SargeP
2017-01-08, 22:11
Hi, I'm having some real issues with nasty Malware that is not being detected by the programs listed above.
As a disclaimer I will say that my browser does not show all images. And some websites, eg. youtube, do not load properly all together due to the infection. I had to make my account on this forum via my laptop as i could not see the picture that verifies that i am a human. I have had malware in the past but i have always found a way to completely remove it. The malware that I have now started showing itself today but I dont know when I was infected.
Farbar Logs and aswMBR logs following!
Farbar Logs (FRST):
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Marvin (administrator) on MARVINS_PC (08-01-2017 20:51:26)
Running from C:\Users\Marvin\Desktop
Loaded Profiles: Marvin (Available Profiles: Marvin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Scarlet.Crush Productions) C:\Program Files\PS3 Controllers\bin\ScpService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files\IJD61O2L61\IJD61O2L6.exe
() C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
() C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\USB Vibration\7906\USB Gamepad.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6625672 2016-08-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [USB Gamepad] => C:\Windows\USB Vibration\7906\USB Gamepad.exe [796784 2008-12-10] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe [117561 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => C:\Program Files\IJD61O2L61\IJD61O2L6.exe [369664 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe [369664 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [UVFmedia] => regsvr32.exe C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll <===== ATTENTION
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
HKU\S-1-5-18\...\Run: [71KFQTEHQA] => C:\Program Files\EET2FMBFLG\EET2FMBFL.exe [369664 2017-01-08] ()
HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-01-08]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{EB100C81-CB83-4438-99D2-8059C3A5BDFC}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-4016113358-843845156-2686539769-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
FireFox:
========
FF DefaultProfile: 5954ldyi.default
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default [2017-01-08]
FF NetworkProxy: Mozilla\Firefox\Profiles\5954ldyi.default -> autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((host == "www.abc.net.au")
(host == "iview.abc.net.au")
(host == "iviewmetered-vh.akamaihd.net")
(url.indexOf("proxmate=au") != -1)
(host == "livestream.com")
(host == "www.livestream.com")
(host == "api.new.livestream.com")
(host == "player.ooyala.com")
(host == "xnewsvidhd-vh.akamaihd.net")
(host == "www.animelab.com")
(host == "dcgm6i50yfgtk.cloudfront.net")) { return 'PROXY au-node.proxmate.me:8008' } else if ((url.indexOf("proxmate=ca") != -1)
(host == "ici.tou.tv")
(host == "toutvuniver1-vh.akamaihd.net")
(host == "geoip.radio-canada.ca")
(host == "api.radio-canada.ca")
(host == "images.tou.tv")
(host == "player.siriusxm.ca")
(host == "primary.hls-streaming.production.streaming.siriusxm.ca")
(host == "now.sportsnet.ca")
(host == "watch.sportsnet.ca")
(host == "player.9c9media.com")
(host == "metrics.ctv.ca")
(host == "capi.9c9media.com")
(host == "www.ctv.ca")) { return 'PROXY ca-node.proxmate.me:8008' } else if ((host == "arte.tv")
(host == "www.arte.tv")
(host == "geoftv-a.akamaihd.net")
(host == "hdfauthftv-a.akamaihd.net")
(host == "replayftv-vh.akamaihd.net")
(host == "ftvingest-vh.akamaihd.net")
(host == "live.francetv.fr")
(host == "d8.tv")
(host == "www.d8.tv")
(host == "us-cplus-aka.canal-plus.com")
(host == "hds_live_d8_aka-lh.akamaihd.net")
(host == "d17.tv")
(host == "www.d17.tv")
(host == "hds_live_d17_aka-lh.akamaihd.net")
(url.indexOf("proxmate=fr") != -1)
(host == "www.6play.fr")
(host == "geo.6cloud.fr")
(host == "proxy-021.dc3.dailymotion.com")
(host == "proxy-67.dailymotion.com")
(host == "prof.estat.com")
(host == "metrics.dailymotion.com")
(host == "www.dailymotion.com")
(host == "vmap.snappytv.com")) { return 'PROXY fr-node.proxmate.me:8008' } else if ((host == "vod-akamai-psd-hds.p7s1digital.de")
(host == "vas.sim-technik.de")
(url.indexOf("proxmate=de") != -1)
(host == "nightclub.de")
(host == "zdf.de")
(host == "www.zdf.de")
(host == "zdf_hds_de-f.akamaihd.net")
(host == "api.nowtv.de")
(host == "delivestream-lh.akamaihd.net")
(host == "cdnapi.kaltura.com")
(host == "disneychannel.de")
(host == "www.southpark.de")) { return 'PROXY de-node.proxmate.me:8008' } else if ((host == "www.tg4.ie")
(url.indexOf("proxmate=ie") != -1)) { return 'PROXY ie-node.proxmate.me:8008' } else if ((host == "rai.tv")
(host == "www.rai.tv")
(host == "mediapolis.rai.it")
(host == "www.rai.it")
(host == "stream5.rai.it")
(host == "stream6.rai.it")
(host == "stream7.rai.it")
(host == "sspushrai1-s.akamaihd.net")
(host == "sspushrai2-s.akamaihd.net")
(host == "sspushraisport2-s.akamaihd.net")
(host == "sspushrai3-s.akamaihd.net")
(host == "secondary.adaptiveedge.rai.it")
(host == "rai-italia01.wt-eu02.net")
(host == "download.rai.tv")
(host == "mediapolisvod.rai.it")
(host == "ww.rai.tv")
(host == ".xuniplay.fdnames.com")
(url.indexOf("xuniplay.fdnames.com") != -1)
(host == "se-to1-8.se.live3.msf.ticdn.it")
(host == "live.shinystat.com")
(host == "lic.mediaset.net")
(host == "cssr.video.mediaset.it")
(url.indexOf("proxmate=it") != -1)
(host == "www.vvvvid.it")) { return 'PROXY it-node.proxmate.me:8008' } else if ((host == "telecinco.es")
(host == "telecinco1-vh.akamaihd.net")
(host == "www.telecinco.es")
(url.indexOf("proxmate=es") != -1)
(host == "antena3.com")
(host == "www.antena3.com")
(host == "geodesprogresiva.antena3.com")
(host == "rtve.es")
(host == "www.rtve.es")
(host == "ztnr.rtve.es")
(host == "mvodt.lvlt.rtve.es")
(host == "swf.rtve.es")
(host == "cuatro.com")
(host == "www.cuatro.com")
(host == "cuatro1-vh.akamaihd.net")
(host == "peliculas-online.atresplayer.com")
(host == "servicios.atresplayer.com")
(host == "atresplayer.com")
(host == "www.atresplayer.com")
(host == "k.uecdn.es")
(host == "v.uecdn.es")
(host == "as.com")
(host == "ep00.epimg.net")) { return 'PROXY es-node.proxmate.me:8008' } else if ((host == "prosieben.ch")
(host == "www.prosieben.ch")
(host == "s1tv.ch")
(host == "www.s1tv.ch")
(host == "zba2-0-hds-live.zahs.tv")
(host == "embed-zattoo.com")
(host == "chtv.ch")
(host == "www.chtv.ch")
(host == "zba2-1-hds-live.zahs.tv")
(host == "sat1.ch")
(host == "www.sat1.ch")
(host == "rsi.ch")
(host == "www.rsi.ch")
(host == "codch-vh.akamaihd.net")
(host == "il.srgssr.ch")
(host == "ch.viva.tv")
(host == "intl.esperanto.mtvi.com")
(url.indexOf("proxmate=ch") != -1)
(host == "zattoo.com")
(host == "www.srf.ch")
(host == "srgssruni1ch-lh.akamaihd.net")
(host == "srgssruni2ch-lh.akamaihd.net")
(host == "srgssruni3ch-lh.akamaihd.net")
(host == "www.teleboy.ch")
(host == "aka-cdn-ns.adtech.de")
(host == "teleboy.customers.cdn.iptv.ch")) { return 'PROXY ch-node.proxmate.me:8008' } else if ((host == "www.bbc.co.uk")
(host == "open.live.bbc.co.uk")
(host == "fig.bbc.co.uk")
(host == "vod-hds-uk-live.edgesuite.net")
(host == "vod-hds-uk-live.bbcfmt.vo.llnwd.net")
(host == "www.bbc.co.uk")
(host == "vs-hds-uk-live.bbcfmt.vo.llnwd.net")
(host == "vs-hds-uk-live.edgesuite.net")
(host == "c.brightcove.com")
(host == "secure.brightcove.com")
(host == "metrics.brightcove.com")
(host == "stv-ak.cds1.yospace.com")
(host == "core.stvfiles.com")
(host == "player.stv.tv")
(host == "stv.brightcove.com.edgesuite.net")
(host == "uk-dev-stv.cdn.videoplaza.tv")
(host == "mercury.itv.com")
(host == "www.itv.com")
(host == "itv.com")
(host == "llnw.live.btv.simplestream.com")
(host == "players.simplestream.com")
(host == "uapi.simplestream.com")
(host == "channel5.com")
(host == "wwwcdn.channel5.com")
(host == "cassie.channel5.com")
(host == "player.channel5.com")
(host == "deliver-hls.channel5.com")
(host == "akahls.channel5.com")
(host == "llnwhls.channel5.com")
(host == "milkshake.tv")
(host == "www.milkshake.tv")
(host == "trk-euwest.tidaltv.com")
(host == "mp.adverts.itv.com")
(host == "req.tidaltv.com")
(host == "s1.2mdn.net")
(host == "pes.itv.com")
(host == "ned.itv.com")
(host == "itvdotcom.2cnt.net")
(host == "tom.itv.com")
(host == "dave.uktv.co.uk")
(host == "uktvplay.uktv.co.uk")
(host == "uktvhdse.brightcove.com.edgesuite.net")
(host == "admin.brightcove.com")
(host == "really.uktv.co.uk")
(host == "yesterday.uktv.co.uk")
(host == "drama.uktv.co.uk")
(host == "live.tvplayer.com")
(host == "tvplayer.com")
(host == "sapi.tvplayer.com")
(host == "api.tvplayer.com")
(host == "www.gamefront.com")
(url.indexOf("proxmate=uk") != -1)
(host == "channel4.com")
(host == "ais.channel4.com")
(host == "pandr.my.channel4.com")
(host == "all4nav.channel4.com")
(host == "4id.channel4.com")) { return 'PROXY uk-node.proxmate.me:8008' } else if ((host == "link.theplatform.com")
(host == "discidevflash-f.akamaihd.net")
(host == "api.geoip.dp.discovery.com")
(host == "vidtech.cbsinteractive.com")
(host == "vidtech.cbsima.com")
(host == "om.cbsi.com")
(host == "media.mtvnservices.com")
(host == "api-manga.crunchyroll.com")
(host == "crunchyroll.com")
(host == "www.crunchyroll.com")
(host == "cdn.wwtv.warnerbros.com")
(host == "hlsioscwtv.warnerbros.com")
(host == "media.cwtv.com")
(host == "servicesaetn-a.akamaihd.net")
(host == "live.mlssoccer.com")
(host == "tvewnbc-i.akamaihd.net")
(host == "tvenbceast-i.akamaihd.net")
(host == "nbcmpx-vh.akamaihd.net")
(host == "www.pandora.com")
(host == "video.pbs.org")
(host == "ga.video.cdn.pbs.org")
(host == "urs.pbs.org")
(host == "play.spotify.com")
(host == "www.spotify.com")
(host == "play.spotify.edgekey.net")
(host == "www.iheart.com")
(host == "api2.iheart.com")
(host == "api.iheart.com")
(host == "iheart.com")
(host == "nick.mtvnimages.com")
(host == "sni-vh.akamaihd.net")
(host == "api.segment.io")
(host == "www.vevo.com")
(host == "vevo.com")
(host == "apiv2.vevo.com")
(host == "songza.com")
(host == "new.songza.com")
(host == "www.daisuki.net")
(host == "bngn-vh.akamaihd.net")
(host == "bngnwww.b-ch.com")
(host == "www.hbogo.com")
(host == "catalog.lv3.hbogo.com")
(host == "profile.lv3.hbogo.com")
(host == "profile.hbogo.com")
(url.indexOf(".lv3.hbogo.com") != -1)
(host == "register.hbogo.com")
(host == "play.hbogo.com")
(host == "smetrics.hbogo.com")
(url.indexOf(".lv3.cdn.hbo.com") != -1)
(host == "comet.api.hbo.com")
(host == "play.google.com")
(host == "checkout.google.com")
(host == "store.google.com")
(host == "apis.google.com")
(host == "amc350888def-vh.akamaihd.net")
(host == "a564avoddashnsus-a.akamaihd.net")
(host == "atv-ps.amazon.com")
(host == "www.amazon.com")
(host == "amazon.com")
(host == "fls-na.amazon.com")
(host == "phds-vod.cdn.turner.com")
(host == "token.vgtf.net")
(host == "www.ondemandkorea.com")
(host == "www.fxnetworks.com")
(host == "fxvcms-f.akamaihd.net")
(host == "tvetelemundo-vh.akamaihd.net")
(host == "feed.theplatform.com")
(host == "fsvideohds-vh.akamaihd.net")
(host == "watchable.com")
(host == "cilhlsvod-f.akamaihd.net")
(host == "oxygenvod-vh.akamaihd.net")
(host == "tvesyfy-vh.akamaihd.net")
(host == "www.smithsonianchannel.com")
(host == "brightcove01.brightcove.com")
(host == "edge.api.brightcove.com")
(host == "www.eonline.com")
(host == "link.theplatform.com")
(host == "api.listenlive.co")
(host == "playerservices.streamtheworld.com")
(host == "player.listenlive.co")
(url.indexOf("live.streamtheworld.com") != -1)
(host == "www.cartoonnetwork.com")
(host == "www.viki.com")
(host == ""www.viki.com")
(host == "www.origin.com")
(host == "ht.cdn.turner.com")
(host == "aolvideoshd-vh.akamaihd.net")
(host == "syn.5min.com")
(host == "stvideos.5min.com")
(host == "www.showtime.com")
(host == "secure.showtime.com")
(url.indexOf(".vgtf.net") != -1)
(host == "phds-live.cdn.turner.com")) { return 'PROXY us-node.proxmate.me:8008' } else if ((host == "livestreams.omroep.nl")
(host == ".npostreaming.nl")
(host == "ida.omroep.nl")
(host == "npoplayer.omroep.nl")
(host == "www.zapp.nl")
(host == "tellerapi.omroep.nl")
(host == "e.omroep.nl")
(url.indexOf("proxmate=nl") != -1)) { return 'PROXY nl-node.proxmate.me:8008' } else if ((host == "tvthek.orf.at")
(host == "apasfiisl.apa.at")
(host == "orf.oewabox.at")
(host == "atvplus.oewabox.at")
(host == "cdn.atv.at")
(url.indexOf("proxmate=at") != -1)
(host == "hdsvodsportsman-vh.akamaihd.net")
(host == "streamaccess.unas.tv")
(host == "www.laola1.tv")
(host == "www.livestation.com")
(host == "livestation.com")
(url.indexOf(".emigrantas.tv") != -1)) { return 'PROXY at-node.proxmate.me:8008' } else if ((host == "netflix.com")
(host == "www.netflix.com")
(host == "cbp-us.nccp.netflix.com")
(host == "secure.netflix.com")
(host == "api-global.netflix.com")
(host == "ichnaea.netflix.com")
(host == "customerevents.netflix.com")
(host == "s.thebrighttag.com")
(url.indexOf("proxmate=us") != -1)
(url.indexOf("proxmate=us") != -1)) { return 'PROXY usnet-node.proxmate.me:8008' } else if ((host == "s.hulu.com")
(host == "www.funimation.com")
(host == "wpc.8c48.edgecastcdn.net")
(host == "southpark.cc.com")
(host == "api.utils.watchabc.go.com")
(host == "www.dramafever.com")
(host == "www.logotv.com")
(host == "api.watchabc.go.com")
(host == "theanimenetwork.com")
(host == "huluim.com")
(host == "www.hulu.com")
(host == "t2.hulu.com")
(host == "urlcheck.hulu.com")
(host == "t.hulu.com")
(host == "s.hulu.com")
(host == "play.hulu.com")
(host == "t2.huluim.com")) { return 'PROXY ush-node.proxmate.me:8008' } else if ((host == "player.ooyala.com")
(host == "l.ooyala.com")) { return 'PROXY auv-node.proxmate.me:8008' } else if ((host == "web-api-us.crackle.com")
(host == "legacyweb-us.crackle.com")) { return 'PROXY us2-node.proxmate.me:8000' } else if ((host == "counter.yadro.ru")
(host == "turbik.tv")
(host == "player.rutv.ru")
(host == "api.rutv.ru")
(host == "cdnng.v.rtr-vesti.ru")
(host == "player.vgtrk.com")
(url.indexOf("proxmate=ru") != -1)
(host == "stream.1tv.ru")
(host == "mobdrm.1tv.ru")) { return 'PROXY ru-node.proxmate.me:8008' } else if ((host == "security.video.globo.com")
(host == "api.globovideos.com")
(host == "s.videos.globo.com")
(host == "gshow.globo.com")
(host == "voddownload02.video.globo.com")
(host == "secure.nuuvem.com")) { return 'PROXY br-node.proxmate.me:8008' } else { return 'DIRECT'; }}"
FF Extension: (MEGA) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\firefox@mega.co.nz.xpi [2017-01-08]
FF Extension: (Proxmate) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-04-17]
FF Extension: (Adblock Plus) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-4016113358-843845156-2686539769-1000: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (uBlock Origin) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-20]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-09-30] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [180224 2017-01-08] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4649000 2015-09-16] (Binary Fortress Software)
R2 Ds3Service; C:\Program Files\PS3 Controllers\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-18] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-07] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-07] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-09-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2016-09-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 cdrombus; C:\Windows\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Windows (R) Codename Longhorn DDK provider)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [62576 2008-12-01] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41096 2008-12-01] (Your Corporation)
S3 MADFUMIDISPORT2010; C:\Windows\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-08] (Malwarebytes)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-08 20:51 - 2017-01-08 20:51 - 00039857 _____ C:\Users\Marvin\Desktop\FRST.txt
2017-01-08 20:50 - 2017-01-08 20:51 - 00000000 ____D C:\FRST
2017-01-08 20:50 - 2017-01-08 20:50 - 02419200 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
2017-01-08 20:49 - 2017-01-08 20:49 - 00019582 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-01-08 20:49 - 2017-01-08 20:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARVINS_PC-Windows-7-Ultimate-(64-bit).dat
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\RegBackup
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-01-08 20:48 - 2017-01-08 20:49 - 05766144 _____ (Tweaking.com) C:\Users\Marvin\Downloads\tweaking.com_registry_backup_setup.exe
2017-01-08 20:36 - 2017-01-08 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-08 20:15 - 2017-01-08 20:15 - 00602112 _____ (OldTimer Tools) C:\Users\Marvin\Downloads\OTL.exe
2017-01-08 16:49 - 2017-01-08 16:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-08 16:49 - 2017-01-08 16:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-08 16:49 - 2017-01-08 16:49 - 00002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 16:49 - 2017-01-08 16:49 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-08 16:48 - 2017-01-08 16:48 - 01065376 _____ (Google Inc.) C:\Users\Marvin\Downloads\ChromeSetup.exe
2017-01-08 16:17 - 2017-01-08 16:47 - 00000000 ____D C:\Users\Marvin\AppData\Local\UVFmedia
2017-01-08 16:17 - 2017-01-08 16:17 - 00000000 ____D C:\Program Files\LAT8TQJDDX
2017-01-08 16:16 - 2017-01-08 16:16 - 00000000 ____H C:\Windows\system32\BIT5D78.tmp
2017-01-08 16:16 - 2017-01-08 16:16 - 00000000 ____D C:\Program Files\IJD61O2L61
2017-01-08 15:50 - 2017-01-08 20:50 - 00000000 ____D C:\Users\Marvin\Desktop\WHEN SHIT GOES WRONG
2017-01-08 15:43 - 2017-01-08 20:12 - 00000000 ____D C:\AdwCleaner
2017-01-08 15:43 - 2017-01-08 15:43 - 03988944 _____ C:\Users\Marvin\Downloads\adwcleaner_6.042.exe
2017-01-08 15:29 - 2017-01-08 15:29 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-08 15:25 - 2017-01-08 20:09 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-08 15:23 - 2017-01-08 19:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-08 15:23 - 2017-01-08 15:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-08 15:23 - 2017-01-08 15:23 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-08 15:23 - 2017-01-08 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-01-08 15:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-01-08 15:22 - 2017-01-08 15:22 - 01496584 _____ C:\Users\Marvin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-08 15:22 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-08 15:21 - 2017-01-08 15:21 - 01496584 _____ C:\Users\Marvin\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe
2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Windows\system32\SSL
2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Users\Marvin\AppData\Local\Downloaded Installations
2017-01-08 15:20 - 2017-01-08 15:20 - 00003090 _____ C:\Windows\System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902}
2017-01-08 15:20 - 2017-01-08 15:20 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Ergickmidution
2017-01-08 14:14 - 2017-01-08 16:47 - 00000000 ____D C:\Users\Marvin\AppData\Local\Upmedia
2017-01-08 14:14 - 2017-01-08 15:32 - 00000000 ____D C:\Program Files (x86)\Mapadomcoaveck
2017-01-08 14:14 - 2017-01-08 14:15 - 00000000 ____D C:\Program Files\EET2FMBFLG
2017-01-08 14:14 - 2017-01-08 14:14 - 00006056 _____ C:\Windows\System32\Tasks\Wuzapyfuqerch Update
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____H C:\Windows\system32\BIT91AC.tmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\system32\sstmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 _____ C:\TOSTACK
2017-01-05 22:53 - 2017-01-05 22:53 - 02137268 _____ C:\Windows\f45a21687b2122533a920d405cd65568.exe
2017-01-05 20:48 - 2017-01-05 22:26 - 01445154 _____ C:\Users\Marvin\Desktop\Die Einführung des Mindestlohns.pptx
2017-01-02 13:54 - 2017-01-02 20:11 - 04767777 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation (1).pptx
2017-01-02 13:10 - 2017-01-02 14:52 - 00000000 ____D C:\Users\Marvin\Documents\Darkest
2017-01-02 13:09 - 2017-01-02 13:09 - 00003332 _____ C:\Windows\System32\Tasks\SessionControlAgent
2017-01-02 13:09 - 2017-01-02 13:09 - 00000937 _____ C:\Users\Marvin\Desktop\Darkest Dungeon.lnk
2017-01-02 12:57 - 2017-01-02 12:57 - 00015026 _____ C:\Users\Marvin\Downloads\Darkest_Dungeon_2016_RPG-CODEX.torrent
2017-01-02 12:56 - 2017-01-02 12:56 - 04510004 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation.pptx
2016-12-29 18:19 - 2016-12-29 18:19 - 00069878 _____ C:\Users\Marvin\Downloads\15696174_10210872013973089_1280108056_o.jpg
2016-12-29 18:18 - 2016-12-29 18:18 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG (2).PDF
2016-12-29 18:12 - 2017-01-03 00:44 - 00000000 ____D C:\Users\Marvin\Desktop\Virtual Reality Präsentation
2016-12-29 13:47 - 2016-12-29 13:47 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\SmartSteamEmu
2016-12-29 13:42 - 2016-12-29 13:42 - 00000000 ____D C:\Users\Marvin\AppData\LocalLow\Monomi Park
2016-12-28 19:51 - 2016-12-28 19:51 - 00077824 _____ ( ) C:\Users\Marvin\Downloads\guiformat.exe
2016-12-28 19:19 - 2016-12-28 19:19 - 00188133 _____ C:\Users\Marvin\Downloads\Fat32FormatterEN.zip
2016-12-22 19:56 - 2016-12-22 19:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\AMD
2016-12-22 19:30 - 2016-12-22 19:30 - 00013254 _____ C:\Users\Marvin\Downloads\American_Dad_-_Season_13.torrent
2016-12-22 19:12 - 2016-12-22 19:12 - 00014039 _____ C:\Users\Marvin\Downloads\American_Dad_-_Season_12_-_1080P_-_WEB-DL_-_X265-HEVC_-_O69.torrent
2016-12-22 19:11 - 2016-12-22 19:11 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv] (1).torrent
2016-12-22 19:09 - 2016-12-22 19:09 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv].torrent
2016-12-22 14:02 - 2016-12-22 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 19:42 - 2016-12-21 19:54 - 82345072 _____ C:\Users\Marvin\Downloads\Ace_Stream_Media_3.1.12.1.exe
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-18 23:46 - 2016-12-18 23:46 - 11273864 _____ C:\Users\Marvin\Downloads\AerialTraining.zip
2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\UnrealEngine
2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\DeadByDaylight
2016-12-18 19:02 - 2016-12-18 18:54 - 00395024 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-12-17 14:51 - 2016-12-17 19:28 - 00000000 ___RD C:\Users\Marvin\Desktop\Drum Rack DnB Project
2016-12-16 13:54 - 2016-12-16 13:54 - 00000000 ____D C:\Users\Marvin\Desktop\.midi files
2016-12-15 16:05 - 2016-12-15 16:41 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\discord
2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Local\Discord
2016-12-15 16:04 - 2016-12-15 16:05 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Marvin\Downloads\DiscordSetup.exe
2016-12-14 14:36 - 2016-11-21 19:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-14 14:36 - 2016-11-21 19:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-14 14:36 - 2016-11-21 19:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-14 14:36 - 2016-11-20 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-14 14:36 - 2016-11-20 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-14 14:36 - 2016-11-20 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-14 14:36 - 2016-11-20 16:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-14 14:36 - 2016-11-20 15:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 14:36 - 2016-11-17 17:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-14 14:36 - 2016-11-10 17:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 14:36 - 2016-11-10 17:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 14:36 - 2016-11-09 17:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-14 14:36 - 2016-11-09 17:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-14 14:36 - 2016-11-09 17:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-14 14:36 - 2016-11-09 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-14 14:36 - 2016-11-06 17:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 14:36 - 2016-11-06 17:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 14:36 - 2016-11-06 17:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 14:36 - 2016-10-27 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-14 14:36 - 2016-10-27 16:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-14 14:36 - 2016-10-11 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-14 14:36 - 2016-10-11 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-14 14:36 - 2016-10-11 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-14 14:36 - 2016-10-11 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-14 14:36 - 2016-10-11 16:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-14 14:36 - 2016-10-11 16:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 14:36 - 2016-10-11 16:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-14 14:36 - 2016-10-11 16:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 14:36 - 2016-10-11 15:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-14 14:36 - 2016-10-11 15:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-14 14:36 - 2016-10-11 15:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-14 14:36 - 2016-10-11 15:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-14 14:36 - 2016-10-11 15:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-14 14:36 - 2016-10-11 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 14:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 14:36 - 2016-10-11 14:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-14 14:36 - 2016-10-08 14:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-14 14:36 - 2016-10-04 16:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-13 12:59 - 2016-12-13 12:59 - 00000000 ____D C:\Users\Marvin\AppData\Local\Chromium
2016-12-11 19:11 - 2016-12-11 20:41 - 00000000 ___RD C:\Users\Marvin\Desktop\We gon try this again Project
2016-12-11 18:21 - 2016-12-11 18:21 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG (1).PDF
2016-12-11 13:58 - 2016-12-11 13:58 - 00000000 ____D C:\Users\Marvin\AppData\LocalLow\Daedalic Entertainment GmbH
2016-12-11 13:58 - 2016-12-11 13:58 - 00000000 ____D C:\Users\Marvin\AppData\Local\Daedalic Entertainment GmbH
2016-12-11 13:53 - 2016-12-11 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment GmbH
2016-12-11 13:18 - 2016-12-11 13:18 - 00001338 _____ C:\Users\Marvin\Downloads\Shadow_Tactics_Blades_of_the_Shogun-FLT.sfdl
2016-12-10 13:42 - 2016-12-10 13:42 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG.PDF
2016-12-09 15:09 - 2016-12-09 15:09 - 00013444 _____ C:\Users\Marvin\Downloads\Virtual-Reality-im-Unternehmensbereich.docx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-08 20:47 - 2016-04-06 17:24 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-08 20:36 - 2015-09-05 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-08 20:25 - 2015-09-07 00:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-08 20:12 - 2015-09-05 22:31 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\TS3Client
2017-01-08 20:09 - 2015-09-18 13:58 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\vlc
2017-01-08 19:14 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-08 19:14 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-08 19:12 - 2015-09-13 14:16 - 00000000 ____D C:\Windows\system32\MRT
2017-01-08 19:12 - 2015-09-05 14:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-08 19:12 - 2009-07-14 06:13 - 00743506 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-08 19:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-08 19:10 - 2015-09-13 14:16 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-08 19:07 - 2016-04-06 17:26 - 00000000 ___RD C:\Users\Marvin\Dropbox
2017-01-08 19:06 - 2016-04-06 17:24 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-08 19:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-08 19:05 - 2016-08-31 12:44 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-01-08 18:52 - 2015-09-18 23:51 - 00000000 ____D C:\Users\Marvin\AppData\Local\Battle.net
2017-01-08 16:49 - 2015-09-05 14:40 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-08 16:48 - 2015-09-18 23:49 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-08 16:22 - 2015-09-18 23:27 - 00000000 ____D C:\Users\Marvin\AppData\Local\Spotify
2017-01-08 16:22 - 2015-09-18 23:25 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Spotify
2017-01-08 16:19 - 2015-09-05 14:54 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-08 16:17 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-01-08 14:31 - 2015-09-05 22:16 - 00000000 ____D C:\Users\Marvin\AppData\Local\ElevatedDiagnostics
2017-01-05 20:41 - 2015-09-23 20:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\CrashDumps
2017-01-03 14:46 - 2015-09-28 17:52 - 00000000 ____D C:\ProgramData\Origin
2017-01-03 14:44 - 2015-09-28 17:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Origin
2017-01-02 22:20 - 2015-09-10 15:32 - 00000000 ____D C:\Program Files\PeerBlock
2017-01-02 13:03 - 2015-09-15 23:04 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\uTorrent
2016-12-30 22:17 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-12-29 13:46 - 2015-10-14 10:10 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2016-12-28 20:17 - 2016-04-18 17:44 - 00000000 ____D C:\Users\Marvin\AppData\Local\Windows Live
2016-12-22 16:13 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-12-22 14:02 - 2016-04-06 17:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-19 20:48 - 2016-08-11 17:53 - 00000000 ____D C:\Windows\rescache
2016-12-17 21:14 - 2016-07-22 10:14 - 00000000 ____D C:\Users\Marvin\Documents\ManiaPlanet
2016-12-17 21:06 - 2016-07-22 10:14 - 00000000 ____D C:\ProgramData\ManiaPlanet
2016-12-15 16:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-15 16:48 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\assembly
2016-12-15 16:05 - 2016-01-04 18:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\SquirrelTemp
2016-12-15 08:51 - 2015-09-05 16:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-15 08:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\winsxs
2016-12-15 08:19 - 2009-07-14 03:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-15 08:18 - 2009-07-14 05:45 - 00509392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\en-US
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-15 00:17 - 2015-09-05 14:41 - 00734476 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-14 14:44 - 2015-09-06 20:15 - 00013553 _____ C:\Users\Marvin\Desktop\Pushups Crunches.xlsx
2016-12-14 14:37 - 2015-09-07 11:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 14:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-13 19:25 - 2015-09-07 00:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 19:25 - 2015-09-07 00:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 19:25 - 2015-09-07 00:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 19:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 12:59 - 2015-09-05 14:57 - 00000000 ____D C:\Users\Marvin\AppData\Local\Steam
2016-12-12 23:52 - 2015-12-29 19:00 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Skype
2016-12-11 13:42 - 2015-12-01 13:55 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\SFDL.NET 2
2016-12-09 17:51 - 2016-12-06 15:07 - 00000000 ___RD C:\Users\Marvin\Desktop\White Blood Project
==================== Files in the root of some directories =======
2015-09-17 00:20 - 2015-09-17 00:20 - 0000037 ___SH () C:\Users\Marvin\AppData\Local\20986331705021ca58edc424.96250074
2016-02-19 10:56 - 2016-02-19 10:56 - 0000036 _____ () C:\Users\Marvin\AppData\Local\housecall.guid.cache
2016-01-03 00:59 - 2016-01-05 23:07 - 0007600 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
2015-09-18 16:55 - 2015-09-18 16:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-05 14:45 - 2015-09-05 14:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-07 21:48
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Marvin (08-01-2017 20:51:45)
Running from C:\Users\Marvin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-09-05 13:38:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4016113358-843845156-2686539769-500 - Administrator - Disabled)
Guest (S-1-5-21-4016113358-843845156-2686539769-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4016113358-843845156-2686539769-1002 - Limited - Enabled)
Marvin (S-1-5-21-4016113358-843845156-2686539769-1000 - Administrator - Enabled) => C:\Users\Marvin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM\...\{F6BA3E9F-8637-4DCE-BBA8-75A6A57A9D0B}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Skybox Labs)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Analog Lab 1.2.3 (HKLM-x32\...\Analog Lab_is1) (Version: 1.2.3 - Arturia)
Arturia Software Center 1.2.1 (HKLM-x32\...\Arturia Software Center_is1) (Version: 1.2.1 - Arturia)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bionic Dues (HKLM-x32\...\Steam App 238910) (Version: - Arcen Games, LLC)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.4 - Codeusa Software)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Catalyst Control Center Next Localization BR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DARK SOULS II - Scholar of the First Sin (HKLM-x32\...\DARK SOULS II - Scholar of the First Sin_is1) (Version: - )
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version: - )
DARK SOULS™ II: Scholar of the First Sin (HKLM\...\Steam App 335300) (Version: - FromSoftware, Inc)
Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version: - )
Darksiders II: Deathinitive Edition (HKLM\...\Steam App 388410) (Version: - Gunfire Games)
Darksiders Warmastered Edition (HKLM\...\Steam App 462780) (Version: - KAIKO)
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Discord (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
DisplayFusion 7.3 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.0.0 - Binary Fortress Software)
Distance (HKLM-x32\...\Steam App 233610) (Version: - Refract)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version: - Crows Crows Crows)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DuelystLauncher (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\launcher) (Version: 0.0.9 - Counterplay Games Inc.)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.0.0.2 - GOG.com)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.45.44416 - Electronic Arts)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FlatOut 2 (HKLM\...\Steam App 2990) (Version: - Bugbear Entertainment)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
GameRanger (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\GameRanger) (Version: - GameRanger Technologies)
Gaming Mouse Editor (HKLM-x32\...\GamingMouseEditor) (Version: 13.04.0002 - )
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Industry Giant 2 (HKLM\...\aW5kdXN0cnlnaWFudDI_is1) (Version: 1 - )
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Mafia III (HKLM-x32\...\Mafia III_is1) (Version: - )
MAGIX Common Components 1 (HKLM-x32\...\{38BF501B-F285-4A3B-99E2-09F58A130A59}) (Version: 1.7.0.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 2 (x32 Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B396DA26-0959-44BA-812B-2E6AF4F678E1}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MIDI Control Center 1.2.2 (HKLM-x32\...\MIDI Control Center_is1) (Version: 1.2.2 - Arturia)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 de)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version: - )
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Need For Speed Most Wanted Black Edition version 1.3.0.0 (HKLM-x32\...\Need For Speed Most Wanted Black Edition_is1) (Version: 1.3.0.0 - Mr DJ)
Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.1.0.0 - Electronic Arts)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Pazera Free MKV to AVI Converter 1.4 (HKLM-x32\...\{EDFA6B29-7667-4FD2-86F3-9835AFCE837A}_is1) (Version: 1.4 - Jacek Pazera)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Project Highrise (HKLM-x32\...\2018730457_is1) (Version: 2.0.0.4 - GOG.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2461 - )
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version: - Microsoft Studios)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Shadow Tactics - Blades of the Shogun 1.1.2 (HKLM-x32\...\{BB762706-65FA-44C1-B2BB-EF29CA88D7CE}_is1) (Version: 1.1.2 - Daedalic Entertainment GmbH)
Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version: - )
Skyborn (HKLM-x32\...\Steam App 278460) (Version: - Dancing Dragon Games)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SNOW (HKLM\...\Steam App 244930) (Version: - Poppermost Productions)
SONAR 8.0 Producer Edition (HKLM-x32\...\SONAR8Producer_x64_is1) (Version: 17.0 - Cakewalk Music Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold (HKLM-x32\...\{97A19679-4C07-4B34-8ACB-D5565C3440FC}) (Version: - )
Stronghold Crusader Extreme HD (HKLM\...\Steam App 16700) (Version: - Firefly Studios)
Stronghold Crusader HD (HKLM\...\Steam App 40970) (Version: - FireFly Studios)
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.4.0.5 - GOG.com)
Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Room (HKLM-x32\...\The Room_is1) (Version: - Fireproof Games)
The Room Two (HKLM\...\Steam App 425580) (Version: - Fireproof Games)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight Ltd.)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
This Is the Police (HKLM-x32\...\This Is the Police_is1) (Version: - )
TOXIKK (HKLM\...\Steam App 324810) (Version: - Reakktor Studios)
Trine 2 (HKLM\...\Steam App 35720) (Version: - Frozenbyte)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-5e1b7663-0639-46c5-882c-a64cefc97f4d) (Version: - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
USB Network Joystick (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: V3.70a - )
Velocibox (HKLM-x32\...\Steam App 317710) (Version: - Shawn Beck)
Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
White Night (HKLM-x32\...\White Night_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Goo (HKLM\...\Steam App 22000) (Version: - 2D BOY)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {015D408D-BFF6-437D-86FD-B4E1CD58743B} - System32\Tasks\Wuzapyfuqerch Update => C:\Program Files (x86)\Mapadomcoaveck\vazering.exe [2017-01-08] (Glarysoft Ltd)
Task: {2075174D-DA69-43F3-B9AC-DB550763ABAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {476E2E3D-7994-4604-83C4-054AF01BD337} - System32\Tasks\SessionControlAgent => C:\windows\mfdvdec.exe
Task: {4F0AE84A-66A1-4265-A761-E8A418FA8722} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
Task: {63E4E2EA-492C-41FB-BF97-AE7231771156} - System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
Task: {72D72D62-605D-4038-8B0D-BA0D4EEC48EE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
Task: {A6ECCEEE-5AEE-416B-8968-7A0D124938D0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
Task: {BD6F6ECA-881B-4477-8788-59E26BCE7DBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
Task: {FAC70300-0CF5-4A75-A198-4F098D1518F3} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-08-11] (Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-09-29 23:49 - 2015-09-29 23:49 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-01-08 16:16 - 2017-01-08 16:16 - 00369664 _____ () C:\Program Files\IJD61O2L61\IJD61O2L6.exe
2017-01-08 16:17 - 2017-01-08 16:17 - 00369664 _____ () C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
2017-01-08 14:14 - 2017-01-08 14:14 - 00117561 _____ () C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
2016-06-22 13:09 - 2008-12-10 10:10 - 00796784 _____ () C:\Windows\USB Vibration\7906\USB Gamepad.exe
2015-10-01 21:19 - 2016-09-05 13:30 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-01-08 15:22 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-08 16:49 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-08 16:49 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-08 14:14 - 2017-01-08 14:14 - 00180224 _____ () c:\program files (x86)\mapadomcoaveck\bmssch.dll
2016-08-11 09:22 - 2016-08-11 09:22 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2015-09-05 14:57 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 13:13 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-04-06 17:25 - 2016-11-11 21:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-04-06 17:25 - 2016-11-11 21:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-22 14:02 - 2016-11-11 21:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-04-06 17:25 - 2016-11-11 21:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-22 14:02 - 2016-11-11 21:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-04 23:23 - 2016-11-11 21:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-22 14:02 - 2016-11-11 21:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-22 14:02 - 2016-12-21 19:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-22 14:02 - 2016-12-21 19:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-04-06 17:25 - 2016-11-11 21:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-22 14:02 - 2016-11-11 21:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-22 14:02 - 2016-11-11 21:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-22 14:02 - 2016-12-21 19:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-01-08 15:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-01-08 15:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-01-08 15:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-13 12:59 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-09-05 14:57 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-01-08 15:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-01-08 15:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\In Praise of Idleness.docx:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2017-01-08 16:16 - 00003762 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com (http://www.czzsyzgm.com)
127.0.0.1 www.czzsyzxl.com (http://www.czzsyzxl.com)
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com (http://www.czzsyzgm.com)
127.0.0.1 www.czzsyzxl.com (http://www.czzsyzxl.com)
127.0.0.1 union.baidu2019.com
34.195.153.94 www.google-analytics.com (http://www.google-analytics.com)
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com
There are 55 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Local\DisplayFusion\Wallpaper_1
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2C67024C-DC4B-4314-9C8B-057AE5ABCCE8}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52C9B7A2-64FC-4CE1-BE7D-258A25741A08}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD82BC66-3211-4AFF-AB15-A20EE4F7E229}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14E327E9-4066-49A2-8544-495618EE2CDE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{129DBF11-1F8C-497C-AA60-16B561D33EEA}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{169051FB-0C5F-4F54-BC54-4932336D2AB0}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{078093FA-5DAE-4ED3-A4CF-F4E5E7D2CB26}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{9FD1C2D6-7906-4318-A23C-E192FBD43156}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{E553F81E-6859-4F48-8BD2-2B1027A62D75}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E930793D-DE5A-4CA0-B77B-EAF8F6F960D4}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C335B409-E9C8-4696-98D0-FDB4F87DDC36}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{AE233376-CDF0-4D65-BA6A-D33D6365EDC9}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{96230585-A1DA-4710-AF5C-1304C89991D5}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{009D2D9A-0A85-4A44-B40F-73A12D35D250}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8C9891A1-1FA2-477C-BA45-A25FB9B92113}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{F93FD07B-352B-4010-B2CB-1839EFF573C7}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{520998B0-63E3-43A0-A903-3D21DF510F79}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
FirewallRules: [{FD148EBC-ABAF-4294-9F3E-8C76090C81EF}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
FirewallRules: [{4A803132-5785-4794-893E-ACA9815A0168}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83E60C6D-B439-4AD8-9B63-26360FC9002D}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD92F503-5E4B-4DB2-A168-B102BA7BB6BA}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C44DA4A-40FB-4AD2-87D9-1CB8426EFED0}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5D217C4-4EDB-4251-BC68-C42F3E0E8818}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5769C73-527D-4FE5-B2B2-D7A25EE96410}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0457E1B-4D27-4302-9D5A-A67794A081CB}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{018665DB-381B-4249-8A7C-88C910A5A92F}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{54458FA4-6EB8-42CC-A80B-FADEAB620123}] => F:\FSetup.exe
FirewallRules: [{BEA043F3-AB1B-4988-85F0-4F6B06C4223E}] => F:\FSetup.exe
FirewallRules: [{14F65062-EB39-4798-9D8A-4D5A865F06B5}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F33CCFB0-60C6-4F2B-998D-0996993D8DD4}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F7270DDA-B899-4893-A56D-642AC3120C51}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{3D086A43-BE50-472F-A1C1-3C8D1E2960FC}] => LPort=5357
FirewallRules: [{22C31F31-C114-49DD-96E9-CE31BA4A42AD}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{54FC33AE-AE9E-4ECF-8184-41857E10B6EA}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BD5A772D-7E44-4759-88BA-48E4A5F96BB5}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{60D11025-A6F7-41DD-8791-AAB06D7F61A6}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
FirewallRules: [{007CC6DF-CC7F-4BA5-BA31-40B240518B72}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
FirewallRules: [{681930F8-C1C6-429C-A186-9A2F769D7D63}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{FE48D0CF-EC49-4097-A142-ED3C5547BC19}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [TCP Query User{647A6EFE-B391-4B64-8951-4EEF599154A4}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{A5F2208D-30E9-49D1-B908-5C959896B1CA}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [{2B504F76-0490-4133-BCBF-5675D3CF0D13}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{B6657BBB-6EBE-4FBA-AADC-973EFEE18990}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{30DA0CC5-6031-49A7-8478-6D4423165B57}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{61AEC935-F92E-4BC0-B732-594F00592BF5}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{FF174677-EDC1-4CE9-94C4-CBEF8A5C2F81}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{014B0979-388C-4777-91AC-801E0E6F89AA}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CCA7CDEB-C500-460E-AE48-A3A68DA060A9}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{311DD911-DC6B-4259-A70B-97694993B5D7}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40F1223A-5435-4EB0-90A7-7D74F4EB51F5}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{A742BC14-4049-4014-BA4D-F3B48792F747}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [TCP Query User{01352EF0-7CB0-49BE-8589-EF386A74FFB5}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [UDP Query User{75D3C9EB-9B38-4358-94E5-4C62D5A6A767}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [{06291B2E-0FB5-4483-B9F0-1D6387714701}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{22583C7A-FB6E-47B6-A2ED-9DCAD531BD51}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{198581A9-1D51-4E9B-AF2A-F55FC1A06106}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{DB0FA115-A0AC-44B0-BFFC-CE32C388E04F}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{5756E919-A02F-42FA-8DA2-3C58C9988CCD}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
FirewallRules: [{A6481242-7297-4090-BD13-1775ADD7A08B}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
FirewallRules: [{E1B3C425-7A16-4AEF-86A9-FFA6FE518590}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
FirewallRules: [{07E23BBF-B0AC-4D8E-9E9B-9EB78818554D}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
FirewallRules: [{0A1D96D5-3C6F-43FB-B3E5-4C229AE224C5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E1B76222-696E-4889-8692-D1A2F162E6E3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{945393B7-0AB3-4867-A835-CFDA8A5D9CA5}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{6800929E-6C93-4D0C-B46D-89C7C172F8E3}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{2681F1A1-F6F4-4CF0-ADE4-591E5C281A3E}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
FirewallRules: [{C18C9176-B8B6-47FF-A573-A35925CF04A1}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
FirewallRules: [{AF66DE81-46C8-4BC0-A8E0-4DCBA79747CA}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
FirewallRules: [{B0852FD9-1130-4FC4-8A6E-2FFF291AE5D1}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
FirewallRules: [{69A0E37D-3266-45B2-BBCA-DA7312B41049}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9AF6C141-AF24-4985-A26E-FFA0149C8E60}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2C340C38-0B26-4BA8-8449-50F45EF51956}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E6620324-6937-4A32-9DCF-FD5AA0EC06F3}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{6C67B8D7-6D29-46E7-8C9F-C5CA4A2AA24E}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{C1C44579-42E9-45DE-8718-75E7555A834B}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{49D0AF96-8BA0-498D-82F0-6BED639B3F00}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{43E90CDC-71DE-463D-B12D-1A75D722412D}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{12BAE19A-1AA1-44FB-BE77-8960E239E938}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{16E8671D-B9D1-4115-861C-4C167191E8D2}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{C19518B1-FB8E-4656-8B09-36379EDBAB17}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [UDP Query User{9C3F3F23-32BA-4B53-AED4-671063BE47DD}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [TCP Query User{0D50C0B1-AE55-4CDC-A8E2-83FE8CCA1A40}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
FirewallRules: [UDP Query User{600D271E-D530-45C6-BDA2-5BD835F3CBCC}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
FirewallRules: [{DF9637FE-9271-4755-83CA-64EC22124DCC}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A4640C5F-93EF-475F-A849-544277DA8FBD}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BC065E74-9DFB-44F7-9093-3E8B5D901608}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9C45B3AC-4CB2-459A-8422-778B25383CB9}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{5E83E391-249A-4DB4-BE6C-F854329B3442}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{2FF6C920-B74A-4E0D-819E-D56337F2EB23}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{E27BAD56-AB74-4D21-A893-336DD260CACE}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [{2CABC0C9-2329-4A54-823E-E74629960D96}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{4A2ED845-1DBE-4666-9E54-CFDE0337583A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{763DE35C-D07C-4A62-B596-91BE2DAA1FFD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{7F45ABBA-92AF-4F8D-8BF8-27270D43A9C1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{6003E9CD-A138-4031-B09D-9D65D7BAAFF1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{A79D523A-6610-4CE5-9EF4-0C43F9F0B3DD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{6D24357E-B5EE-42E2-A7BF-ED36973295EB}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{9D9F7801-388C-49AB-82A7-74FFD38BDC4D}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{CC3BEC4B-F9EA-4A41-A74B-DBE5B5ADFE0A}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{DF06961E-9960-4F51-B55F-47624BEEB7DA}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{F15ED7ED-329F-4608-9F58-C420C07DE427}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{E5B1B159-E816-460F-BF5C-8BB6AC88CA6F}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{B443FBA7-2848-4CFC-812E-5151B025666F}] => D:\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{05950F9F-92DE-40E3-B8F0-D5F0B7FED4FF}] => D:\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{8992FF96-67B3-4CAB-BB72-ADE46920965C}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B4E7D120-3B2C-4175-B5A8-0BDDB77B3DF5}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{0AF7D012-5356-4BEA-A25D-A8A5F5525E3D}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{23FCFBDE-AFA6-4D7D-AD8E-58F54863334F}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{B34222C4-CF8D-4912-828B-98D66889BDB0}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{08313B4B-831B-4D22-89C7-A2446F2DC868}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{6EA2A39E-D5CE-4E6F-97B1-FC72AA45D541}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
FirewallRules: [{625DD56D-7837-4399-A13C-8988BBACBB28}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
FirewallRules: [{40891563-B988-46EA-9820-B7C5E464B166}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{50E31DE1-BCEB-43B2-A993-F186683BB640}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{3D9C6597-B922-4202-B955-03224C20A984}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{190A8C82-862C-4A73-B3BD-1F951E22AAF2}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{7219BC4D-3E4F-4576-988B-00DBABE989E7}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{0694F81E-A89C-4A66-977E-7F5CF48BE772}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{7CA5FEF0-87EA-4438-9DD0-17B73E15EAE5}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{D636D9FA-939C-4B65-A172-66F716596E13}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{3CDF4703-E5D5-4713-8862-17CA78560788}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{EAFF5FFF-7F7C-46CD-BAD7-84E1011B35AF}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [TCP Query User{55482BD3-AA22-4146-AA31-442043D5DDF9}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
FirewallRules: [UDP Query User{CE7A66C2-99D4-4A01-9C2E-DA0E4D070019}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
FirewallRules: [{BD410568-C2D8-4E75-B531-B9981040E885}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C6C5A191-9C82-4C67-B429-EA617663A79F}] => LPort=2869
FirewallRules: [{20479539-82B1-413E-8E2E-9FDE981C278A}] => LPort=1900
FirewallRules: [{21CC8884-23C9-440F-B3FC-8054362CEF46}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
FirewallRules: [{58D02992-1E07-43F8-86BD-440A307566FF}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
FirewallRules: [TCP Query User{DC6D1EED-0862-4BA2-B3CF-13D041B47EB2}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{541CC553-77EB-40FE-A7EE-350BD99116AA}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
FirewallRules: [{5A52CCD4-9F08-4721-BC33-33143B7BF968}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
FirewallRules: [{D5E5EEFD-2B94-4B86-9B43-19569D6E6218}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
FirewallRules: [{A0B1201F-2DEA-4133-904A-9A3E134C56BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{3FB5DB0B-A1E0-48EF-A7F9-1E11620B88BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{604CA1CF-3DA8-4987-AE2D-8F1AC569A4FE}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{3F247AF4-BCCE-4598-AF4B-F570DDE0DC4F}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{C780D536-056F-46C2-89F9-C75A4AD8D85E}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{44BE9D03-20AF-4F1E-9C20-C00BB9F15CF8}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{C3F8211B-A747-4C36-8FA7-BCD51262422F}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{50D7A03F-AAB7-4D14-9B3C-F7CB78BAC7CB}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{C813053E-85C3-4FCE-A98F-F64AB377515C}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{02AEF83E-A419-4848-9A95-BF8F65230AB4}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{A6270AD3-B51A-4767-B29E-5230302EBC74}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{BB18A7A7-A6AE-41F9-A3D2-3BA26932ABF8}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{62E27FF0-8270-41AE-A1AA-61425B2814CA}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{E2AA4C60-776A-478C-884C-4277DDCB44C5}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [TCP Query User{B36987E6-DA30-41C1-B78F-88FEB396BA37}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{F0EA91A2-71BF-492F-8A89-D459AAA35E2A}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{985B2F18-0DA9-4BE0-9519-79F679DAF809}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{6496500F-62C6-4B53-B07B-F5A3A211FC46}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{3DC9802E-1254-43AA-ACA9-ED0848637A91}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
FirewallRules: [{04B5B5DA-723A-4013-AD21-D79F57877A2C}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
FirewallRules: [TCP Query User{A3BA3E4F-10F1-4871-B872-8D0FBFA3BE0D}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
FirewallRules: [UDP Query User{4C132067-F08A-42B9-AF92-79749DDC6A03}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
FirewallRules: [{130362D6-B9CE-4064-897B-2F85AB365F5E}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{BACF3C9F-C771-40FB-9B3C-5A2BE79A8076}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [TCP Query User{6DC74B46-5DE6-4DEE-99F0-2ECE7EEEDBF6}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{27DDE796-950E-4045-AD88-DDFD83D9AE2A}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6CAFCF52-E329-419A-A260-16B830758CFE}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{E2141F5F-AE7B-4B46-9164-7B97AF28B215}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{157414F4-28E8-414E-8121-BF5BE1627F46}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{13CED9B7-DE2A-4F03-8652-2487A048341E}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{790B1BDF-25FA-454E-9D64-D9487D636CF2}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{F4AE393F-F1BF-497F-8EED-ED76D40F316F}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [TCP Query User{11F1608C-BFF3-47F3-929A-7DD7C89EF38D}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{C9965CC4-661C-4F6F-B4B3-7DD71C96796C}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{2841BF19-E797-4C58-B406-40F14C5F83F3}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [UDP Query User{75B87E49-279D-481E-AB57-53A5FB1F2833}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [{7EC9ED00-0873-4C75-98C7-8B1B633473B1}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB6F2570-1429-41C0-8DDC-22EC64725726}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB7D1C11-C2EA-4466-A264-DB2CBC34A0AD}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D2784565-EED7-413F-A033-4C79CC252477}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{03D858A8-891C-45F4-9ADE-6B03801E9B72}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{58A2C62B-3121-4CCF-B5B8-A724C6D8ABC8}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6931E6E7-A38E-415A-9A10-475B778FD92A}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D18B0565-4C37-4AB0-997F-9215093FDC82}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{68E05207-A717-49D8-B227-6B575701B61C}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{9267A602-1433-435C-AF13-D703F9C957BA}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{A4A353D7-A425-41D6-BFC4-3A085F8808BA}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{A301EB7D-7BD7-4C8E-A414-F5FA3B226930}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{0B217961-2D9E-4F00-A7BD-E6F72648CFD9}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{8B98E7E3-1C8A-465E-BE5E-83412440DD24}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{3ABD7847-D2A9-4274-9D03-FBF5F09D0EA6}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{BDBE934F-3142-416F-B96F-CB24F1C31F67}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{15FB6868-48F4-4F51-A837-A87160D1B72C}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{A8B4C5E4-3156-45B5-8468-6F7629C8CDAC}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [TCP Query User{978249A7-E3CA-4254-AA17-FD7FFC4EDF3D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
FirewallRules: [UDP Query User{972369D7-BF66-41B7-ADFC-FCBCF9908D7D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
FirewallRules: [{C8D576DD-9C55-467F-A9F1-A20256AB7B27}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{E1AE626D-105E-479C-9708-7663599A4724}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [TCP Query User{2130A400-1A75-4E97-8252-B394C98186F0}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
FirewallRules: [UDP Query User{A94C4A47-B01E-426C-9D8F-33E75F426213}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
FirewallRules: [{CC6D2B93-89D0-4C19-A1FD-725069A85B0F}] => D:\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F1694BD4-2917-4867-B2A4-155048B905ED}] => D:\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{AFD55FF9-6C2C-4514-AD82-63B8C7BEF230}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{75750E89-6CEA-44E1-8327-B37BDF9F380B}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{9E6C8FB2-16EF-4122-A53A-1B7AADA907B2}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{CE9D89F1-8B3B-4A78-96AC-18B27FC76425}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{EB0573A6-634F-42A9-8DC3-015C818D0BAF}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{C29F4CB3-CF7E-4909-946B-BE24CE91E86C}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{8CDAEB39-36B6-4964-ABD1-84DAF026AE3C}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9FF1126F-CE84-46F0-97CF-B283362D70CA}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
FirewallRules: [{2A41F4F2-B79A-4047-BE74-9EFA19E292EC}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{3370B26E-1739-400F-A0BC-04D343CA49D1}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{0E1EF994-DE8D-4AF9-B260-D3EB90382EE0}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E8FFAB56-AC8A-40C5-AC11-2A37607C0D90}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A2E6A700-BF36-4C8D-B0AC-44DBE087EB4E}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{499F64A3-381C-49E2-AF09-F10230E83B6D}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{3983C252-EAC3-4D0E-A37D-01EC41D8474E}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
FirewallRules: [{F3FBB721-9D63-4EA8-A938-4C97538C2143}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
FirewallRules: [{46398286-1FEA-426F-9352-7C75E07C02CB}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{60436BA4-6FAE-4446-8D67-FFC7E56952BC}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{D684CC3E-1515-4DA8-9E90-BF08D90E7934}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{77435157-5E03-47C1-8472-50EACA04C981}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{8B18436B-95F7-4998-A0BF-1F102B9AE7D8}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{C09F3631-6BD3-4F25-B747-521A6F57618E}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{1B759394-8789-4751-838D-11F65701AFA4}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{C7F5C3B3-76DF-4300-9BE1-5013C9DB4CEE}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [TCP Query User{0A88EE2A-FF4E-46CA-BF41-0E2EB85B0486}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{DE40AC2E-F40D-4C27-B630-A191B1DE905B}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{B5DDBC43-4B11-4512-805A-E775531D17EB}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{FD8FBE4C-B561-4F5C-B6F0-14CE5AD0CA56}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{7118BBCB-A4F8-466B-93C7-5FB3BA2A4C90}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
FirewallRules: [{1CFF5713-B412-4B15-A9EC-CF7AAF69D257}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
FirewallRules: [{114858E4-0739-48E6-94B8-BC3213F24CD0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F10342DA-92E9-4D88-8D51-61B9267D1D36}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EAEC0EA-C0BB-4E3E-8832-4E544D909F05}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{3F29D248-1DC4-4EFC-8560-0E340DCDDD10}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{CA1C2292-723D-4293-86B5-29BF865C588F}] => D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{B89451EE-ADF6-4063-8614-6B0863BA77C6}] => D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{A5C03161-B532-48BB-82BE-5AC252B0FD34}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{F4C26E9B-1BD7-4740-A63B-3F93CCAFA520}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{2830D4EF-D390-4440-AC61-38F232CBFD10}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{865F1A64-5F18-4C6F-A842-5EA3237CCC24}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{EBBE5780-1B68-47F0-A938-798E0644DD1A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{125EDD41-CEB4-4BE6-BB51-17AA8DFFC594}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{13D6559F-0FE8-472D-9E34-FB3D6212F4CE}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{9F978A16-3502-4FBD-8D72-F5D58AC5B7BF}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{5AD4D3F5-4002-4E09-AE84-477A49FBBF61}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{43C1460F-374A-4D44-A2FB-DD2470405923}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{3B5F0660-1479-4781-8580-F69A0CE5D620}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{C118E5A3-1C55-462B-9785-C4C8C6553341}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{1154AE4E-08F0-4B7B-98A2-03DCD8E16BBA}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{7CD7D6B1-C654-4A9B-8B5E-93A93FA368DB}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{3DE95129-D661-41A7-9093-31DA73F7FB36}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{96EE443A-85B4-4834-8D50-214A05604D52}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8AD68C55-30F1-4739-8CB2-9359FB15CF9D}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{9A92B0CA-3BBA-4D42-8613-1ECB0DD15BFB}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{3988CA20-3C73-4F09-A1EA-DEC8F707F0CD}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{51425A23-ADBF-464E-9D46-8AEA57E1BB88}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [UDP Query User{8CD45599-0FE4-44C4-AB50-7D61AD418F4A}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [TCP Query User{E221ACA7-1FBF-444A-AD79-DD9CAB0F49CE}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [UDP Query User{F999516F-69B3-4131-8DF3-CAB98992EB7A}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [{F44EE477-681E-4B9F-92FF-1F98466C034F}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E750B4EC-C8E4-41B5-9240-8F0EDFFC5BBD}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{11627BC6-5AAC-4944-BC75-4FDB836D1F24}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{4B75732E-6B1F-4D0F-B432-64C1816D8F92}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{122BFDFA-1959-4CAA-93F3-DDA9DC4B5F6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
08-01-2017 15:14:20 Windows Defender Checkpoint
08-01-2017 15:32:43 chip 1-click download service wurde entfernt.
08-01-2017 19:10:23 Windows Update
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2017 07:06:35 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 04:45:45 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 04:30:58 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 04:21:36 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 03:46:19 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 03:34:56 PM) (Source: chip 1-click download service) (EventID: 0) (User: )
Description: |ERORRS=;(280) error at getVersion:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Error: (01/08/2017 03:32:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Double Spaced Firewall since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (01/08/2017 03:16:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 11d8
Start Time: 01d269b958ba9446
Termination Time: 3
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: 01262f72-d5ad-11e6-a620-94de807c80e7
Error: (01/08/2017 03:14:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {95764d89-ad32-4c36-a558-be2e89b1a400}
Error: (01/08/2017 03:00:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1304
Start Time: 01d269b74faee6cb
Termination Time: 4
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: d1d88284-d5aa-11e6-a620-94de807c80e7
System errors:
=============
Error: (01/08/2017 07:07:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/08/2017 07:07:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/08/2017 07:07:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
Error: (01/08/2017 04:46:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/08/2017 04:46:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/08/2017 04:46:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
Error: (01/08/2017 04:31:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/08/2017 04:31:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/08/2017 04:31:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
Error: (01/08/2017 04:30:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
==================== Memory info ===========================
Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 12254.28 MB
Available physical RAM: 8473.01 MB
Total Virtual: 24506.75 MB
Available Virtual: 20581.53 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:15.73 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:16.64 GB) NTFS
Drive e: (Data) (Fixed) (Total:465.76 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 118BED4E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 1B2569FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 255B7F54)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
AswMBR Log:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-01-08 20:54:52
-----------------------------
20:54:52.108 OS Version: Windows x64 6.1.7601 Service Pack 1
20:54:52.109 Number of processors: 8 586 0x200
20:54:52.110 ComputerName: MARVINS_PC UserName: Marvin
20:54:53.170 Initialize success
20:54:53.186 VM: initialized successfully
20:54:53.187 VM: Amd CPU supported
20:56:10.828 AVAST engine defs: 16122701
20:56:17.897 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006b
20:56:17.902 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
20:56:17.906 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006c
20:56:17.911 Disk 1 Vendor: KINGSTON 505A Size: 114473MB BusType: 11
20:56:17.917 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d
20:56:17.923 Disk 2 Vendor: TOSHIBA_ MS2O Size: 953869MB BusType: 11
20:56:17.941 Disk 1 MBR read successfully
20:56:17.945 Disk 1 MBR scan
20:56:17.951 Disk 1 Windows 7 default MBR code
20:56:17.956 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:56:17.961 Disk 1 Boot: NTFS code=1
20:56:17.969 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
20:56:17.988 Disk 1 scanning C:\Windows\system32\drivers
20:56:21.247 Service scanning
20:56:31.840 Modules scanning
20:56:31.854 Disk 1 trace - called modules:
20:56:31.865 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:56:31.873 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800c172060]
20:56:31.880 3 CLASSPNP.SYS[fffff880013bc43f] -> nt!IofCallDriver -> [0xfffffa800ac43540]
20:56:31.888 5 amd_xata.sys[fffff880011a8d00] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa800ac4c060]
20:56:33.014 AVAST engine scan C:\Windows
20:56:33.977 AVAST engine scan C:\Windows\system32
20:57:45.671 AVAST engine scan C:\Windows\system32\drivers
20:57:49.576 AVAST engine scan C:\Users\Marvin
21:05:20.769 AVAST engine scan C:\ProgramData
21:08:48.277 Disk 1 statistics 4717012/0/0 @ 3,87 MB/s
21:08:48.282 Scan finished successfully
21:09:07.059 Disk 1 MBR has been saved successfully to "C:\Users\Marvin\Desktop\MBR.dat"
21:09:07.064 The log file has been saved successfully to "C:\Users\Marvin\Desktop\aswMBR.txt"
As a disclaimer I will say that my browser does not show all images. And some websites, eg. youtube, do not load properly all together due to the infection. I had to make my account on this forum via my laptop as i could not see the picture that verifies that i am a human. I have had malware in the past but i have always found a way to completely remove it. The malware that I have now started showing itself today but I dont know when I was infected.
Farbar Logs and aswMBR logs following!
Farbar Logs (FRST):
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by Marvin (administrator) on MARVINS_PC (08-01-2017 20:51:26)
Running from C:\Users\Marvin\Desktop
Loaded Profiles: Marvin (Available Profiles: Marvin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Scarlet.Crush Productions) C:\Program Files\PS3 Controllers\bin\ScpService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Program Files\IJD61O2L61\IJD61O2L6.exe
() C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
() C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\USB Vibration\7906\USB Gamepad.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Windows\System32\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6625672 2016-08-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [USB Gamepad] => C:\Windows\USB Vibration\7906\USB Gamepad.exe [796784 2008-12-10] ()
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-31] (Spotify Ltd)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe [117561 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => C:\Program Files\IJD61O2L61\IJD61O2L6.exe [369664 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe [369664 2017-01-08] ()
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [UVFmedia] => regsvr32.exe C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll <===== ATTENTION
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
HKU\S-1-5-18\...\Run: [71KFQTEHQA] => C:\Program Files\EET2FMBFLG\EET2FMBFL.exe [369664 2017-01-08] ()
HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-18] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-01-08]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{EB100C81-CB83-4438-99D2-8059C3A5BDFC}: [DhcpNameServer] 192.168.2.1 192.168.2.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
SearchScopes: HKU\S-1-5-21-4016113358-843845156-2686539769-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
FireFox:
========
FF DefaultProfile: 5954ldyi.default
FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default [2017-01-08]
FF NetworkProxy: Mozilla\Firefox\Profiles\5954ldyi.default -> autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((host == "www.abc.net.au")
(host == "iview.abc.net.au")
(host == "iviewmetered-vh.akamaihd.net")
(url.indexOf("proxmate=au") != -1)
(host == "livestream.com")
(host == "www.livestream.com")
(host == "api.new.livestream.com")
(host == "player.ooyala.com")
(host == "xnewsvidhd-vh.akamaihd.net")
(host == "www.animelab.com")
(host == "dcgm6i50yfgtk.cloudfront.net")) { return 'PROXY au-node.proxmate.me:8008' } else if ((url.indexOf("proxmate=ca") != -1)
(host == "ici.tou.tv")
(host == "toutvuniver1-vh.akamaihd.net")
(host == "geoip.radio-canada.ca")
(host == "api.radio-canada.ca")
(host == "images.tou.tv")
(host == "player.siriusxm.ca")
(host == "primary.hls-streaming.production.streaming.siriusxm.ca")
(host == "now.sportsnet.ca")
(host == "watch.sportsnet.ca")
(host == "player.9c9media.com")
(host == "metrics.ctv.ca")
(host == "capi.9c9media.com")
(host == "www.ctv.ca")) { return 'PROXY ca-node.proxmate.me:8008' } else if ((host == "arte.tv")
(host == "www.arte.tv")
(host == "geoftv-a.akamaihd.net")
(host == "hdfauthftv-a.akamaihd.net")
(host == "replayftv-vh.akamaihd.net")
(host == "ftvingest-vh.akamaihd.net")
(host == "live.francetv.fr")
(host == "d8.tv")
(host == "www.d8.tv")
(host == "us-cplus-aka.canal-plus.com")
(host == "hds_live_d8_aka-lh.akamaihd.net")
(host == "d17.tv")
(host == "www.d17.tv")
(host == "hds_live_d17_aka-lh.akamaihd.net")
(url.indexOf("proxmate=fr") != -1)
(host == "www.6play.fr")
(host == "geo.6cloud.fr")
(host == "proxy-021.dc3.dailymotion.com")
(host == "proxy-67.dailymotion.com")
(host == "prof.estat.com")
(host == "metrics.dailymotion.com")
(host == "www.dailymotion.com")
(host == "vmap.snappytv.com")) { return 'PROXY fr-node.proxmate.me:8008' } else if ((host == "vod-akamai-psd-hds.p7s1digital.de")
(host == "vas.sim-technik.de")
(url.indexOf("proxmate=de") != -1)
(host == "nightclub.de")
(host == "zdf.de")
(host == "www.zdf.de")
(host == "zdf_hds_de-f.akamaihd.net")
(host == "api.nowtv.de")
(host == "delivestream-lh.akamaihd.net")
(host == "cdnapi.kaltura.com")
(host == "disneychannel.de")
(host == "www.southpark.de")) { return 'PROXY de-node.proxmate.me:8008' } else if ((host == "www.tg4.ie")
(url.indexOf("proxmate=ie") != -1)) { return 'PROXY ie-node.proxmate.me:8008' } else if ((host == "rai.tv")
(host == "www.rai.tv")
(host == "mediapolis.rai.it")
(host == "www.rai.it")
(host == "stream5.rai.it")
(host == "stream6.rai.it")
(host == "stream7.rai.it")
(host == "sspushrai1-s.akamaihd.net")
(host == "sspushrai2-s.akamaihd.net")
(host == "sspushraisport2-s.akamaihd.net")
(host == "sspushrai3-s.akamaihd.net")
(host == "secondary.adaptiveedge.rai.it")
(host == "rai-italia01.wt-eu02.net")
(host == "download.rai.tv")
(host == "mediapolisvod.rai.it")
(host == "ww.rai.tv")
(host == ".xuniplay.fdnames.com")
(url.indexOf("xuniplay.fdnames.com") != -1)
(host == "se-to1-8.se.live3.msf.ticdn.it")
(host == "live.shinystat.com")
(host == "lic.mediaset.net")
(host == "cssr.video.mediaset.it")
(url.indexOf("proxmate=it") != -1)
(host == "www.vvvvid.it")) { return 'PROXY it-node.proxmate.me:8008' } else if ((host == "telecinco.es")
(host == "telecinco1-vh.akamaihd.net")
(host == "www.telecinco.es")
(url.indexOf("proxmate=es") != -1)
(host == "antena3.com")
(host == "www.antena3.com")
(host == "geodesprogresiva.antena3.com")
(host == "rtve.es")
(host == "www.rtve.es")
(host == "ztnr.rtve.es")
(host == "mvodt.lvlt.rtve.es")
(host == "swf.rtve.es")
(host == "cuatro.com")
(host == "www.cuatro.com")
(host == "cuatro1-vh.akamaihd.net")
(host == "peliculas-online.atresplayer.com")
(host == "servicios.atresplayer.com")
(host == "atresplayer.com")
(host == "www.atresplayer.com")
(host == "k.uecdn.es")
(host == "v.uecdn.es")
(host == "as.com")
(host == "ep00.epimg.net")) { return 'PROXY es-node.proxmate.me:8008' } else if ((host == "prosieben.ch")
(host == "www.prosieben.ch")
(host == "s1tv.ch")
(host == "www.s1tv.ch")
(host == "zba2-0-hds-live.zahs.tv")
(host == "embed-zattoo.com")
(host == "chtv.ch")
(host == "www.chtv.ch")
(host == "zba2-1-hds-live.zahs.tv")
(host == "sat1.ch")
(host == "www.sat1.ch")
(host == "rsi.ch")
(host == "www.rsi.ch")
(host == "codch-vh.akamaihd.net")
(host == "il.srgssr.ch")
(host == "ch.viva.tv")
(host == "intl.esperanto.mtvi.com")
(url.indexOf("proxmate=ch") != -1)
(host == "zattoo.com")
(host == "www.srf.ch")
(host == "srgssruni1ch-lh.akamaihd.net")
(host == "srgssruni2ch-lh.akamaihd.net")
(host == "srgssruni3ch-lh.akamaihd.net")
(host == "www.teleboy.ch")
(host == "aka-cdn-ns.adtech.de")
(host == "teleboy.customers.cdn.iptv.ch")) { return 'PROXY ch-node.proxmate.me:8008' } else if ((host == "www.bbc.co.uk")
(host == "open.live.bbc.co.uk")
(host == "fig.bbc.co.uk")
(host == "vod-hds-uk-live.edgesuite.net")
(host == "vod-hds-uk-live.bbcfmt.vo.llnwd.net")
(host == "www.bbc.co.uk")
(host == "vs-hds-uk-live.bbcfmt.vo.llnwd.net")
(host == "vs-hds-uk-live.edgesuite.net")
(host == "c.brightcove.com")
(host == "secure.brightcove.com")
(host == "metrics.brightcove.com")
(host == "stv-ak.cds1.yospace.com")
(host == "core.stvfiles.com")
(host == "player.stv.tv")
(host == "stv.brightcove.com.edgesuite.net")
(host == "uk-dev-stv.cdn.videoplaza.tv")
(host == "mercury.itv.com")
(host == "www.itv.com")
(host == "itv.com")
(host == "llnw.live.btv.simplestream.com")
(host == "players.simplestream.com")
(host == "uapi.simplestream.com")
(host == "channel5.com")
(host == "wwwcdn.channel5.com")
(host == "cassie.channel5.com")
(host == "player.channel5.com")
(host == "deliver-hls.channel5.com")
(host == "akahls.channel5.com")
(host == "llnwhls.channel5.com")
(host == "milkshake.tv")
(host == "www.milkshake.tv")
(host == "trk-euwest.tidaltv.com")
(host == "mp.adverts.itv.com")
(host == "req.tidaltv.com")
(host == "s1.2mdn.net")
(host == "pes.itv.com")
(host == "ned.itv.com")
(host == "itvdotcom.2cnt.net")
(host == "tom.itv.com")
(host == "dave.uktv.co.uk")
(host == "uktvplay.uktv.co.uk")
(host == "uktvhdse.brightcove.com.edgesuite.net")
(host == "admin.brightcove.com")
(host == "really.uktv.co.uk")
(host == "yesterday.uktv.co.uk")
(host == "drama.uktv.co.uk")
(host == "live.tvplayer.com")
(host == "tvplayer.com")
(host == "sapi.tvplayer.com")
(host == "api.tvplayer.com")
(host == "www.gamefront.com")
(url.indexOf("proxmate=uk") != -1)
(host == "channel4.com")
(host == "ais.channel4.com")
(host == "pandr.my.channel4.com")
(host == "all4nav.channel4.com")
(host == "4id.channel4.com")) { return 'PROXY uk-node.proxmate.me:8008' } else if ((host == "link.theplatform.com")
(host == "discidevflash-f.akamaihd.net")
(host == "api.geoip.dp.discovery.com")
(host == "vidtech.cbsinteractive.com")
(host == "vidtech.cbsima.com")
(host == "om.cbsi.com")
(host == "media.mtvnservices.com")
(host == "api-manga.crunchyroll.com")
(host == "crunchyroll.com")
(host == "www.crunchyroll.com")
(host == "cdn.wwtv.warnerbros.com")
(host == "hlsioscwtv.warnerbros.com")
(host == "media.cwtv.com")
(host == "servicesaetn-a.akamaihd.net")
(host == "live.mlssoccer.com")
(host == "tvewnbc-i.akamaihd.net")
(host == "tvenbceast-i.akamaihd.net")
(host == "nbcmpx-vh.akamaihd.net")
(host == "www.pandora.com")
(host == "video.pbs.org")
(host == "ga.video.cdn.pbs.org")
(host == "urs.pbs.org")
(host == "play.spotify.com")
(host == "www.spotify.com")
(host == "play.spotify.edgekey.net")
(host == "www.iheart.com")
(host == "api2.iheart.com")
(host == "api.iheart.com")
(host == "iheart.com")
(host == "nick.mtvnimages.com")
(host == "sni-vh.akamaihd.net")
(host == "api.segment.io")
(host == "www.vevo.com")
(host == "vevo.com")
(host == "apiv2.vevo.com")
(host == "songza.com")
(host == "new.songza.com")
(host == "www.daisuki.net")
(host == "bngn-vh.akamaihd.net")
(host == "bngnwww.b-ch.com")
(host == "www.hbogo.com")
(host == "catalog.lv3.hbogo.com")
(host == "profile.lv3.hbogo.com")
(host == "profile.hbogo.com")
(url.indexOf(".lv3.hbogo.com") != -1)
(host == "register.hbogo.com")
(host == "play.hbogo.com")
(host == "smetrics.hbogo.com")
(url.indexOf(".lv3.cdn.hbo.com") != -1)
(host == "comet.api.hbo.com")
(host == "play.google.com")
(host == "checkout.google.com")
(host == "store.google.com")
(host == "apis.google.com")
(host == "amc350888def-vh.akamaihd.net")
(host == "a564avoddashnsus-a.akamaihd.net")
(host == "atv-ps.amazon.com")
(host == "www.amazon.com")
(host == "amazon.com")
(host == "fls-na.amazon.com")
(host == "phds-vod.cdn.turner.com")
(host == "token.vgtf.net")
(host == "www.ondemandkorea.com")
(host == "www.fxnetworks.com")
(host == "fxvcms-f.akamaihd.net")
(host == "tvetelemundo-vh.akamaihd.net")
(host == "feed.theplatform.com")
(host == "fsvideohds-vh.akamaihd.net")
(host == "watchable.com")
(host == "cilhlsvod-f.akamaihd.net")
(host == "oxygenvod-vh.akamaihd.net")
(host == "tvesyfy-vh.akamaihd.net")
(host == "www.smithsonianchannel.com")
(host == "brightcove01.brightcove.com")
(host == "edge.api.brightcove.com")
(host == "www.eonline.com")
(host == "link.theplatform.com")
(host == "api.listenlive.co")
(host == "playerservices.streamtheworld.com")
(host == "player.listenlive.co")
(url.indexOf("live.streamtheworld.com") != -1)
(host == "www.cartoonnetwork.com")
(host == "www.viki.com")
(host == ""www.viki.com")
(host == "www.origin.com")
(host == "ht.cdn.turner.com")
(host == "aolvideoshd-vh.akamaihd.net")
(host == "syn.5min.com")
(host == "stvideos.5min.com")
(host == "www.showtime.com")
(host == "secure.showtime.com")
(url.indexOf(".vgtf.net") != -1)
(host == "phds-live.cdn.turner.com")) { return 'PROXY us-node.proxmate.me:8008' } else if ((host == "livestreams.omroep.nl")
(host == ".npostreaming.nl")
(host == "ida.omroep.nl")
(host == "npoplayer.omroep.nl")
(host == "www.zapp.nl")
(host == "tellerapi.omroep.nl")
(host == "e.omroep.nl")
(url.indexOf("proxmate=nl") != -1)) { return 'PROXY nl-node.proxmate.me:8008' } else if ((host == "tvthek.orf.at")
(host == "apasfiisl.apa.at")
(host == "orf.oewabox.at")
(host == "atvplus.oewabox.at")
(host == "cdn.atv.at")
(url.indexOf("proxmate=at") != -1)
(host == "hdsvodsportsman-vh.akamaihd.net")
(host == "streamaccess.unas.tv")
(host == "www.laola1.tv")
(host == "www.livestation.com")
(host == "livestation.com")
(url.indexOf(".emigrantas.tv") != -1)) { return 'PROXY at-node.proxmate.me:8008' } else if ((host == "netflix.com")
(host == "www.netflix.com")
(host == "cbp-us.nccp.netflix.com")
(host == "secure.netflix.com")
(host == "api-global.netflix.com")
(host == "ichnaea.netflix.com")
(host == "customerevents.netflix.com")
(host == "s.thebrighttag.com")
(url.indexOf("proxmate=us") != -1)
(url.indexOf("proxmate=us") != -1)) { return 'PROXY usnet-node.proxmate.me:8008' } else if ((host == "s.hulu.com")
(host == "www.funimation.com")
(host == "wpc.8c48.edgecastcdn.net")
(host == "southpark.cc.com")
(host == "api.utils.watchabc.go.com")
(host == "www.dramafever.com")
(host == "www.logotv.com")
(host == "api.watchabc.go.com")
(host == "theanimenetwork.com")
(host == "huluim.com")
(host == "www.hulu.com")
(host == "t2.hulu.com")
(host == "urlcheck.hulu.com")
(host == "t.hulu.com")
(host == "s.hulu.com")
(host == "play.hulu.com")
(host == "t2.huluim.com")) { return 'PROXY ush-node.proxmate.me:8008' } else if ((host == "player.ooyala.com")
(host == "l.ooyala.com")) { return 'PROXY auv-node.proxmate.me:8008' } else if ((host == "web-api-us.crackle.com")
(host == "legacyweb-us.crackle.com")) { return 'PROXY us2-node.proxmate.me:8000' } else if ((host == "counter.yadro.ru")
(host == "turbik.tv")
(host == "player.rutv.ru")
(host == "api.rutv.ru")
(host == "cdnng.v.rtr-vesti.ru")
(host == "player.vgtrk.com")
(url.indexOf("proxmate=ru") != -1)
(host == "stream.1tv.ru")
(host == "mobdrm.1tv.ru")) { return 'PROXY ru-node.proxmate.me:8008' } else if ((host == "security.video.globo.com")
(host == "api.globovideos.com")
(host == "s.videos.globo.com")
(host == "gshow.globo.com")
(host == "voddownload02.video.globo.com")
(host == "secure.nuuvem.com")) { return 'PROXY br-node.proxmate.me:8008' } else { return 'DIRECT'; }}"
FF Extension: (MEGA) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\firefox@mega.co.nz.xpi [2017-01-08]
FF Extension: (Proxmate) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-04-17]
FF Extension: (Adblock Plus) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin HKU\S-1-5-21-4016113358-843845156-2686539769-1000: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
Chrome:
=======
CHR DefaultProfile: Default
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (uBlock Origin) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-20]
CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-09-30] (Advanced Micro Devices, Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [180224 2017-01-08] () [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4649000 2015-09-16] (Binary Fortress Software)
R2 Ds3Service; C:\Program Files\PS3 Controllers\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-18] (EasyAntiCheat Ltd)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-07] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-07] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-09-05] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2016-09-05] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
S3 cdrombus; C:\Windows\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Windows (R) Codename Longhorn DDK provider)
S3 h647906; C:\Windows\System32\drivers\h647906.sys [62576 2008-12-01] (Your Corporation)
S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41096 2008-12-01] (Your Corporation)
S3 MADFUMIDISPORT2010; C:\Windows\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-08] (Malwarebytes)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-08 20:51 - 2017-01-08 20:51 - 00039857 _____ C:\Users\Marvin\Desktop\FRST.txt
2017-01-08 20:50 - 2017-01-08 20:51 - 00000000 ____D C:\FRST
2017-01-08 20:50 - 2017-01-08 20:50 - 02419200 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
2017-01-08 20:49 - 2017-01-08 20:49 - 00019582 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2017-01-08 20:49 - 2017-01-08 20:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARVINS_PC-Windows-7-Ultimate-(64-bit).dat
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\RegBackup
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-01-08 20:48 - 2017-01-08 20:49 - 05766144 _____ (Tweaking.com) C:\Users\Marvin\Downloads\tweaking.com_registry_backup_setup.exe
2017-01-08 20:36 - 2017-01-08 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-01-08 20:15 - 2017-01-08 20:15 - 00602112 _____ (OldTimer Tools) C:\Users\Marvin\Downloads\OTL.exe
2017-01-08 16:49 - 2017-01-08 16:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-01-08 16:49 - 2017-01-08 16:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-08 16:49 - 2017-01-08 16:49 - 00002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-01-08 16:49 - 2017-01-08 16:49 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-01-08 16:48 - 2017-01-08 16:48 - 01065376 _____ (Google Inc.) C:\Users\Marvin\Downloads\ChromeSetup.exe
2017-01-08 16:17 - 2017-01-08 16:47 - 00000000 ____D C:\Users\Marvin\AppData\Local\UVFmedia
2017-01-08 16:17 - 2017-01-08 16:17 - 00000000 ____D C:\Program Files\LAT8TQJDDX
2017-01-08 16:16 - 2017-01-08 16:16 - 00000000 ____H C:\Windows\system32\BIT5D78.tmp
2017-01-08 16:16 - 2017-01-08 16:16 - 00000000 ____D C:\Program Files\IJD61O2L61
2017-01-08 15:50 - 2017-01-08 20:50 - 00000000 ____D C:\Users\Marvin\Desktop\WHEN SHIT GOES WRONG
2017-01-08 15:43 - 2017-01-08 20:12 - 00000000 ____D C:\AdwCleaner
2017-01-08 15:43 - 2017-01-08 15:43 - 03988944 _____ C:\Users\Marvin\Downloads\adwcleaner_6.042.exe
2017-01-08 15:29 - 2017-01-08 15:29 - 00000000 ____D C:\Program Files\Common Files\AV
2017-01-08 15:25 - 2017-01-08 20:09 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-08 15:23 - 2017-01-08 19:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-08 15:23 - 2017-01-08 15:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-01-08 15:23 - 2017-01-08 15:23 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-01-08 15:23 - 2017-01-08 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-01-08 15:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-01-08 15:22 - 2017-01-08 15:22 - 01496584 _____ C:\Users\Marvin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-08 15:22 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-08 15:21 - 2017-01-08 15:21 - 01496584 _____ C:\Users\Marvin\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe
2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Windows\system32\SSL
2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Users\Marvin\AppData\Local\Downloaded Installations
2017-01-08 15:20 - 2017-01-08 15:20 - 00003090 _____ C:\Windows\System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902}
2017-01-08 15:20 - 2017-01-08 15:20 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Ergickmidution
2017-01-08 14:14 - 2017-01-08 16:47 - 00000000 ____D C:\Users\Marvin\AppData\Local\Upmedia
2017-01-08 14:14 - 2017-01-08 15:32 - 00000000 ____D C:\Program Files (x86)\Mapadomcoaveck
2017-01-08 14:14 - 2017-01-08 14:15 - 00000000 ____D C:\Program Files\EET2FMBFLG
2017-01-08 14:14 - 2017-01-08 14:14 - 00006056 _____ C:\Windows\System32\Tasks\Wuzapyfuqerch Update
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____H C:\Windows\system32\BIT91AC.tmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\system32\sstmp
2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 _____ C:\TOSTACK
2017-01-05 22:53 - 2017-01-05 22:53 - 02137268 _____ C:\Windows\f45a21687b2122533a920d405cd65568.exe
2017-01-05 20:48 - 2017-01-05 22:26 - 01445154 _____ C:\Users\Marvin\Desktop\Die Einführung des Mindestlohns.pptx
2017-01-02 13:54 - 2017-01-02 20:11 - 04767777 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation (1).pptx
2017-01-02 13:10 - 2017-01-02 14:52 - 00000000 ____D C:\Users\Marvin\Documents\Darkest
2017-01-02 13:09 - 2017-01-02 13:09 - 00003332 _____ C:\Windows\System32\Tasks\SessionControlAgent
2017-01-02 13:09 - 2017-01-02 13:09 - 00000937 _____ C:\Users\Marvin\Desktop\Darkest Dungeon.lnk
2017-01-02 12:57 - 2017-01-02 12:57 - 00015026 _____ C:\Users\Marvin\Downloads\Darkest_Dungeon_2016_RPG-CODEX.torrent
2017-01-02 12:56 - 2017-01-02 12:56 - 04510004 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation.pptx
2016-12-29 18:19 - 2016-12-29 18:19 - 00069878 _____ C:\Users\Marvin\Downloads\15696174_10210872013973089_1280108056_o.jpg
2016-12-29 18:18 - 2016-12-29 18:18 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG (2).PDF
2016-12-29 18:12 - 2017-01-03 00:44 - 00000000 ____D C:\Users\Marvin\Desktop\Virtual Reality Präsentation
2016-12-29 13:47 - 2016-12-29 13:47 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\SmartSteamEmu
2016-12-29 13:42 - 2016-12-29 13:42 - 00000000 ____D C:\Users\Marvin\AppData\LocalLow\Monomi Park
2016-12-28 19:51 - 2016-12-28 19:51 - 00077824 _____ ( ) C:\Users\Marvin\Downloads\guiformat.exe
2016-12-28 19:19 - 2016-12-28 19:19 - 00188133 _____ C:\Users\Marvin\Downloads\Fat32FormatterEN.zip
2016-12-22 19:56 - 2016-12-22 19:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\AMD
2016-12-22 19:30 - 2016-12-22 19:30 - 00013254 _____ C:\Users\Marvin\Downloads\American_Dad_-_Season_13.torrent
2016-12-22 19:12 - 2016-12-22 19:12 - 00014039 _____ C:\Users\Marvin\Downloads\American_Dad_-_Season_12_-_1080P_-_WEB-DL_-_X265-HEVC_-_O69.torrent
2016-12-22 19:11 - 2016-12-22 19:11 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv] (1).torrent
2016-12-22 19:09 - 2016-12-22 19:09 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv].torrent
2016-12-22 14:02 - 2016-12-22 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-12-21 19:42 - 2016-12-21 19:54 - 82345072 _____ C:\Users\Marvin\Downloads\Ace_Stream_Media_3.1.12.1.exe
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-12-21 19:15 - 2016-12-21 19:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-12-18 23:46 - 2016-12-18 23:46 - 11273864 _____ C:\Users\Marvin\Downloads\AerialTraining.zip
2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\UnrealEngine
2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\DeadByDaylight
2016-12-18 19:02 - 2016-12-18 18:54 - 00395024 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2016-12-17 14:51 - 2016-12-17 19:28 - 00000000 ___RD C:\Users\Marvin\Desktop\Drum Rack DnB Project
2016-12-16 13:54 - 2016-12-16 13:54 - 00000000 ____D C:\Users\Marvin\Desktop\.midi files
2016-12-15 16:05 - 2016-12-15 16:41 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\discord
2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Local\Discord
2016-12-15 16:04 - 2016-12-15 16:05 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Marvin\Downloads\DiscordSetup.exe
2016-12-14 14:36 - 2016-11-21 19:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-12-14 14:36 - 2016-11-21 19:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-12-14 14:36 - 2016-11-21 19:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-12-14 14:36 - 2016-11-21 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2016-12-14 14:36 - 2016-11-20 17:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-12-14 14:36 - 2016-11-20 17:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-12-14 14:36 - 2016-11-20 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-12-14 14:36 - 2016-11-20 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-12-14 14:36 - 2016-11-20 16:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-12-14 14:36 - 2016-11-20 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-12-14 14:36 - 2016-11-20 16:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-12-14 14:36 - 2016-11-20 15:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-12-14 14:36 - 2016-11-17 17:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2016-12-14 14:36 - 2016-11-10 17:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-12-14 14:36 - 2016-11-10 17:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-12-14 14:36 - 2016-11-09 17:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-12-14 14:36 - 2016-11-09 17:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-12-14 14:36 - 2016-11-09 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-12-14 14:36 - 2016-11-09 17:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-12-14 14:36 - 2016-11-09 17:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-12-14 14:36 - 2016-11-09 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-12-14 14:36 - 2016-11-06 17:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-12-14 14:36 - 2016-11-06 17:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-12-14 14:36 - 2016-11-06 17:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-12-14 14:36 - 2016-10-27 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2016-12-14 14:36 - 2016-10-27 16:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2016-12-14 14:36 - 2016-10-11 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-12-14 14:36 - 2016-10-11 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-12-14 14:36 - 2016-10-11 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-12-14 14:36 - 2016-10-11 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-12-14 14:36 - 2016-10-11 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-12-14 14:36 - 2016-10-11 16:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-12-14 14:36 - 2016-10-11 16:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 16:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-12-14 14:36 - 2016-10-11 16:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-12-14 14:36 - 2016-10-11 16:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-12-14 14:36 - 2016-10-11 15:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-12-14 14:36 - 2016-10-11 15:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-12-14 14:36 - 2016-10-11 15:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-12-14 14:36 - 2016-10-11 15:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-12-14 14:36 - 2016-10-11 15:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-12-14 14:36 - 2016-10-11 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-12-14 14:36 - 2016-10-11 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-12-14 14:36 - 2016-10-11 14:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
2016-12-14 14:36 - 2016-10-11 14:17 - 00419648 _____ C:\Windows\system32\locale.nls
2016-12-14 14:36 - 2016-10-08 14:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-12-14 14:36 - 2016-10-04 16:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-12-14 14:36 - 2016-10-04 16:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-12-14 14:36 - 2016-10-04 16:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-12-13 12:59 - 2016-12-13 12:59 - 00000000 ____D C:\Users\Marvin\AppData\Local\Chromium
2016-12-11 19:11 - 2016-12-11 20:41 - 00000000 ___RD C:\Users\Marvin\Desktop\We gon try this again Project
2016-12-11 18:21 - 2016-12-11 18:21 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG (1).PDF
2016-12-11 13:58 - 2016-12-11 13:58 - 00000000 ____D C:\Users\Marvin\AppData\LocalLow\Daedalic Entertainment GmbH
2016-12-11 13:58 - 2016-12-11 13:58 - 00000000 ____D C:\Users\Marvin\AppData\Local\Daedalic Entertainment GmbH
2016-12-11 13:53 - 2016-12-11 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment GmbH
2016-12-11 13:18 - 2016-12-11 13:18 - 00001338 _____ C:\Users\Marvin\Downloads\Shadow_Tactics_Blades_of_the_Shogun-FLT.sfdl
2016-12-10 13:42 - 2016-12-10 13:42 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG.PDF
2016-12-09 15:09 - 2016-12-09 15:09 - 00013444 _____ C:\Users\Marvin\Downloads\Virtual-Reality-im-Unternehmensbereich.docx
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-08 20:47 - 2016-04-06 17:24 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-01-08 20:36 - 2015-09-05 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-01-08 20:25 - 2015-09-07 00:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-08 20:12 - 2015-09-05 22:31 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\TS3Client
2017-01-08 20:09 - 2015-09-18 13:58 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\vlc
2017-01-08 19:14 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-08 19:14 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-08 19:12 - 2015-09-13 14:16 - 00000000 ____D C:\Windows\system32\MRT
2017-01-08 19:12 - 2015-09-05 14:52 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-08 19:12 - 2009-07-14 06:13 - 00743506 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-08 19:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-08 19:10 - 2015-09-13 14:16 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-08 19:07 - 2016-04-06 17:26 - 00000000 ___RD C:\Users\Marvin\Dropbox
2017-01-08 19:06 - 2016-04-06 17:24 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-01-08 19:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-08 19:05 - 2016-08-31 12:44 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-01-08 18:52 - 2015-09-18 23:51 - 00000000 ____D C:\Users\Marvin\AppData\Local\Battle.net
2017-01-08 16:49 - 2015-09-05 14:40 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-08 16:48 - 2015-09-18 23:49 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-08 16:22 - 2015-09-18 23:27 - 00000000 ____D C:\Users\Marvin\AppData\Local\Spotify
2017-01-08 16:22 - 2015-09-18 23:25 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Spotify
2017-01-08 16:19 - 2015-09-05 14:54 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-08 16:17 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
2017-01-08 14:31 - 2015-09-05 22:16 - 00000000 ____D C:\Users\Marvin\AppData\Local\ElevatedDiagnostics
2017-01-05 20:41 - 2015-09-23 20:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\CrashDumps
2017-01-03 14:46 - 2015-09-28 17:52 - 00000000 ____D C:\ProgramData\Origin
2017-01-03 14:44 - 2015-09-28 17:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Origin
2017-01-02 22:20 - 2015-09-10 15:32 - 00000000 ____D C:\Program Files\PeerBlock
2017-01-02 13:03 - 2015-09-15 23:04 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\uTorrent
2016-12-30 22:17 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-12-29 13:46 - 2015-10-14 10:10 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2016-12-29 13:46 - 2015-10-14 10:10 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2016-12-28 20:17 - 2016-04-18 17:44 - 00000000 ____D C:\Users\Marvin\AppData\Local\Windows Live
2016-12-22 16:13 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-12-22 14:02 - 2016-04-06 17:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-12-19 20:48 - 2016-08-11 17:53 - 00000000 ____D C:\Windows\rescache
2016-12-17 21:14 - 2016-07-22 10:14 - 00000000 ____D C:\Users\Marvin\Documents\ManiaPlanet
2016-12-17 21:06 - 2016-07-22 10:14 - 00000000 ____D C:\ProgramData\ManiaPlanet
2016-12-15 16:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET
2016-12-15 16:48 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\assembly
2016-12-15 16:05 - 2016-01-04 18:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\SquirrelTemp
2016-12-15 08:51 - 2015-09-05 16:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-15 08:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\winsxs
2016-12-15 08:19 - 2009-07-14 03:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
2016-12-15 08:18 - 2009-07-14 05:45 - 00509392 _____ C:\Windows\system32\FNTCACHE.DAT
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\en-US
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Boot
2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppPatch
2016-12-15 00:17 - 2015-09-05 14:41 - 00734476 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-12-14 14:44 - 2015-09-06 20:15 - 00013553 _____ C:\Users\Marvin\Desktop\Pushups Crunches.xlsx
2016-12-14 14:37 - 2015-09-07 11:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-12-14 14:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\catroot2
2016-12-13 19:25 - 2015-09-07 00:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 19:25 - 2015-09-07 00:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 19:25 - 2015-09-07 00:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 19:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 19:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 12:59 - 2015-09-05 14:57 - 00000000 ____D C:\Users\Marvin\AppData\Local\Steam
2016-12-12 23:52 - 2015-12-29 19:00 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Skype
2016-12-11 13:42 - 2015-12-01 13:55 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\SFDL.NET 2
2016-12-09 17:51 - 2016-12-06 15:07 - 00000000 ___RD C:\Users\Marvin\Desktop\White Blood Project
==================== Files in the root of some directories =======
2015-09-17 00:20 - 2015-09-17 00:20 - 0000037 ___SH () C:\Users\Marvin\AppData\Local\20986331705021ca58edc424.96250074
2016-02-19 10:56 - 2016-02-19 10:56 - 0000036 _____ () C:\Users\Marvin\AppData\Local\housecall.guid.cache
2016-01-03 00:59 - 2016-01-05 23:07 - 0007600 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
2015-09-18 16:55 - 2015-09-18 16:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-05 14:45 - 2015-09-05 14:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe
C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-01-07 21:48
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by Marvin (08-01-2017 20:51:45)
Running from C:\Users\Marvin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-09-05 13:38:00)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4016113358-843845156-2686539769-500 - Administrator - Disabled)
Guest (S-1-5-21-4016113358-843845156-2686539769-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4016113358-843845156-2686539769-1002 - Limited - Enabled)
Marvin (S-1-5-21-4016113358-843845156-2686539769-1000 - Administrator - Enabled) => C:\Users\Marvin
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Ableton Live 9 Suite (HKLM\...\{F6BA3E9F-8637-4DCE-BBA8-75A6A57A9D0B}) (Version: 9.0.0.0 - Ableton)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Skybox Labs)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Analog Lab 1.2.3 (HKLM-x32\...\Analog Lab_is1) (Version: 1.2.3 - Arturia)
Arturia Software Center 1.2.1 (HKLM-x32\...\Arturia Software Center_is1) (Version: 1.2.1 - Arturia)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bionic Dues (HKLM-x32\...\Steam App 238910) (Version: - Arcen Games, LLC)
Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.4 - Codeusa Software)
Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
Catalyst Control Center Next Localization BR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DARK SOULS II - Scholar of the First Sin (HKLM-x32\...\DARK SOULS II - Scholar of the First Sin_is1) (Version: - )
Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version: - )
DARK SOULS™ II: Scholar of the First Sin (HKLM\...\Steam App 335300) (Version: - FromSoftware, Inc)
Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version: - )
Darksiders II: Deathinitive Edition (HKLM\...\Steam App 388410) (Version: - Gunfire Games)
Darksiders Warmastered Edition (HKLM\...\Steam App 462780) (Version: - KAIKO)
Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
Discord (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
DisplayFusion 7.3 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.0.0 - Binary Fortress Software)
Distance (HKLM-x32\...\Steam App 233610) (Version: - Refract)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version: - Crows Crows Crows)
Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DuelystLauncher (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\launcher) (Version: 0.0.9 - Counterplay Games Inc.)
Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.0.0.2 - GOG.com)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios)
Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.45.44416 - Electronic Arts)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
FlatOut 2 (HKLM\...\Steam App 2990) (Version: - Bugbear Entertainment)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
GameRanger (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\GameRanger) (Version: - GameRanger Technologies)
Gaming Mouse Editor (HKLM-x32\...\GamingMouseEditor) (Version: 13.04.0002 - )
Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Industry Giant 2 (HKLM\...\aW5kdXN0cnlnaWFudDI_is1) (Version: 1 - )
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
Mafia III (HKLM-x32\...\Mafia III_is1) (Version: - )
MAGIX Common Components 1 (HKLM-x32\...\{38BF501B-F285-4A3B-99E2-09F58A130A59}) (Version: 1.7.0.0 - MAGIX Software GmbH)
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Fonts Package 2 (x32 Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B396DA26-0959-44BA-812B-2E6AF4F678E1}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MIDI Control Center 1.2.2 (HKLM-x32\...\MIDI Control Center_is1) (Version: 1.2.2 - Arturia)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 de)) (Version: 47.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version: - )
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Need For Speed Most Wanted Black Edition version 1.3.0.0 (HKLM-x32\...\Need For Speed Most Wanted Black Edition_is1) (Version: 1.3.0.0 - Mr DJ)
Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.1.0.0 - Electronic Arts)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
Pazera Free MKV to AVI Converter 1.4 (HKLM-x32\...\{EDFA6B29-7667-4FD2-86F3-9835AFCE837A}_is1) (Version: 1.4 - Jacek Pazera)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Project Highrise (HKLM-x32\...\2018730457_is1) (Version: 2.0.0.4 - GOG.com)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2461 - )
Raptr (HKLM-x32\...\Raptr) (Version: - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version: - Microsoft Studios)
Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
Shadow Tactics - Blades of the Shogun 1.1.2 (HKLM-x32\...\{BB762706-65FA-44C1-B2BB-EF29CA88D7CE}_is1) (Version: 1.1.2 - Daedalic Entertainment GmbH)
Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version: - )
Skyborn (HKLM-x32\...\Steam App 278460) (Version: - Dancing Dragon Games)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
SNOW (HKLM\...\Steam App 244930) (Version: - Poppermost Productions)
SONAR 8.0 Producer Edition (HKLM-x32\...\SONAR8Producer_x64_is1) (Version: 17.0 - Cakewalk Music Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold (HKLM-x32\...\{97A19679-4C07-4B34-8ACB-D5565C3440FC}) (Version: - )
Stronghold Crusader Extreme HD (HKLM\...\Steam App 16700) (Version: - Firefly Studios)
Stronghold Crusader HD (HKLM\...\Steam App 40970) (Version: - FireFly Studios)
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.4.0.5 - GOG.com)
Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
The Room (HKLM-x32\...\The Room_is1) (Version: - Fireproof Games)
The Room Two (HKLM\...\Steam App 425580) (Version: - Fireproof Games)
The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight Ltd.)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
This Is the Police (HKLM-x32\...\This Is the Police_is1) (Version: - )
TOXIKK (HKLM\...\Steam App 324810) (Version: - Reakktor Studios)
Trine 2 (HKLM\...\Steam App 35720) (Version: - Frozenbyte)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
Unreal Development Kit: 2015-01 (HKLM\...\UDK-5e1b7663-0639-46c5-882c-a64cefc97f4d) (Version: - Epic Games, Inc.)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
USB Network Joystick (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: V3.70a - )
Velocibox (HKLM-x32\...\Steam App 317710) (Version: - Shawn Beck)
Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
White Night (HKLM-x32\...\White Night_is1) (Version: - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
World of Goo (HKLM\...\Steam App 22000) (Version: - 2D BOY)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {015D408D-BFF6-437D-86FD-B4E1CD58743B} - System32\Tasks\Wuzapyfuqerch Update => C:\Program Files (x86)\Mapadomcoaveck\vazering.exe [2017-01-08] (Glarysoft Ltd)
Task: {2075174D-DA69-43F3-B9AC-DB550763ABAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {476E2E3D-7994-4604-83C4-054AF01BD337} - System32\Tasks\SessionControlAgent => C:\windows\mfdvdec.exe
Task: {4F0AE84A-66A1-4265-A761-E8A418FA8722} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
Task: {63E4E2EA-492C-41FB-BF97-AE7231771156} - System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
Task: {72D72D62-605D-4038-8B0D-BA0D4EEC48EE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
Task: {A6ECCEEE-5AEE-416B-8968-7A0D124938D0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
Task: {BD6F6ECA-881B-4477-8788-59E26BCE7DBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
Task: {FAC70300-0CF5-4A75-A198-4F098D1518F3} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-08-11] (Advanced Micro Devices, Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-09-29 23:49 - 2015-09-29 23:49 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2017-01-08 16:16 - 2017-01-08 16:16 - 00369664 _____ () C:\Program Files\IJD61O2L61\IJD61O2L6.exe
2017-01-08 16:17 - 2017-01-08 16:17 - 00369664 _____ () C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
2017-01-08 14:14 - 2017-01-08 14:14 - 00117561 _____ () C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
2016-06-22 13:09 - 2008-12-10 10:10 - 00796784 _____ () C:\Windows\USB Vibration\7906\USB Gamepad.exe
2015-10-01 21:19 - 2016-09-05 13:30 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2017-01-08 15:22 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-08 16:49 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2017-01-08 16:49 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2017-01-08 14:14 - 2017-01-08 14:14 - 00180224 _____ () c:\program files (x86)\mapadomcoaveck\bmssch.dll
2016-08-11 09:22 - 2016-08-11 09:22 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
2015-09-05 14:57 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-09-05 14:57 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-09-05 14:57 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-09 13:13 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-04-06 17:25 - 2016-11-11 21:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-04-06 17:25 - 2016-11-11 21:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-04-06 17:25 - 2016-11-11 21:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-12-22 14:02 - 2016-11-11 21:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-04-06 17:25 - 2016-11-11 21:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-12-22 14:02 - 2016-11-11 21:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-12-22 14:02 - 2016-11-11 21:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-06 17:25 - 2016-11-11 21:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-04 23:23 - 2016-11-11 21:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-04-06 17:25 - 2016-12-21 19:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-12-22 14:02 - 2016-11-11 21:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-12-22 14:02 - 2016-12-21 19:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-12-22 14:02 - 2016-12-21 19:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-04-06 17:25 - 2016-11-11 21:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-12-22 14:02 - 2016-11-11 21:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-12-22 14:02 - 2016-11-11 21:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-12-22 14:02 - 2016-12-21 19:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-04-06 17:25 - 2016-11-11 21:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-04 23:23 - 2016-12-21 19:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-22 14:02 - 2016-12-21 19:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-01-08 15:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-01-08 15:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-01-08 15:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-13 12:59 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2015-09-05 14:57 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
2015-09-05 14:57 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-01-08 15:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-01-08 15:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Marvin\Desktop\In Praise of Idleness.docx:com.dropbox.attributes [168]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2017-01-08 16:16 - 00003762 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com (http://www.czzsyzgm.com)
127.0.0.1 www.czzsyzxl.com (http://www.czzsyzxl.com)
127.0.0.1 union.baidu2019.com
127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com (http://www.czzsyzgm.com)
127.0.0.1 www.czzsyzxl.com (http://www.czzsyzxl.com)
127.0.0.1 union.baidu2019.com
34.195.153.94 www.google-analytics.com (http://www.google-analytics.com)
34.195.153.94 google-analytics.com
34.195.153.94 mc.yandex.ru
34.195.153.94 top-fwz1.mail.ru
34.195.153.94 site.yandex.net
34.195.153.94 pagead2.googlesyndication.com
34.195.153.94 ad.mail.ru
34.195.153.94 ads.adfox.ru
34.195.153.94 ads.pubmatic.com
34.195.153.94 apis.google.com
34.195.153.94 autocontext.begun.ru
34.195.153.94 b.scorecardresearch.com
34.195.153.94 c.amazon-adsystem.com
34.195.153.94 cdn.admixer.net
34.195.153.94 cdn.cxense.com
34.195.153.94 cdn.livefyre.com
34.195.153.94 cdn.onthe.io
34.195.153.94 cdn.optimizely.com
34.195.153.94 cdn.prom.st
34.195.153.94 cdn.pushwoosh.com
There are 55 more lines.
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Local\DisplayFusion\Wallpaper_1
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{2C67024C-DC4B-4314-9C8B-057AE5ABCCE8}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{52C9B7A2-64FC-4CE1-BE7D-258A25741A08}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD82BC66-3211-4AFF-AB15-A20EE4F7E229}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{14E327E9-4066-49A2-8544-495618EE2CDE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{129DBF11-1F8C-497C-AA60-16B561D33EEA}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{169051FB-0C5F-4F54-BC54-4932336D2AB0}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{078093FA-5DAE-4ED3-A4CF-F4E5E7D2CB26}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{9FD1C2D6-7906-4318-A23C-E192FBD43156}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{E553F81E-6859-4F48-8BD2-2B1027A62D75}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E930793D-DE5A-4CA0-B77B-EAF8F6F960D4}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C335B409-E9C8-4696-98D0-FDB4F87DDC36}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{AE233376-CDF0-4D65-BA6A-D33D6365EDC9}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
FirewallRules: [{96230585-A1DA-4710-AF5C-1304C89991D5}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{009D2D9A-0A85-4A44-B40F-73A12D35D250}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{8C9891A1-1FA2-477C-BA45-A25FB9B92113}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{F93FD07B-352B-4010-B2CB-1839EFF573C7}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
FirewallRules: [{520998B0-63E3-43A0-A903-3D21DF510F79}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
FirewallRules: [{FD148EBC-ABAF-4294-9F3E-8C76090C81EF}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
FirewallRules: [{4A803132-5785-4794-893E-ACA9815A0168}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83E60C6D-B439-4AD8-9B63-26360FC9002D}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DD92F503-5E4B-4DB2-A168-B102BA7BB6BA}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7C44DA4A-40FB-4AD2-87D9-1CB8426EFED0}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5D217C4-4EDB-4251-BC68-C42F3E0E8818}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5769C73-527D-4FE5-B2B2-D7A25EE96410}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C0457E1B-4D27-4302-9D5A-A67794A081CB}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{018665DB-381B-4249-8A7C-88C910A5A92F}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
FirewallRules: [{54458FA4-6EB8-42CC-A80B-FADEAB620123}] => F:\FSetup.exe
FirewallRules: [{BEA043F3-AB1B-4988-85F0-4F6B06C4223E}] => F:\FSetup.exe
FirewallRules: [{14F65062-EB39-4798-9D8A-4D5A865F06B5}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F33CCFB0-60C6-4F2B-998D-0996993D8DD4}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{F7270DDA-B899-4893-A56D-642AC3120C51}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
FirewallRules: [{3D086A43-BE50-472F-A1C1-3C8D1E2960FC}] => LPort=5357
FirewallRules: [{22C31F31-C114-49DD-96E9-CE31BA4A42AD}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{54FC33AE-AE9E-4ECF-8184-41857E10B6EA}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{BD5A772D-7E44-4759-88BA-48E4A5F96BB5}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{60D11025-A6F7-41DD-8791-AAB06D7F61A6}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
FirewallRules: [{007CC6DF-CC7F-4BA5-BA31-40B240518B72}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
FirewallRules: [{681930F8-C1C6-429C-A186-9A2F769D7D63}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [{FE48D0CF-EC49-4097-A142-ED3C5547BC19}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
FirewallRules: [TCP Query User{647A6EFE-B391-4B64-8951-4EEF599154A4}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{A5F2208D-30E9-49D1-B908-5C959896B1CA}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [{2B504F76-0490-4133-BCBF-5675D3CF0D13}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{B6657BBB-6EBE-4FBA-AADC-973EFEE18990}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
FirewallRules: [{30DA0CC5-6031-49A7-8478-6D4423165B57}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{61AEC935-F92E-4BC0-B732-594F00592BF5}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
FirewallRules: [{FF174677-EDC1-4CE9-94C4-CBEF8A5C2F81}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{014B0979-388C-4777-91AC-801E0E6F89AA}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{CCA7CDEB-C500-460E-AE48-A3A68DA060A9}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{311DD911-DC6B-4259-A70B-97694993B5D7}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40F1223A-5435-4EB0-90A7-7D74F4EB51F5}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [{A742BC14-4049-4014-BA4D-F3B48792F747}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
FirewallRules: [TCP Query User{01352EF0-7CB0-49BE-8589-EF386A74FFB5}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [UDP Query User{75D3C9EB-9B38-4358-94E5-4C62D5A6A767}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
FirewallRules: [{06291B2E-0FB5-4483-B9F0-1D6387714701}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{22583C7A-FB6E-47B6-A2ED-9DCAD531BD51}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{198581A9-1D51-4E9B-AF2A-F55FC1A06106}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{DB0FA115-A0AC-44B0-BFFC-CE32C388E04F}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
FirewallRules: [{5756E919-A02F-42FA-8DA2-3C58C9988CCD}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
FirewallRules: [{A6481242-7297-4090-BD13-1775ADD7A08B}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
FirewallRules: [{E1B3C425-7A16-4AEF-86A9-FFA6FE518590}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
FirewallRules: [{07E23BBF-B0AC-4D8E-9E9B-9EB78818554D}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
FirewallRules: [{0A1D96D5-3C6F-43FB-B3E5-4C229AE224C5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E1B76222-696E-4889-8692-D1A2F162E6E3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{945393B7-0AB3-4867-A835-CFDA8A5D9CA5}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{6800929E-6C93-4D0C-B46D-89C7C172F8E3}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
FirewallRules: [{2681F1A1-F6F4-4CF0-ADE4-591E5C281A3E}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
FirewallRules: [{C18C9176-B8B6-47FF-A573-A35925CF04A1}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
FirewallRules: [{AF66DE81-46C8-4BC0-A8E0-4DCBA79747CA}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
FirewallRules: [{B0852FD9-1130-4FC4-8A6E-2FFF291AE5D1}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
FirewallRules: [{69A0E37D-3266-45B2-BBCA-DA7312B41049}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{9AF6C141-AF24-4985-A26E-FFA0149C8E60}] => C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{2C340C38-0B26-4BA8-8449-50F45EF51956}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{E6620324-6937-4A32-9DCF-FD5AA0EC06F3}] => C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{6C67B8D7-6D29-46E7-8C9F-C5CA4A2AA24E}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{C1C44579-42E9-45DE-8718-75E7555A834B}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{49D0AF96-8BA0-498D-82F0-6BED639B3F00}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{43E90CDC-71DE-463D-B12D-1A75D722412D}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
FirewallRules: [{12BAE19A-1AA1-44FB-BE77-8960E239E938}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [{16E8671D-B9D1-4115-861C-4C167191E8D2}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
FirewallRules: [TCP Query User{C19518B1-FB8E-4656-8B09-36379EDBAB17}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [UDP Query User{9C3F3F23-32BA-4B53-AED4-671063BE47DD}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
FirewallRules: [TCP Query User{0D50C0B1-AE55-4CDC-A8E2-83FE8CCA1A40}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
FirewallRules: [UDP Query User{600D271E-D530-45C6-BDA2-5BD835F3CBCC}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
FirewallRules: [{DF9637FE-9271-4755-83CA-64EC22124DCC}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{A4640C5F-93EF-475F-A849-544277DA8FBD}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{BC065E74-9DFB-44F7-9093-3E8B5D901608}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{9C45B3AC-4CB2-459A-8422-778B25383CB9}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{5E83E391-249A-4DB4-BE6C-F854329B3442}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{2FF6C920-B74A-4E0D-819E-D56337F2EB23}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{E27BAD56-AB74-4D21-A893-336DD260CACE}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [{2CABC0C9-2329-4A54-823E-E74629960D96}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{4A2ED845-1DBE-4666-9E54-CFDE0337583A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{763DE35C-D07C-4A62-B596-91BE2DAA1FFD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{7F45ABBA-92AF-4F8D-8BF8-27270D43A9C1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{6003E9CD-A138-4031-B09D-9D65D7BAAFF1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{A79D523A-6610-4CE5-9EF4-0C43F9F0B3DD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{6D24357E-B5EE-42E2-A7BF-ED36973295EB}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{9D9F7801-388C-49AB-82A7-74FFD38BDC4D}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{CC3BEC4B-F9EA-4A41-A74B-DBE5B5ADFE0A}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{DF06961E-9960-4F51-B55F-47624BEEB7DA}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{F15ED7ED-329F-4608-9F58-C420C07DE427}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{E5B1B159-E816-460F-BF5C-8BB6AC88CA6F}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{B443FBA7-2848-4CFC-812E-5151B025666F}] => D:\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{05950F9F-92DE-40E3-B8F0-D5F0B7FED4FF}] => D:\Origin Games\Titanfall\Titanfall.exe
FirewallRules: [{8992FF96-67B3-4CAB-BB72-ADE46920965C}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B4E7D120-3B2C-4175-B5A8-0BDDB77B3DF5}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{0AF7D012-5356-4BEA-A25D-A8A5F5525E3D}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{23FCFBDE-AFA6-4D7D-AD8E-58F54863334F}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{B34222C4-CF8D-4912-828B-98D66889BDB0}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{08313B4B-831B-4D22-89C7-A2446F2DC868}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{6EA2A39E-D5CE-4E6F-97B1-FC72AA45D541}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
FirewallRules: [{625DD56D-7837-4399-A13C-8988BBACBB28}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
FirewallRules: [{40891563-B988-46EA-9820-B7C5E464B166}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{50E31DE1-BCEB-43B2-A993-F186683BB640}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{3D9C6597-B922-4202-B955-03224C20A984}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{190A8C82-862C-4A73-B3BD-1F951E22AAF2}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{7219BC4D-3E4F-4576-988B-00DBABE989E7}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{0694F81E-A89C-4A66-977E-7F5CF48BE772}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{7CA5FEF0-87EA-4438-9DD0-17B73E15EAE5}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{D636D9FA-939C-4B65-A172-66F716596E13}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{3CDF4703-E5D5-4713-8862-17CA78560788}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [{EAFF5FFF-7F7C-46CD-BAD7-84E1011B35AF}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
FirewallRules: [TCP Query User{55482BD3-AA22-4146-AA31-442043D5DDF9}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
FirewallRules: [UDP Query User{CE7A66C2-99D4-4A01-9C2E-DA0E4D070019}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
FirewallRules: [{BD410568-C2D8-4E75-B531-B9981040E885}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C6C5A191-9C82-4C67-B429-EA617663A79F}] => LPort=2869
FirewallRules: [{20479539-82B1-413E-8E2E-9FDE981C278A}] => LPort=1900
FirewallRules: [{21CC8884-23C9-440F-B3FC-8054362CEF46}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
FirewallRules: [{58D02992-1E07-43F8-86BD-440A307566FF}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
FirewallRules: [TCP Query User{DC6D1EED-0862-4BA2-B3CF-13D041B47EB2}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
FirewallRules: [UDP Query User{541CC553-77EB-40FE-A7EE-350BD99116AA}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
FirewallRules: [{5A52CCD4-9F08-4721-BC33-33143B7BF968}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
FirewallRules: [{D5E5EEFD-2B94-4B86-9B43-19569D6E6218}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
FirewallRules: [{A0B1201F-2DEA-4133-904A-9A3E134C56BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{3FB5DB0B-A1E0-48EF-A7F9-1E11620B88BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{604CA1CF-3DA8-4987-AE2D-8F1AC569A4FE}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{3F247AF4-BCCE-4598-AF4B-F570DDE0DC4F}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
FirewallRules: [{C780D536-056F-46C2-89F9-C75A4AD8D85E}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{44BE9D03-20AF-4F1E-9C20-C00BB9F15CF8}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
FirewallRules: [{C3F8211B-A747-4C36-8FA7-BCD51262422F}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{50D7A03F-AAB7-4D14-9B3C-F7CB78BAC7CB}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
FirewallRules: [{C813053E-85C3-4FCE-A98F-F64AB377515C}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{02AEF83E-A419-4848-9A95-BF8F65230AB4}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
FirewallRules: [{A6270AD3-B51A-4767-B29E-5230302EBC74}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{BB18A7A7-A6AE-41F9-A3D2-3BA26932ABF8}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
FirewallRules: [{62E27FF0-8270-41AE-A1AA-61425B2814CA}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{E2AA4C60-776A-478C-884C-4277DDCB44C5}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [TCP Query User{B36987E6-DA30-41C1-B78F-88FEB396BA37}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{F0EA91A2-71BF-492F-8A89-D459AAA35E2A}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{985B2F18-0DA9-4BE0-9519-79F679DAF809}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{6496500F-62C6-4B53-B07B-F5A3A211FC46}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{3DC9802E-1254-43AA-ACA9-ED0848637A91}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
FirewallRules: [{04B5B5DA-723A-4013-AD21-D79F57877A2C}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
FirewallRules: [TCP Query User{A3BA3E4F-10F1-4871-B872-8D0FBFA3BE0D}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
FirewallRules: [UDP Query User{4C132067-F08A-42B9-AF92-79749DDC6A03}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
FirewallRules: [{130362D6-B9CE-4064-897B-2F85AB365F5E}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [{BACF3C9F-C771-40FB-9B3C-5A2BE79A8076}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
FirewallRules: [TCP Query User{6DC74B46-5DE6-4DEE-99F0-2ECE7EEEDBF6}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{27DDE796-950E-4045-AD88-DDFD83D9AE2A}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{6CAFCF52-E329-419A-A260-16B830758CFE}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{E2141F5F-AE7B-4B46-9164-7B97AF28B215}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
FirewallRules: [{157414F4-28E8-414E-8121-BF5BE1627F46}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{13CED9B7-DE2A-4F03-8652-2487A048341E}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{790B1BDF-25FA-454E-9D64-D9487D636CF2}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [{F4AE393F-F1BF-497F-8EED-ED76D40F316F}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
FirewallRules: [TCP Query User{11F1608C-BFF3-47F3-929A-7DD7C89EF38D}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{C9965CC4-661C-4F6F-B4B3-7DD71C96796C}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{2841BF19-E797-4C58-B406-40F14C5F83F3}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [UDP Query User{75B87E49-279D-481E-AB57-53A5FB1F2833}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
FirewallRules: [{7EC9ED00-0873-4C75-98C7-8B1B633473B1}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB6F2570-1429-41C0-8DDC-22EC64725726}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{FB7D1C11-C2EA-4466-A264-DB2CBC34A0AD}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D2784565-EED7-413F-A033-4C79CC252477}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{03D858A8-891C-45F4-9ADE-6B03801E9B72}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{58A2C62B-3121-4CCF-B5B8-A724C6D8ABC8}] => C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6931E6E7-A38E-415A-9A10-475B778FD92A}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{D18B0565-4C37-4AB0-997F-9215093FDC82}] => C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{68E05207-A717-49D8-B227-6B575701B61C}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{9267A602-1433-435C-AF13-D703F9C957BA}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{A4A353D7-A425-41D6-BFC4-3A085F8808BA}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{A301EB7D-7BD7-4C8E-A414-F5FA3B226930}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
FirewallRules: [{0B217961-2D9E-4F00-A7BD-E6F72648CFD9}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{8B98E7E3-1C8A-465E-BE5E-83412440DD24}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{3ABD7847-D2A9-4274-9D03-FBF5F09D0EA6}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{BDBE934F-3142-416F-B96F-CB24F1C31F67}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{15FB6868-48F4-4F51-A837-A87160D1B72C}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [{A8B4C5E4-3156-45B5-8468-6F7629C8CDAC}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
FirewallRules: [TCP Query User{978249A7-E3CA-4254-AA17-FD7FFC4EDF3D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
FirewallRules: [UDP Query User{972369D7-BF66-41B7-ADFC-FCBCF9908D7D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
FirewallRules: [{C8D576DD-9C55-467F-A9F1-A20256AB7B27}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{E1AE626D-105E-479C-9708-7663599A4724}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
FirewallRules: [TCP Query User{2130A400-1A75-4E97-8252-B394C98186F0}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
FirewallRules: [UDP Query User{A94C4A47-B01E-426C-9D8F-33E75F426213}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
FirewallRules: [{CC6D2B93-89D0-4C19-A1FD-725069A85B0F}] => D:\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{F1694BD4-2917-4867-B2A4-155048B905ED}] => D:\Origin Games\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{AFD55FF9-6C2C-4514-AD82-63B8C7BEF230}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{75750E89-6CEA-44E1-8327-B37BDF9F380B}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{9E6C8FB2-16EF-4122-A53A-1B7AADA907B2}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{CE9D89F1-8B3B-4A78-96AC-18B27FC76425}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
FirewallRules: [{EB0573A6-634F-42A9-8DC3-015C818D0BAF}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [{C29F4CB3-CF7E-4909-946B-BE24CE91E86C}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
FirewallRules: [TCP Query User{8CDAEB39-36B6-4964-ABD1-84DAF026AE3C}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9FF1126F-CE84-46F0-97CF-B283362D70CA}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
FirewallRules: [{2A41F4F2-B79A-4047-BE74-9EFA19E292EC}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{3370B26E-1739-400F-A0BC-04D343CA49D1}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
FirewallRules: [{0E1EF994-DE8D-4AF9-B260-D3EB90382EE0}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{E8FFAB56-AC8A-40C5-AC11-2A37607C0D90}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
FirewallRules: [{A2E6A700-BF36-4C8D-B0AC-44DBE087EB4E}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{499F64A3-381C-49E2-AF09-F10230E83B6D}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
FirewallRules: [{3983C252-EAC3-4D0E-A37D-01EC41D8474E}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
FirewallRules: [{F3FBB721-9D63-4EA8-A938-4C97538C2143}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
FirewallRules: [{46398286-1FEA-426F-9352-7C75E07C02CB}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{60436BA4-6FAE-4446-8D67-FFC7E56952BC}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{D684CC3E-1515-4DA8-9E90-BF08D90E7934}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{77435157-5E03-47C1-8472-50EACA04C981}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
FirewallRules: [{8B18436B-95F7-4998-A0BF-1F102B9AE7D8}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{C09F3631-6BD3-4F25-B747-521A6F57618E}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
FirewallRules: [{1B759394-8789-4751-838D-11F65701AFA4}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{C7F5C3B3-76DF-4300-9BE1-5013C9DB4CEE}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [TCP Query User{0A88EE2A-FF4E-46CA-BF41-0E2EB85B0486}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [UDP Query User{DE40AC2E-F40D-4C27-B630-A191B1DE905B}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
FirewallRules: [{B5DDBC43-4B11-4512-805A-E775531D17EB}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{FD8FBE4C-B561-4F5C-B6F0-14CE5AD0CA56}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
FirewallRules: [{7118BBCB-A4F8-466B-93C7-5FB3BA2A4C90}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
FirewallRules: [{1CFF5713-B412-4B15-A9EC-CF7AAF69D257}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
FirewallRules: [{114858E4-0739-48E6-94B8-BC3213F24CD0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F10342DA-92E9-4D88-8D51-61B9267D1D36}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{5EAEC0EA-C0BB-4E3E-8832-4E544D909F05}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{3F29D248-1DC4-4EFC-8560-0E340DCDDD10}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
FirewallRules: [{CA1C2292-723D-4293-86B5-29BF865C588F}] => D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{B89451EE-ADF6-4063-8614-6B0863BA77C6}] => D:\Origin Games\Battlefield 1\bf1.exe
FirewallRules: [{A5C03161-B532-48BB-82BE-5AC252B0FD34}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{F4C26E9B-1BD7-4740-A63B-3F93CCAFA520}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
FirewallRules: [{2830D4EF-D390-4440-AC61-38F232CBFD10}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{865F1A64-5F18-4C6F-A842-5EA3237CCC24}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{EBBE5780-1B68-47F0-A938-798E0644DD1A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{125EDD41-CEB4-4BE6-BB51-17AA8DFFC594}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{13D6559F-0FE8-472D-9E34-FB3D6212F4CE}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{9F978A16-3502-4FBD-8D72-F5D58AC5B7BF}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{5AD4D3F5-4002-4E09-AE84-477A49FBBF61}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{43C1460F-374A-4D44-A2FB-DD2470405923}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{3B5F0660-1479-4781-8580-F69A0CE5D620}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [{C118E5A3-1C55-462B-9785-C4C8C6553341}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
FirewallRules: [TCP Query User{1154AE4E-08F0-4B7B-98A2-03DCD8E16BBA}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [UDP Query User{7CD7D6B1-C654-4A9B-8B5E-93A93FA368DB}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
FirewallRules: [{3DE95129-D661-41A7-9093-31DA73F7FB36}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{96EE443A-85B4-4834-8D50-214A05604D52}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{8AD68C55-30F1-4739-8CB2-9359FB15CF9D}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{9A92B0CA-3BBA-4D42-8613-1ECB0DD15BFB}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
FirewallRules: [{3988CA20-3C73-4F09-A1EA-DEC8F707F0CD}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{51425A23-ADBF-464E-9D46-8AEA57E1BB88}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [UDP Query User{8CD45599-0FE4-44C4-AB50-7D61AD418F4A}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [TCP Query User{E221ACA7-1FBF-444A-AD79-DD9CAB0F49CE}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [UDP Query User{F999516F-69B3-4131-8DF3-CAB98992EB7A}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
FirewallRules: [{F44EE477-681E-4B9F-92FF-1F98466C034F}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{E750B4EC-C8E4-41B5-9240-8F0EDFFC5BBD}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{11627BC6-5AAC-4944-BC75-4FDB836D1F24}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{4B75732E-6B1F-4D0F-B432-64C1816D8F92}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
FirewallRules: [{122BFDFA-1959-4CAA-93F3-DDA9DC4B5F6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
08-01-2017 15:14:20 Windows Defender Checkpoint
08-01-2017 15:32:43 chip 1-click download service wurde entfernt.
08-01-2017 19:10:23 Windows Update
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/08/2017 07:06:35 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 04:45:45 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 04:30:58 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 04:21:36 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 03:46:19 PM) (Source: DbxSvc) (EventID: 320) (User: )
Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.
Error: (01/08/2017 03:34:56 PM) (Source: chip 1-click download service) (EventID: 0) (User: )
Description: |ERORRS=;(280) error at getVersion:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe
Error: (01/08/2017 03:32:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddWin32ServiceFiles: Unable to back up image of service Double Spaced Firewall since QueryServiceConfig API failed
System Error:
The system cannot find the file specified.
.
Error: (01/08/2017 03:16:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 11d8
Start Time: 01d269b958ba9446
Termination Time: 3
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: 01262f72-d5ad-11e6-a620-94de807c80e7
Error: (01/08/2017 03:14:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {95764d89-ad32-4c36-a558-be2e89b1a400}
Error: (01/08/2017 03:00:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1304
Start Time: 01d269b74faee6cb
Termination Time: 4
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Report Id: d1d88284-d5aa-11e6-a620-94de807c80e7
System errors:
=============
Error: (01/08/2017 07:07:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/08/2017 07:07:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/08/2017 07:07:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
Error: (01/08/2017 04:46:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/08/2017 04:46:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/08/2017 04:46:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
Error: (01/08/2017 04:31:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom
Error: (01/08/2017 04:31:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Origin Web Helper Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (01/08/2017 04:31:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.
Error: (01/08/2017 04:30:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
==================== Memory info ===========================
Processor: AMD FX(tm)-8320 Eight-Core Processor
Percentage of memory in use: 30%
Total physical RAM: 12254.28 MB
Available physical RAM: 8473.01 MB
Total Virtual: 24506.75 MB
Available Virtual: 20581.53 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.69 GB) (Free:15.73 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:16.64 GB) NTFS
Drive e: (Data) (Fixed) (Total:465.76 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 118BED4E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 1B2569FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 255B7F54)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
AswMBR Log:
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-01-08 20:54:52
-----------------------------
20:54:52.108 OS Version: Windows x64 6.1.7601 Service Pack 1
20:54:52.109 Number of processors: 8 586 0x200
20:54:52.110 ComputerName: MARVINS_PC UserName: Marvin
20:54:53.170 Initialize success
20:54:53.186 VM: initialized successfully
20:54:53.187 VM: Amd CPU supported
20:56:10.828 AVAST engine defs: 16122701
20:56:17.897 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006b
20:56:17.902 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
20:56:17.906 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006c
20:56:17.911 Disk 1 Vendor: KINGSTON 505A Size: 114473MB BusType: 11
20:56:17.917 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d
20:56:17.923 Disk 2 Vendor: TOSHIBA_ MS2O Size: 953869MB BusType: 11
20:56:17.941 Disk 1 MBR read successfully
20:56:17.945 Disk 1 MBR scan
20:56:17.951 Disk 1 Windows 7 default MBR code
20:56:17.956 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:56:17.961 Disk 1 Boot: NTFS code=1
20:56:17.969 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
20:56:17.988 Disk 1 scanning C:\Windows\system32\drivers
20:56:21.247 Service scanning
20:56:31.840 Modules scanning
20:56:31.854 Disk 1 trace - called modules:
20:56:31.865 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
20:56:31.873 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800c172060]
20:56:31.880 3 CLASSPNP.SYS[fffff880013bc43f] -> nt!IofCallDriver -> [0xfffffa800ac43540]
20:56:31.888 5 amd_xata.sys[fffff880011a8d00] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa800ac4c060]
20:56:33.014 AVAST engine scan C:\Windows
20:56:33.977 AVAST engine scan C:\Windows\system32
20:57:45.671 AVAST engine scan C:\Windows\system32\drivers
20:57:49.576 AVAST engine scan C:\Users\Marvin
21:05:20.769 AVAST engine scan C:\ProgramData
21:08:48.277 Disk 1 statistics 4717012/0/0 @ 3,87 MB/s
21:08:48.282 Scan finished successfully
21:09:07.059 Disk 1 MBR has been saved successfully to "C:\Users\Marvin\Desktop\MBR.dat"
21:09:07.064 The log file has been saved successfully to "C:\Users\Marvin\Desktop\aswMBR.txt"