com")) { return 'PROXY us2-node.proxmate.me:8000' } else if ((host == "counter.yadro.ru")
(host == "turbik.tv")
(host == "player.rutv.ru")
(host == "api.rutv.ru")
(host == "cdnng.v.rtr-vesti.ru")
(host == "player.vgtrk.com")
(url.indexOf("proxmate=ru") != -1)
(host == "stream.1tv.ru")
(host == "mobdrm.1tv.ru")) { return 'PROXY ru-node.proxmate.me:8008' } else if ((host == "security.video.globo.com")
(host == "api.globovideos.com")
(host == "s.videos.globo.com")
(host == "gshow.globo.com")
(host == "voddownload02.video.globo.com")
(host == "secure.nuuvem.com")) { return 'PROXY br-node.proxmate.me:8008' } else { return 'DIRECT'; }}"
FF Extension: (MEGA) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\firefox@mega.co.nz.xpi [2017-01-08]
FF Extension: (Proxmate) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-04-17]
FF Extension: (Adblock Plus) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default [2017-01-11]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (uBlock Origin) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-20]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-09-30] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4649000 2015-09-16] (Binary Fortress Software)
R2 Ds3Service; C:\Program Files\PS3 Controllers\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119176 2017-01-10] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2181648 2017-01-10] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-09-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2016-09-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WinSnare; C:\Users\Marvin\AppData\Roaming\WinSnare\WinSnare.dll [775168 2017-01-10] (InterSect Alliance Pty Ltd) [File not signed]
S2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [X]
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 cdrombus; C:\Windows\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Windows (R) Codename Longhorn DDK provider)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [62576 2008-12-01] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41096 2008-12-01] (Your Corporation)
S3 MADFUMIDISPORT2010; C:\Windows\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-10] (Malwarebytes)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S3 xb1usb; C:\Windows\System32\DRIVERS\xb1usb.sys [42760 2016-02-21] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-10 18:18 - 2017-01-10 18:18 - 00000548 _____ C:\Users\Marvin\Desktop\Scan_170110-181758.txt
2017-01-10 18:00 - 2017-01-10 18:22 - 00000000 ____D C:\EEK
2017-01-10 15:49 - 2017-01-10 15:49 - 00007995 _____ C:\Users\Marvin\Desktop\Response.txt
2017-01-10 13:43 - 2017-01-10 13:43 - 00003184 _____ C:\Users\Marvin\Desktop\JRT.txt
2017-01-10 13:41 - 2017-01-10 13:41 - 01663040 _____ (Malwarebytes) C:\Users\Marvin\Desktop\JRT.exe
2017-01-10 13:29 - 2017-01-10 13:29 - 03988944 _____ C:\Users\Marvin\Desktop\AdwCleaner.exe
2017-01-10 12:56 - 2017-01-10 12:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\WinSnare
2017-01-10 12:56 - 2017-01-10 12:56 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.0.4)
2017-01-10 12:56 - 2017-01-10 12:56 - 00000000 ____D C:\Program Files (x86)\dnw8sjuw
2017-01-10 12:53 - 2017-01-10 12:53 - 00000000 ____D C:\Windows\system32\appmgmt
2017-01-09 13:29 - 2017-01-10 14:04 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-09 13:29 - 2017-01-09 13:29 - 00000993 _____ C:\Users\Public\Desktop\Origin.lnk
2017-01-09 13:29 - 2017-01-09 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2017-01-09 13:28 - 2017-01-10 14:04 - 00000000 ____D C:\Users\Marvin\AppData\Local\Origin
2017-01-09 13:20 - 2017-01-09 13:20 - 55364064 _____ (Electronic Arts) C:\Users\Marvin\Downloads\OriginThinSetup.exe
2017-01-08 20:50 - 2017-01-11 09:15 - 00000000 ____D C:\FRST
2017-01-08 20:49 - 2017-01-08 20:49 - 00019582 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-01-08 20:49 - 2017-01-08 20:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARVINS_PC-Windows-7-Ultimate-(64-bit).dat
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\RegBackup
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-01-08 20:48 - 2017-01-08 20:49 - 05766144 _____ (Tweaking.com) C:\Users\Marvin\Downloads\tweaking.com_registry_backup_setup.exe
2017-01-08 20:36 - 2017-01-08 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-08 16:49 - 2017-01-09 01:14 - 00001290 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 16:49 - 2017-01-09 01:14 - 00001278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-08 16:49 - 2017-01-08 16:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-08 16:49 - 2017-01-08 16:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-08 16:48 - 2017-01-08 16:48 - 01065376 _____ (Google Inc.) C:\Users\Marvin\Downloads\ChromeSetup.exe
2017-01-08 16:17 - 2017-01-10 18:07 - 00000000 ____D C:\Program Files\LAT8TQJDDX
2017-01-08 16:17 - 2017-01-10 18:06 - 00000000 ____D C:\Users\Marvin\AppData\Local\UVFmedia
2017-01-08 16:16 - 2017-01-10 18:07 - 00000000 ____D C:\Program Files\IJD61O2L61
2017-01-08 15:50 - 2017-01-11 09:15 - 00000000 ____D C:\Users\Marvin\Desktop\Fixing things
2017-01-08 15:43 - 2017-01-10 13:33 - 00000000 ____D C:\AdwCleaner
2017-01-08 15:29 - 2017-01-08 15:29 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-08 15:25 - 2017-01-10 15:52 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-08 15:23 - 2017-01-08 19:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-08 15:23 - 2017-01-08 15:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-08 15:23 - 2017-01-08 15:23 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-08 15:23 - 2017-01-08 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-01-08 15:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-08 15:22 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Windows\system32\SSL
2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Users\Marvin\AppData\Local\Downloaded Installations
2017-01-08 15:20 - 2017-01-08 15:20 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Ergickmidution
2017-01-08 14:14 - 2017-01-10 18:07 - 00000000 ____D C:\Users\Marvin\AppData\Local\Upmedia
2017-01-08 14:14 - 2017-01-10 18:07 - 00000000 ____D C:\Program Files (x86)\Mapadomcoaveck
2017-01-08 14:14 - 2017-01-10 18:06 - 00000000 ____D C:\Program Files\EET2FMBFLG
2017-01-08 14:14 - 2017-01-08 14:14 - 00006056 _____ C:\Windows\System32\Tasks\Wuzapyfuqerch Update
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\system32\sstmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 _____ C:\TOSTACK
2017-01-05 20:48 - 2017-01-05 22:26 - 01445154 _____ C:\Users\Marvin\Desktop\Die Einführung des Mindestlohns.pptx
2017-01-02 13:54 - 2017-01-02 20:11 - 04767777 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation (1).pptx
2017-01-02 13:10 - 2017-01-02 14:52 - 00000000 ____D C:\Users\Marvin\Documents\Darkest
2017-01-02 13:09 - 2017-01-02 13:09 - 00003332 _____ C:\Windows\System32\Tasks\SessionControlAgent
2017-01-02 13:09 - 2017-01-02 13:09 - 00000937 _____ C:\Users\Marvin\Desktop\Darkest Dungeon.lnk
2017-01-02 12:56 - 2017-01-02 12:56 - 04510004 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation.pptx
2016-12-29 18:19 - 2016-12-29 18:19 - 00069878 _____ C:\Users\Marvin\Downloads\15696174_10210872013973089_1280108056_o.jpg
2016-12-29 18:18 - 2016-12-29 18:18 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG (2).PDF
2016-12-29 18:12 - 2017-01-03 00:44 - 00000000 ____D C:\Users\Marvin\Desktop\Virtual Reality Präsentation
2016-12-29 13:47 - 2016-12-29 13:47 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\SmartSteamEmu
2016-12-29 13:42 - 2016-12-29 13:42 - 00000000 ____D C:\Users\Marvin\AppData\LocalLow\Monomi Park
2016-12-28 19:51 - 2016-12-28 19:51 - 00077824 _____ ( ) C:\Users\Marvin\Downloads\guiformat.exe
2016-12-28 19:19 - 2016-12-28 19:19 - 00188133 _____ C:\Users\Marvin\Downloads\Fat32FormatterEN.zip
2016-12-22 19:56 - 2016-12-22 19:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\AMD
2016-12-22 19:11 - 2016-12-22 19:11 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv] (1).torrent
2016-12-22 19:09 - 2016-12-22 19:09 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv].torrent
2016-12-22 14:02 - 2016-12-22 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 19:42 - 2016-12-21 19:54 - 82345072 _____ C:\Users\Marvin\Downloads\Ace_Stream_Media_3.1.12.1.exe
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-18 23:46 - 2016-12-18 23:46 - 11273864 _____ C:\Users\Marvin\Downloads\AerialTraining.zip
2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\UnrealEngine
2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\DeadByDaylight
2016-12-17 14:51 - 2016-12-17 19:28 - 00000000 ___RD C:\Users\Marvin\Desktop\Drum Rack DnB Project
2016-12-16 13:54 - 2016-12-16 13:54 - 00000000 ____D C:\Users\Marvin\Desktop\.midi files
2016-12-15 16:05 - 2016-12-15 16:41 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\discord
2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Local\Discord
2016-12-15 16:04 - 2016-12-15 16:05 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Marvin\Downloads\DiscordSetup.exe
2016-12-14 14:36 - 2016-11-21 19:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-14 14:36 - 2016-11-21 19:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-14 14:36 - 2016-11-21 19:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-14 14:36 - 2016-11-20 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-14 14:36 - 2016-11-20 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-14 14:36 - 2016-11-20 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-14 14:36 - 2016-11-20 16:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-14 14:36 - 2016-11-20 15:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 14:36 - 2016-11-17 17:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-14 14:36 - 2016-11-10 17:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 14:36 - 2016-11-10 17:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 14:36 - 2016-11-09 17:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-14 14:36 - 2016-11-09 17:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-14 14:36 - 2016-11-09 17:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-14 14:36 - 2016-11-09 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-14 14:36 - 2016-11-06 17:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 14:36 - 2016-11-06 17:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 14:36 - 2016-11-06 17:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 14:36 - 2016-10-27 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-14 14:36 - 2016-10-27 16:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-14 14:36 - 2016-10-11 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-14 14:36 - 2016-10-11 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-14 14:36 - 2016-10-11 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-14 14:36 - 2016-10-11 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-14 14:36 - 2016-10-11 16:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-14 14:36 - 2016-10-11 16:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 14:36 - 2016-10-11 16:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-14 14:36 - 2016-10-11 16:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 14:36 - 2016-10-11 15:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-14 14:36 - 2016-10-11 15:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-14 14:36 - 2016-10-11 15:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-14 14:36 - 2016-10-11 15:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-14 14:36 - 2016-10-11 15:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-14 14:36 - 2016-10-11 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 14:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 14:36 - 2016-10-11 14:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-14 14:36 - 2016-10-08 14:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-14 14:36 - 2016-10-04 16:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-13 12:59 - 2016-12-13 12:59 - 00000000 ____D C:\Users\Marvin\AppData\Local\Chromium

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-11 09:15 - 2015-09-05 14:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-11 09:10 - 2016-04-06 17:26 - 00000000 ___RD C:\Users\Marvin\Dropbox
2017-01-11 09:09 - 2016-04-06 17:24 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-11 09:09 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-11 00:26 - 2016-08-31 12:44 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-01-11 00:25 - 2015-09-07 00:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-11 00:25 - 2015-09-05 22:31 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\TS3Client
2017-01-11 00:21 - 2015-09-28 17:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Origin
2017-01-10 23:47 - 2016-04-06 17:24 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-10 23:25 - 2015-09-07 00:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 23:25 - 2015-09-07 00:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 23:25 - 2015-09-07 00:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 23:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-10 23:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-10 23:17 - 2015-09-18 23:51 - 00000000 ____D C:\Users\Marvin\AppData\Local\Battle.net
2017-01-10 22:47 - 2015-09-18 23:49 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-10 20:51 - 2015-09-28 17:52 - 00000000 ____D C:\ProgramData\Origin
2017-01-10 18:30 - 2015-09-18 23:27 - 00000000 ____D C:\Users\Marvin\AppData\Local\Spotify
2017-01-10 18:30 - 2015-09-18 23:25 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Spotify
2017-01-10 18:16 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-10 18:16 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-10 18:14 - 2009-07-14 06:13 - 00743506 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-10 18:14 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-10 18:06 - 2016-05-06 13:41 - 00000000 ____D C:\Users\Marvin\Desktop\install_patch
2017-01-10 17:39 - 2015-09-05 16:23 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-10 12:53 - 2015-10-17 15:06 - 00000000 ____D C:\Program Files\Java
2017-01-09 13:36 - 2015-09-23 20:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\CrashDumps
2017-01-09 01:15 - 2015-09-05 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-09 01:14 - 2015-09-05 14:54 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-09 01:08 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-01-08 20:09 - 2015-09-18 13:58 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\vlc
2017-01-08 19:12 - 2015-09-13 14:16 - 00000000 ____D C:\Windows\system32\MRT
2017-01-08 19:10 - 2015-09-13 14:16 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-08 16:49 - 2015-09-05 14:40 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-08 16:17 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-01-08 14:31 - 2015-09-05 22:16 - 00000000 ____D C:\Users\Marvin\AppData\Local\ElevatedDiagnostics
2017-01-02 22:20 - 2015-09-10 15:32 - 00000000 ____D C:\Program Files\PeerBlock
2016-12-30 22:17 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-12-29 13:46 - 2015-10-14 10:10 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2016-12-28 20:17 - 2016-04-18 17:44 - 00000000 ____D C:\Users\Marvin\AppData\Local\Windows Live
2016-12-22 16:13 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-12-22 14:02 - 2016-04-06 17:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-19 20:48 - 2016-08-11 17:53 - 00000000 ____D C:\Windows\rescache
2016-12-17 21:14 - 2016-07-22 10:14 - 00000000 ____D C:\Users\Marvin\Documents\ManiaPlanet
2016-12-17 21:06 - 2016-07-22 10:14 - 00000000 ____D C:\ProgramData\ManiaPlanet
2016-12-15 16:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-15 16:48 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\assembly
2016-12-15 16:05 - 2016-01-04 18:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\SquirrelTemp
2016-12-15 08:19 - 2009-07-14 03:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-15 08:18 - 2009-07-14 05:45 - 00509392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\en-US
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-15 00:17 - 2015-09-05 14:41 - 00734476 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-14 14:44 - 2015-09-06 20:15 - 00013553 _____ C:\Users\Marvin\Desktop\Pushups Crunches.xlsx
2016-12-14 14:37 - 2015-09-07 11:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 14:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-13 12:59 - 2015-09-05 14:57 - 00000000 ____D C:\Users\Marvin\AppData\Local\Steam
2016-12-12 23:52 - 2015-12-29 19:00 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Skype

==================== Files in the root of some directories =======

2015-09-17 00:20 - 2015-09-17 00:20 - 0000037 ___SH () C:\Users\Marvin\AppData\Local\20986331705021ca58edc424.96250074
2016-02-19 10:56 - 2016-02-19 10:56 - 0000036 _____ () C:\Users\Marvin\AppData\Local\housecall.guid.cache
2016-01-03 00:59 - 2016-01-05 23:07 - 0007600 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
2015-09-18 16:55 - 2015-09-18 16:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-05 14:45 - 2015-09-05 14:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-07 21:48

==================== End of FRST.txt ============================

Up next the Addition log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Marvin (11-01-2017 09:15:47)
Running from C:\Users\Marvin\Desktop\Fixing things
Windows 7 Ultimate Service Pack 1 (X64) (2015-09-05 13:38:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4016113358-843845156-2686539769-500 - Administrator - Disabled)
Guest (S-1-5-21-4016113358-843845156-2686539769-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4016113358-843845156-2686539769-1002 - Limited - Enabled)
Marvin (S-1-5-21-4016113358-843845156-2686539769-1000 - Administrator - Enabled) => C:\Users\Marvin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM\...\{F6BA3E9F-8637-4DCE-BBA8-75A6A57A9D0B}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Skybox Labs)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Analog Lab 1.2.3 (HKLM-x32\...\Analog Lab_is1) (Version: 1.2.3 - Arturia)
Arturia Software Center 1.2.1 (HKLM-x32\...\Arturia Software Center_is1) (Version: 1.2.1 - Arturia)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bionic Dues (HKLM-x32\...\Steam App 238910) (Version: - Arcen Games, LLC)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.4 - Codeusa Software)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Catalyst Control Center Next Localization BR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DARK SOULS II - Scholar of the First Sin (HKLM-x32\...\DARK SOULS II - Scholar of the First Sin_is1) (Version: - )
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version: - )
DARK SOULS™ II: Scholar of the First Sin (HKLM\...\Steam App 335300) (Version: - FromSoftware, Inc)
Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version: - )
Darksiders II: Deathinitive Edition (HKLM\...\Steam App 388410) (Version: - Gunfire Games)
Darksiders Warmastered Edition (HKLM\...\Steam App 462780) (Version: - KAIKO)
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Discord (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
DisplayFusion 7.3 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.0.0 - Binary Fortress Software)
Distance (HKLM-x32\...\Steam App 233610) (Version: - Refract)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version: - Crows Crows Crows)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DuelystLauncher (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\launcher) (Version: 0.0.9 - Counterplay Games Inc.)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.0.0.2 - GOG.com)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.46.21015 - Electronic Arts)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FlatOut 2 (HKLM\...\Steam App 2990) (Version: - Bugbear Entertainment)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
GameRanger (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\GameRanger) (Version: - GameRanger Technologies)
Gaming Mouse Editor (HKLM-x32\...\GamingMouseEditor) (Version: 13.04.0002 - )
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Industry Giant 2 (HKLM\...\aW5kdXN0cnlnaWFudDI_is1) (Version: 1 - )
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Mafia III (HKLM-x32\...\Mafia III_is1) (Version: - )
MAGIX Common Components 1 (HKLM-x32\...\{38BF501B-F285-4A3B-99E2-09F58A130A59}) (Version: 1.7.0.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 2 (x32 Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B396DA26-0959-44BA-812B-2E6AF4F678E1}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MIDI Control Center 1.2.2 (HKLM-x32\...\MIDI Control Center_is1) (Version: 1.2.2 - Arturia)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 de)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version: - )
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Need For Speed Most Wanted Black Edition version 1.3.0.0 (HKLM-x32\...\Need For Speed Most Wanted Black Edition_is1) (Version: 1.3.0.0 - Mr DJ)
Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.1.0.0 - Electronic Arts)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.5.6379 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Pazera Free MKV to AVI Converter 1.4 (HKLM-x32\...\{EDFA6B29-7667-4FD2-86F3-9835AFCE837A}_is1) (Version: 1.4 - Jacek Pazera)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Project Highrise (HKLM-x32\...\2018730457_is1) (Version: 2.0.0.4 - GOG.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2461 - )
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version: - Microsoft Studios)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Shadow Tactics - Blades of the Shogun 1.1.2 (HKLM-x32\...\{BB762706-65FA-44C1-B2BB-EF29CA88D7CE}_is1) (Version: 1.1.2 - Daedalic Entertainment GmbH)
Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version: - )
Skyborn (HKLM-x32\...\Steam App 278460) (Version: - Dancing Dragon Games)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SNOW (HKLM\...\Steam App 244930) (Version: - Poppermost Productions)
SONAR 8.0 Producer Edition (HKLM-x32\...\SONAR8Producer_x64_is1) (Version: 17.0 - Cakewalk Music Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold (HKLM-x32\...\{97A19679-4C07-4B34-8ACB-D5565C3440FC}) (Version: - )
Stronghold Crusader Extreme HD (HKLM\...\Steam App 16700) (Version: - Firefly Studios)
Stronghold Crusader HD (HKLM\...\Steam App 40970) (Version: - FireFly Studios)
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.4.0.5 - GOG.com)
Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Room (HKLM-x32\...\The Room_is1) (Version: - Fireproof Games)
The Room Two (HKLM\...\Steam App 425580) (Version: - Fireproof Games)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight Ltd.)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
This Is the Police (HKLM-x32\...\This Is the Police_is1) (Version: - )
TOXIKK (HKLM\...\Steam App 324810) (Version: - Reakktor Studios)
Trine 2 (HKLM\...\Steam App 35720) (Version: - Frozenbyte)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-5e1b7663-0639-46c5-882c-a64cefc97f4d) (Version: - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
USB Network Joystick (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: V3.70a - )
Velocibox (HKLM-x32\...\Steam App 317710) (Version: - Shawn Beck)
Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
White Night (HKLM-x32\...\White Night_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{2D7A9DE0-A61B-4555-9E44-8485AE3DB8A8}) (Version: 4.0.4 - WinSnare)
World of Goo (HKLM\...\Steam App 22000) (Version: - 2D BOY)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {015D408D-BFF6-437D-86FD-B4E1CD58743B} - System32\Tasks\Wuzapyfuqerch Update => C:\Program Files (x86)\Mapadomcoaveck\vazering.exe [2017-01-08] (Glarysoft Ltd)
Task: {2075174D-DA69-43F3-B9AC-DB550763ABAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {476E2E3D-7994-4604-83C4-054AF01BD337} - System32\Tasks\SessionControlAgent => C:\windows\mfdvdec.exe
Task: {4F0AE84A-66A1-4265-A761-E8A418FA8722} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
Task: {72D72D62-605D-4038-8B0D-BA0D4EEC48EE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
Task: {A6ECCEEE-5AEE-416B-8968-7A0D124938D0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
Task: {BD6F6ECA-881B-4477-8788-59E26BCE7DBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
Task: {FAC70300-0CF5-4A75-A198-4F098D1518F3} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-08-11] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-29 23:49 - 2015-09-29 23:49 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 19:17 - 2010-01-09 19:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-06-22 13:09 - 2008-12-10 10:10 - 00796784 _____ () C:\Windows\USB Vibration\7906\USB Gamepad.exe
2015-10-01 21:19 - 2016-09-05 13:30 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-01-08 16:49 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-08 16:49 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-08-11 09:22 - 2016-08-11 09:22 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2015-09-05 14:57 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 13:13 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-04-06 17:25 - 2016-11-11 21:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-04-06 17:25 - 2016-11-11 21:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-22 14:02 - 2016-11-11 21:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-04-06 17:25 - 2016-11-11 21:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-22 14:02 - 2016-11-11 21:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-04 23:23 - 2016-11-11 21:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-22 14:02 - 2016-11-11 21:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-22 14:02 - 2016-12-21 19:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-22 14:02 - 2016-12-21 19:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-04-06 17:25 - 2016-11-11 21:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-22 14:02 - 2016-11-11 21:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-22 14:02 - 2016-11-11 21:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-22 14:02 - 2016-12-21 19:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-01-08 15:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-01-08 15:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-01-08 15:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-13 12:59 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-09-05 14:57 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-01-08 15:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-01-08 15:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2017-01-10 13:18 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Local\DisplayFusion\Wallpaper_1
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2C67024C-DC4B-4314-9C8B-057AE5ABCCE8}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52C9B7A2-64FC-4CE1-BE7D-258A25741A08}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD82BC66-3211-4AFF-AB15-A20EE4F7E229}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14E327E9-4066-49A2-8544-495618EE2CDE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{129DBF11-1F8C-497C-AA60-16B561D33EEA}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{169051FB-0C5F-4F54-BC54-4932336D2AB0}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{078093FA-5DAE-4ED3-A4CF-F4E5E7D2CB26}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{9FD1C2D6-7906-4318-A23C-E192FBD43156}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{E553F81E-6859-4F48-8BD2-2B1027A62D75}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E930793D-DE5A-4CA0-B77B-EAF8F6F960D4}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C335B409-E9C8-4696-98D0-FDB4F87DDC36}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{AE233376-CDF0-4D65-BA6A-D33D6365EDC9}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{96230585-A1DA-4710-AF5C-1304C89991D5}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{009D2D9A-0A85-4A44-B40F-73A12D35D250}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8C9891A1-1FA2-477C-BA45-A25FB9B92113}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{F93FD07B-352B-4010-B2CB-1839EFF573C7}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{520998B0-63E3-43A0-A903-3D21DF510F79}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
FirewallRules: [{FD148EBC-ABAF-4294-9F3E-8C76090C81EF}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
FirewallRules: [{7C44DA4A-40FB-4AD2-87D9-1CB8426EFED0}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5D217C4-4EDB-4251-BC68-C42F3E0E8818}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0457E1B-4D27-4302-9D5A-A67794A081CB}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{018665DB-381B-4249-8A7C-88C910A5A92F}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{54458FA4-6EB8-42CC-A80B-FADEAB620123}] => F:\FSetup.exe
FirewallRules: [{BEA043F3-AB1B-4988-85F0-4F6B06C4223E}] => F:\FSetup.exe
FirewallRules: [{14F65062-EB39-4798-9D8A-4D5A865F06B5}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F33CCFB0-60C6-4F2B-998D-0996993D8DD4}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F7270DDA-B899-4893-A56D-642AC3120C51}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{3D086A43-BE50-472F-A1C1-3C8D1E2960FC}] => LPort=5357
FirewallRules: [{22C31F31-C114-49DD-96E9-CE31BA4A42AD}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{54FC33AE-AE9E-4ECF-8184-41857E10B6EA}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BD5A772D-7E44-4759-88BA-48E4A5F96BB5}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{60D11025-A6F7-41DD-8791-AAB06D7F61A6}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
FirewallRules: [{007CC6DF-CC7F-4BA5-BA31-40B240518B72}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
FirewallRules: [{681930F8-C1C6-429C-A186-9A2F769D7D63}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{FE48D0CF-EC49-4097-A142-ED3C5547BC19}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [TCP Query User{647A6EFE-B391-4B64-8951-4EEF599154A4}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{A5F2208D-30E9-49D1-B908-5C959896B1CA}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [{2B504F76-0490-4133-BCBF-5675D3CF0D13}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{B6657BBB-6EBE-4FBA-AADC-973EFEE18990}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{30DA0CC5-6031-49A7-8478-6D4423165B57}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{61AEC935-F92E-4BC0-B732-594F00592BF5}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{FF174677-EDC1-4CE9-94C4-CBEF8A5C2F81}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{014B0979-388C-4777-91AC-801E0E6F89AA}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CCA7CDEB-C500-460E-AE48-A3A68DA060A9}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{311DD911-DC6B-4259-A70B-97694993B5D7}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40F1223A-5435-4EB0-90A7-7D74F4EB51F5}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{A742BC14-4049-4014-BA4D-F3B48792F747}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [TCP Query User{01352EF0-7CB0-49BE-8589-EF386A74FFB5}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [UDP Query User{75D3C9EB-9B38-4358-94E5-4C62D5A6A767}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [{06291B2E-0FB5-4483-B9F0-1D6387714701}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{22583C7A-FB6E-47B6-A2ED-9DCAD531BD51}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{198581A9-1D51-4E9B-AF2A-F55FC1A06106}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{DB0FA115-A0AC-44B0-BFFC-CE32C388E04F}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{5756E919-A02F-42FA-8DA2-3C58C9988CCD}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
FirewallRules: [{A6481242-7297-4090-BD13-1775ADD7A08B}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
FirewallRules: [{E1B3C425-7A16-4AEF-86A9-FFA6FE518590}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
FirewallRules: [{07E23BBF-B0AC-4D8E-9E9B-9EB78818554D}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
FirewallRules: [{0A1D96D5-3C6F-43FB-B3E5-4C229AE224C5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E1B76222-696E-4889-8692-D1A2F162E6E3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{945393B7-0AB3-4867-A835-CFDA8A5D9CA5}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{6800929E-6C93-4D0C-B46D-89C7C172F8E3}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{2681F1A1-F6F4-4CF0-ADE4-591E5C281A3E}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
FirewallRules: [{C18C9176-B8B6-47FF-A573-A35925CF04A1}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
FirewallRules: [{AF66DE81-46C8-4BC0-A8E0-4DCBA79747CA}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
FirewallRules: [{B0852FD9-1130-4FC4-8A6E-2FFF291AE5D1}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
FirewallRules: [{69A0E37D-3266-45B2-BBCA-DA7312B41049}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9AF6C141-AF24-4985-A26E-FFA0149C8E60}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2C340C38-0B26-4BA8-8449-50F45EF51956}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E6620324-6937-4A32-9DCF-FD5AA0EC06F3}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{6C67B8D7-6D29-46E7-8C9F-C5CA4A2AA24E}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{C1C44579-42E9-45DE-8718-75E7555A834B}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{49D0AF96-8BA0-498D-82F0-6BED639B3F00}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{43E90CDC-71DE-463D-B12D-1A75D722412D}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{12BAE19A-1AA1-44FB-BE77-8960E239E938}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{16E8671D-B9D1-4115-861C-4C167191E8D2}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{C19518B1-FB8E-4656-8B09-36379EDBAB17}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [UDP Query User{9C3F3F23-32BA-4B53-AED4-671063BE47DD}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [TCP Query User{0D50C0B1-AE55-4CDC-A8E2-83FE8CCA1A40}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
FirewallRules: [UDP Query User{600D271E-D530-45C6-BDA2-5BD835F3CBCC}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
FirewallRules: [{DF9637FE-9271-4755-83CA-64EC22124DCC}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A4640C5F-93EF-475F-A849-544277DA8FBD}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BC065E74-9DFB-44F7-9093-3E8B5D901608}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9C45B3AC-4CB2-459A-8422-778B25383CB9}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{5E83E391-249A-4DB4-BE6C-F854329B3442}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{2FF6C920-B74A-4E0D-819E-D56337F2EB23}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{E27BAD56-AB74-4D21-A893-336DD260CACE}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [{2CABC0C9-2329-4A54-823E-E74629960D96}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{4A2ED845-1DBE-4666-9E54-CFDE0337583A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{763DE35C-D07C-4A62-B596-91BE2DAA1FFD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{7F45ABBA-92AF-4F8D-8BF8-27270D43A9C1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{6003E9CD-A138-4031-B09D-9D65D7BAAFF1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{A79D523A-6610-4CE5-9EF4-0C43F9F0B3DD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{6D24357E-B5EE-42E2-A7BF-ED36973295EB}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{9D9F7801-388C-49AB-82A7-74FFD38BDC4D}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{CC3BEC4B-F9EA-4A41-A74B-DBE5B5ADFE0A}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{DF06961E-9960-4F51-B55F-47624BEEB7DA}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{F15ED7ED-329F-4608-9F58-C420C07DE427}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{E5B1B159-E816-460F-BF5C-8BB6AC88CA6F}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{B443FBA7-2848-4CFC-812E-5151B025666F}] => D:\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{05950F9F-92DE-40E3-B8F0-D5F0B7FED4FF}] => D:\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{8992FF96-67B3-4CAB-BB72-ADE46920965C}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B4E7D120-3B2C-4175-B5A8-0BDDB77B3DF5}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{0AF7D012-5356-4BEA-A25D-A8A5F5525E3D}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{23FCFBDE-AFA6-4D7D-AD8E-58F54863334F}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{B34222C4-CF8D-4912-828B-98D66889BDB0}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{08313B4B-831B-4D22-89C7-A2446F2DC868}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{6EA2A39E-D5CE-4E6F-97B1-FC72AA45D541}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
FirewallRules: [{625DD56D-7837-4399-A13C-8988BBACBB28}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
FirewallRules: [{40891563-B988-46EA-9820-B7C5E464B166}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{50E31DE1-BCEB-43B2-A993-F186683BB640}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{3D9C6597-B922-4202-B955-03224C20A984}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{190A8C82-862C-4A73-B3BD-1F951E22AAF2}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{7219BC4D-3E4F-4576-988B-00DBABE989E7}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{0694F81E-A89C-4A66-977E-7F5CF48BE772}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{7CA5FEF0-87EA-4438-9DD0-17B73E15EAE5}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{D636D9FA-939C-4B65-A172-66F716596E13}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{3CDF4703-E5D5-4713-8862-17CA78560788}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{EAFF5FFF-7F7C-46CD-BAD7-84E1011B35AF}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [TCP Query User{55482BD3-AA22-4146-AA31-442043D5DDF9}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
FirewallRules: [UDP Query User{CE7A66C2-99D4-4A01-9C2E-DA0E4D070019}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
FirewallRules: [{BD410568-C2D8-4E75-B531-B9981040E885}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C6C5A191-9C82-4C67-B429-EA617663A79F}] => LPort=2869
FirewallRules: [{20479539-82B1-413E-8E2E-9FDE981C278A}] => LPort=1900
FirewallRules: [{21CC8884-23C9-440F-B3FC-8054362CEF46}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
FirewallRules: [{58D02992-1E07-43F8-86BD-440A307566FF}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
FirewallRules: [TCP Query User{DC6D1EED-0862-4BA2-B3CF-13D041B47EB2}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{541CC553-77EB-40FE-A7EE-350BD99116AA}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
FirewallRules: [{5A52CCD4-9F08-4721-BC33-33143B7BF968}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
FirewallRules: [{D5E5EEFD-2B94-4B86-9B43-19569D6E6218}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
FirewallRules: [{A0B1201F-2DEA-4133-904A-9A3E134C56BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{3FB5DB0B-A1E0-48EF-A7F9-1E11620B88BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{604CA1CF-3DA8-4987-AE2D-8F1AC569A4FE}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{3F247AF4-BCCE-4598-AF4B-F570DDE0DC4F}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{C780D536-056F-46C2-89F9-C75A4AD8D85E}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{44BE9D03-20AF-4F1E-9C20-C00BB9F15CF8}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{C3F8211B-A747-4C36-8FA7-BCD51262422F}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{50D7A03F-AAB7-4D14-9B3C-F7CB78BAC7CB}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{C813053E-85C3-4FCE-A98F-F64AB377515C}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{02AEF83E-A419-4848-9A95-BF8F65230AB4}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{A6270AD3-B51A-4767-B29E-5230302EBC74}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{BB18A7A7-A6AE-41F9-A3D2-3BA26932ABF8}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{62E27FF0-8270-41AE-A1AA-61425B2814CA}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{E2AA4C60-776A-478C-884C-4277DDCB44C5}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [TCP Query User{B36987E6-DA30-41C1-B78F-88FEB396BA37}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{F0EA91A2-71BF-492F-8A89-D459AAA35E2A}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{985B2F18-0DA9-4BE0-9519-79F679DAF809}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{6496500F-62C6-4B53-B07B-F5A3A211FC46}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{3DC9802E-1254-43AA-ACA9-ED0848637A91}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
FirewallRules: [{04B5B5DA-723A-4013-AD21-D79F57877A2C}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
FirewallRules: [TCP Query User{A3BA3E4F-10F1-4871-B872-8D0FBFA3BE0D}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
FirewallRules: [UDP Query User{4C132067-F08A-42B9-AF92-79749DDC6A03}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
FirewallRules: [{130362D6-B9CE-4064-897B-2F85AB365F5E}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{BACF3C9F-C771-40FB-9B3C-5A2BE79A8076}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [TCP Query User{6DC74B46-5DE6-4DEE-99F0-2ECE7EEEDBF6}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{27DDE796-950E-4045-AD88-DDFD83D9AE2A}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6CAFCF52-E329-419A-A260-16B830758CFE}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{E2141F5F-AE7B-4B46-9164-7B97AF28B215}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{157414F4-28E8-414E-8121-BF5BE1627F46}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{13CED9B7-DE2A-4F03-8652-2487A048341E}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{790B1BDF-25FA-454E-9D64-D9487D636CF2}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{F4AE393F-F1BF-497F-8EED-ED76D40F316F}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [TCP Query User{11F1608C-BFF3-47F3-929A-7DD7C89EF38D}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{C9965CC4-661C-4F6F-B4B3-7DD71C96796C}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{2841BF19-E797-4C58-B406-40F14C5F83F3}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [UDP Query User{75B87E49-279D-481E-AB57-53A5FB1F2833}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [{7EC9ED00-0873-4C75-98C7-8B1B633473B1}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB6F2570-1429-41C0-8DDC-22EC64725726}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB7D1C11-C2EA-4466-A264-DB2CBC34A0AD}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D2784565-EED7-413F-A033-4C79CC252477}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{03D858A8-891C-45F4-9ADE-6B03801E9B72}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{58A2C62B-3121-4CCF-B5B8-A724C6D8ABC8}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6931E6E7-A38E-415A-9A10-475B778FD92A}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D18B0565-4C37-4AB0-997F-9215093FDC82}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{68E05207-A717-49D8-B227-6B575701B61C}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{9267A602-1433-435C-AF13-D703F9C957BA}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{A4A353D7-A425-41D6-BFC4-3A085F8808BA}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{A301EB7D-7BD7-4C8E-A414-F5FA3B226930}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{0B217961-2D9E-4F00-A7BD-E6F72648CFD9}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{8B98E7E3-1C8A-465E-BE5E-83412440DD24}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{3ABD7847-D2A9-4274-9D03-FBF5F09D0EA6}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{BDBE934F-3142-416F-B96F-CB24F1C31F67}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{15FB6868-48F4-4F51-A837-A87160D1B72C}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{A8B4C5E4-3156-45B5-8468-6F7629C8CDAC}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [TCP Query User{978249A7-E3CA-4254-AA17-FD7FFC4EDF3D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
FirewallRules: [UDP Query User{972369D7-BF66-41B7-ADFC-FCBCF9908D7D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
FirewallRules: [{C8D576DD-9C55-467F-A9F1-A20256AB7B27}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{E1AE626D-105E-479C-9708-7663599A4724}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [TCP Query User{2130A400-1A75-4E97-8252-B394C98186F0}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
FirewallRules: [UDP Query User{A94C4A47-B01E-426C-9D8F-33E75F426213}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
FirewallRules: [{AFD55FF9-6C2C-4514-AD82-63B8C7BEF230}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{75750E89-6CEA-44E1-8327-B37BDF9F380B}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{EB0573A6-634F-42A9-8DC3-015C818D0BAF}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{C29F4CB3-CF7E-4909-946B-BE24CE91E86C}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{8CDAEB39-36B6-4964-ABD1-84DAF026AE3C}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9FF1126F-CE84-46F0-97CF-B283362D70CA}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
FirewallRules: [{2A41F4F2-B79A-4047-BE74-9EFA19E292EC}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{3370B26E-1739-400F-A0BC-04D343CA49D1}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{0E1EF994-DE8D-4AF9-B260-D3EB90382EE0}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E8FFAB56-AC8A-40C5-AC11-2A37607C0D90}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A2E6A700-BF36-4C8D-B0AC-44DBE087EB4E}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{499F64A3-381C-49E2-AF09-F10230E83B6D}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{3983C252-EAC3-4D0E-A37D-01EC41D8474E}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
FirewallRules: [{F3FBB721-9D63-4EA8-A938-4C97538C2143}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
FirewallRules: [{46398286-1FEA-426F-9352-7C75E07C02CB}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{60436BA4-6FAE-4446-8D67-FFC7E56952BC}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{D684CC3E-1515-4DA8-9E90-BF08D90E7934}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{77435157-5E03-47C1-8472-50EACA04C981}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{8B18436B-95F7-4998-A0BF-1F102B9AE7D8}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{C09F3631-6BD3-4F25-B747-521A6F57618E}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{1B759394-8789-4751-838D-11F65701AFA4}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{C7F5C3B3-76DF-4300-9BE1-5013C9DB4CEE}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [TCP Query User{0A88EE2A-FF4E-46CA-BF41-0E2EB85B0486}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{DE40AC2E-F40D-4C27-B630-A191B1DE905B}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{B5DDBC43-4B11-4512-805A-E775531D17EB}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{FD8FBE4C-B561-4F5C-B6F0-14CE5AD0CA56}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{7118BBCB-A4F8-466B-93C7-5FB3BA2A4C90}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
FirewallRules: [{1CFF5713-B412-4B15-A9EC-CF7AAF69D257}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
FirewallRules: [{114858E4-0739-48E6-94B8-BC3213F24CD0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F10342DA-92E9-4D88-8D51-61B9267D1D36}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EAEC0EA-C0BB-4E3E-8832-4E544D909F05}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{3F29D248-1DC4-4EFC-8560-0E340DCDDD10}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{CA1C2292-723D-4293-86B5-29BF865C588F}] => D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{B89451EE-ADF6-4063-8614-6B0863BA77C6}] => D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{A5C03161-B532-48BB-82BE-5AC252B0FD34}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{F4C26E9B-1BD7-4740-A63B-3F93CCAFA520}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{2830D4EF-D390-4440-AC61-38F232CBFD10}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{865F1A64-5F18-4C6F-A842-5EA3237CCC24}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{EBBE5780-1B68-47F0-A938-798E0644DD1A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{125EDD41-CEB4-4BE6-BB51-17AA8DFFC594}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{13D6559F-0FE8-472D-9E34-FB3D6212F4CE}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{9F978A16-3502-4FBD-8D72-F5D58AC5B7BF}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{5AD4D3F5-4002-4E09-AE84-477A49FBBF61}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{43C1460F-374A-4D44-A2FB-DD2470405923}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{3B5F0660-1479-4781-8580-F69A0CE5D620}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{C118E5A3-1C55-462B-9785-C4C8C6553341}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{1154AE4E-08F0-4B7B-98A2-03DCD8E16BBA}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{7CD7D6B1-C654-4A9B-8B5E-93A93FA368DB}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{8AD68C55-30F1-4739-8CB2-9359FB15CF9D}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{9A92B0CA-3BBA-4D42-8613-1ECB0DD15BFB}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{3988CA20-3C73-4F09-A1EA-DEC8F707F0CD}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{51425A23-ADBF-464E-9D46-8AEA57E1BB88}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [UDP Query User{8CD45599-0FE4-44C4-AB50-7D61AD418F4A}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [TCP Query User{E221ACA7-1FBF-444A-AD79-DD9CAB0F49CE}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [UDP Query User{F999516F-69B3-4131-8DF3-CAB98992EB7A}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [{F44EE477-681E-4B9F-92FF-1F98466C034F}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E750B4EC-C8E4-41B5-9240-8F0EDFFC5BBD}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{122BFDFA-1959-4CAA-93F3-DDA9DC4B5F6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4E929476-67EE-46A7-B76E-5D116182B0E7}] => C:\Windows\system32\config\systemprofile\AppData\Local\BrowserAir\Application\BrowserairExec.exe
FirewallRules: [{52EBB30D-A239-49E2-B034-3B922953CD98}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{F6E87014-1351-4E4D-BFCC-66660ED284B3}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{33125EE8-BC3A-4799-8732-40F7483D6B4D}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{F5206AB4-DBF3-4024-9F1A-32E3E4EDC161}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BA143414-48AC-4681-9ADF-07E7D762377D}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{7DFB1AFB-9049-4773-AFBD-105D1A9D1667}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/11/2017 09:09:49 AM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/10/2017 06:08:18 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/10/2017 03:50:06 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

Error: (01/10/2017 03:36:32 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/10/2017 03:09:19 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/10/2017 03:08:43 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/10/2017 03:08:29 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/10/2017 03:08:24 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/10/2017 03:03:38 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (01/10/2017 02:26:38 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error


System errors:
=============
Error: (01/11/2017 09:10:21 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/11/2017 09:10:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/11/2017 09:10:20 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (01/11/2017 09:09:49 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Chikiing service terminated with the following error:
The specified module could not be found.

Error: (01/10/2017 11:21:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (01/10/2017 06:08:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/10/2017 06:08:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (01/10/2017 06:08:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

Error: (01/10/2017 06:08:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Chikiing service terminated with the following error:
The specified module could not be found.

Error: (01/10/2017 03:50:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


==================== Memory info ===========================

Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 33%
Total physical RAM: 12254.28 MB
Available physical RAM: 8154.14 MB
Total Virtual: 24506.75 MB
Available Virtual: 20329.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:18.93 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:15.57 GB) NTFS
Drive e: (Data) (Fixed) (Total:465.76 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 118BED4E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 1B2569FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 255B7F54)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Juliet
2017-01-11, 16:52
I don't know if the fix is going to work since you named FRST
Running from C:\Users\Marvin\Desktop\Fixing things

We'll give it a try.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => "C:\Program Files\IJD61O2L61\IJD61O2L6.exe"
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => "C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe"
HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
HKU\S-1-5-18\...\Run: [71KFQTEHQA] => "C:\Program Files\EET2FMBFLG\EET2FMBFL.exe"
HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
SearchScopes: HKU\S-1-5-21-4016113358-843845156-2686539769-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [X]
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [X]
C:\Program Files\LAT8TQJDDX
C:\Program Files\IJD61O2L61
C:\Users\Marvin\AppData\Local\Upmedia
EmptyTemp:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

SargeP
2017-01-11, 19:05
Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-01-2017
Ran by Marvin (11-01-2017 17:56:48) Run:2
Running from C:\Users\Marvin\Desktop\Fixing things
Loaded Profiles: Marvin (Available Profiles: Marvin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => "C:\Program Files\IJD61O2L61\IJD61O2L6.exe"
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => "C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe"
HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
HKU\S-1-5-18\...\Run: [71KFQTEHQA] => "C:\Program Files\EET2FMBFLG\EET2FMBFL.exe"
HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
SearchScopes: HKU\S-1-5-21-4016113358-843845156-2686539769-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [X]
S3 EasyAntiCheat; C:\Windows\system32\EasyAntiCheat.exe [X]
C:\Program Files\LAT8TQJDDX
C:\Program Files\IJD61O2L61
C:\Users\Marvin\AppData\Local\Upmedia
EmptyTemp:
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Upmedia => value removed successfully
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ozmics => value removed successfully
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WTVLR6FR20 => value removed successfully
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Windows\CurrentVersion\Run\\HV1V03D1C9 => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\AOPEMA7LGO => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\CH6JD6R59R => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\71KFQTEHQA => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\64QMH4ZJYD => value removed successfully
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => not found.
2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [X] => Error: No automatic fix found for this entry.
HKLM\System\CurrentControlSet\Services\EasyAntiCheat => key removed successfully
EasyAntiCheat => service removed successfully
C:\Program Files\LAT8TQJDDX => moved successfully
C:\Program Files\IJD61O2L61 => moved successfully
C:\Users\Marvin\AppData\Local\Upmedia => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21147321 B
Java, Flash, Steam htmlcache => 45683293 B
Windows/system/drivers => 5320 B
Edge => 0 B
Chrome => 478116424 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 759 B
systemprofile32 => 33192 B
LocalService => 0 B
NetworkService => 0 B
Marvin => 24124115 B

RecycleBin => 2286 B
EmptyTemp: => 550.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:57:01 ====

Juliet
2017-01-11, 19:18
How's the computer now?

SargeP
2017-01-11, 20:22
Ever since we did the Emisoft Scan the popups have stopped. Or at least I think that's when they stopped. Everything seems fine right now. All programs open properly, all websites are displayed correctly. I'll let you know if something comes up in the next few days.

Juliet
2017-01-11, 22:42
Be aware if you run a virus scan with your onboard antivirus you might get an alert or two, from the tools used and their quarantine folders.

Juliet
2017-01-14, 13:15
Ready to remove tools and quarantine folders?

SargeP
2017-01-15, 18:44
Everything seems fine. So, yes!

Juliet
2017-01-15, 22:57
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

*************


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.



Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

SargeP
2017-01-16, 23:59
Removed all the tools. Thanks a lot. I'm guessing we are done here. Really amazing service and overall patience as well as expertise. I really hope this does not happen again and in that case, have an awesome life. Thank you and bye!

Juliet
2017-01-17, 01:53
Yes we're done.

Safe surfing :)

Juliet
2017-01-18, 03:00
Glad we could help. :)

Since this issue appears resolved ... this Topic is closed.