Page 1 of 3 123 LastLast
Results 1 to 10 of 23

Thread: Malware not detected by Malwarebytes, Spybot and Adw cleaner!

  1. #1
    Junior Member
    Join Date
    Jan 2017
    Posts
    11

    Post Malware not detected by Malwarebytes, Spybot and Adw cleaner!

    Hi, I'm having some real issues with nasty Malware that is not being detected by the programs listed above.
    As a disclaimer I will say that my browser does not show all images. And some websites, eg. youtube, do not load properly all together due to the infection. I had to make my account on this forum via my laptop as i could not see the picture that verifies that i am a human. I have had malware in the past but i have always found a way to completely remove it. The malware that I have now started showing itself today but I dont know when I was infected.
    Farbar Logs and aswMBR logs following!

    Farbar Logs (FRST):

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
    Ran by Marvin (administrator) on MARVINS_PC (08-01-2017 20:51:26)
    Running from C:\Users\Marvin\Desktop
    Loaded Profiles: Marvin (Available Profiles: Marvin)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
    (Scarlet.Crush Productions) C:\Program Files\PS3 Controllers\bin\ScpService.exe
    (M-Audio) C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
    (Spotify Ltd) C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    () C:\Program Files\IJD61O2L61\IJD61O2L6.exe
    () C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
    () C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
    (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
    (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    () C:\Windows\USB Vibration\7906\USB Gamepad.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    () C:\Windows\System32\PnkBstrA.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1234064 2012-10-29] (Realtek Semiconductor)
    HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6625672 2016-08-11] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
    HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508256 2012-04-23] (Dolby Laboratories Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-12-02] (Raptr, Inc)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25779624 2016-12-21] (Dropbox, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
    HKLM-x32\...\Run: [USB Gamepad] => C:\Windows\USB Vibration\7906\USB Gamepad.exe [796784 2008-12-10] ()
    HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [454792 2016-05-25] (Power Software Ltd)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2876704 2016-12-20] (Valve Corporation)
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Spotify Web Helper] => C:\Users\Marvin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2016-12-31] (Spotify Ltd)
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe [117561 2017-01-08] ()
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => C:\Program Files\IJD61O2L61\IJD61O2L6.exe [369664 2017-01-08] ()
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe [369664 2017-01-08] ()
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [UVFmedia] => regsvr32.exe C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll <===== ATTENTION
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\MountPoints2: F - F:\setup.exe
    HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
    HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
    HKU\S-1-5-18\...\Run: [71KFQTEHQA] => C:\Program Files\EET2FMBFLG\EET2FMBFL.exe [369664 2017-01-08] ()
    HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-09-18] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.3.0.dll [2016-12-21] (Dropbox, Inc.)
    Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2017-01-08]
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
    Tcpip\..\Interfaces\{EB100C81-CB83-4438-99D2-8059C3A5BDFC}: [DhcpNameServer] 192.168.2.1 192.168.2.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
    SearchScopes: HKU\S-1-5-21-4016113358-843845156-2686539769-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
    BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
    Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

    FireFox:
    ========
    FF DefaultProfile: 5954ldyi.default
    FF ProfilePath: C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default [2017-01-08]
    FF NetworkProxy: Mozilla\Firefox\Profiles\5954ldyi.default -> autoconfig_url", "data:text/javascript,function FindProxyForURL(url, host) {if ((host == "www.abc.net.au")
    (host == "iview.abc.net.au")
    (host == "iviewmetered-vh.akamaihd.net")
    (url.indexOf("proxmate=au") != -1)
    (host == "livestream.com")
    (host == "www.livestream.com")
    (host == "api.new.livestream.com")
    (host == "player.ooyala.com")
    (host == "xnewsvidhd-vh.akamaihd.net")
    (host == "www.animelab.com")
    (host == "dcgm6i50yfgtk.cloudfront.net")) { return 'PROXY au-node.proxmate.me:8008' } else if ((url.indexOf("proxmate=ca") != -1)
    (host == "ici.tou.tv")
    (host == "toutvuniver1-vh.akamaihd.net")
    (host == "geoip.radio-canada.ca")
    (host == "api.radio-canada.ca")
    (host == "images.tou.tv")
    (host == "player.siriusxm.ca")
    (host == "primary.hls-streaming.production.streaming.siriusxm.ca")
    (host == "now.sportsnet.ca")
    (host == "watch.sportsnet.ca")
    (host == "player.9c9media.com")
    (host == "metrics.ctv.ca")
    (host == "capi.9c9media.com")
    (host == "www.ctv.ca")) { return 'PROXY ca-node.proxmate.me:8008' } else if ((host == "arte.tv")
    (host == "www.arte.tv")
    (host == "geoftv-a.akamaihd.net")
    (host == "hdfauthftv-a.akamaihd.net")
    (host == "replayftv-vh.akamaihd.net")
    (host == "ftvingest-vh.akamaihd.net")
    (host == "live.francetv.fr")
    (host == "d8.tv")
    (host == "www.d8.tv")
    (host == "us-cplus-aka.canal-plus.com")
    (host == "hds_live_d8_aka-lh.akamaihd.net")
    (host == "d17.tv")
    (host == "www.d17.tv")
    (host == "hds_live_d17_aka-lh.akamaihd.net")
    (url.indexOf("proxmate=fr") != -1)
    (host == "www.6play.fr")
    (host == "geo.6cloud.fr")
    (host == "proxy-021.dc3.dailymotion.com")
    (host == "proxy-67.dailymotion.com")
    (host == "prof.estat.com")
    (host == "metrics.dailymotion.com")
    (host == "www.dailymotion.com")
    (host == "vmap.snappytv.com")) { return 'PROXY fr-node.proxmate.me:8008' } else if ((host == "vod-akamai-psd-hds.p7s1digital.de")
    (host == "vas.sim-technik.de")
    (url.indexOf("proxmate=de") != -1)
    (host == "nightclub.de")
    (host == "zdf.de")
    (host == "www.zdf.de")
    (host == "zdf_hds_de-f.akamaihd.net")
    (host == "api.nowtv.de")
    (host == "delivestream-lh.akamaihd.net")
    (host == "cdnapi.kaltura.com")
    (host == "disneychannel.de")
    (host == "www.southpark.de")) { return 'PROXY de-node.proxmate.me:8008' } else if ((host == "www.tg4.ie")
    (url.indexOf("proxmate=ie") != -1)) { return 'PROXY ie-node.proxmate.me:8008' } else if ((host == "rai.tv")
    (host == "www.rai.tv")
    (host == "mediapolis.rai.it")
    (host == "www.rai.it")
    (host == "stream5.rai.it")
    (host == "stream6.rai.it")
    (host == "stream7.rai.it")
    (host == "sspushrai1-s.akamaihd.net")
    (host == "sspushrai2-s.akamaihd.net")
    (host == "sspushraisport2-s.akamaihd.net")
    (host == "sspushrai3-s.akamaihd.net")
    (host == "secondary.adaptiveedge.rai.it")
    (host == "rai-italia01.wt-eu02.net")
    (host == "download.rai.tv")
    (host == "mediapolisvod.rai.it")
    (host == "ww.rai.tv")
    (host == ".xuniplay.fdnames.com")
    (url.indexOf("xuniplay.fdnames.com") != -1)
    (host == "se-to1-8.se.live3.msf.ticdn.it")
    (host == "live.shinystat.com")
    (host == "lic.mediaset.net")
    (host == "cssr.video.mediaset.it")
    (url.indexOf("proxmate=it") != -1)
    (host == "www.vvvvid.it")) { return 'PROXY it-node.proxmate.me:8008' } else if ((host == "telecinco.es")
    (host == "telecinco1-vh.akamaihd.net")
    (host == "www.telecinco.es")
    (url.indexOf("proxmate=es") != -1)
    (host == "antena3.com")
    (host == "www.antena3.com")
    (host == "geodesprogresiva.antena3.com")
    (host == "rtve.es")
    (host == "www.rtve.es")
    (host == "ztnr.rtve.es")
    (host == "mvodt.lvlt.rtve.es")
    (host == "swf.rtve.es")
    (host == "cuatro.com")
    (host == "www.cuatro.com")
    (host == "cuatro1-vh.akamaihd.net")
    (host == "peliculas-online.atresplayer.com")
    (host == "servicios.atresplayer.com")
    (host == "atresplayer.com")
    (host == "www.atresplayer.com")
    (host == "k.uecdn.es")
    (host == "v.uecdn.es")
    (host == "as.com")
    (host == "ep00.epimg.net")) { return 'PROXY es-node.proxmate.me:8008' } else if ((host == "prosieben.ch")
    (host == "www.prosieben.ch")
    (host == "s1tv.ch")
    (host == "www.s1tv.ch")
    (host == "zba2-0-hds-live.zahs.tv")
    (host == "embed-zattoo.com")
    (host == "chtv.ch")
    (host == "www.chtv.ch")
    (host == "zba2-1-hds-live.zahs.tv")
    (host == "sat1.ch")
    (host == "www.sat1.ch")
    (host == "rsi.ch")
    (host == "www.rsi.ch")
    (host == "codch-vh.akamaihd.net")
    (host == "il.srgssr.ch")
    (host == "ch.viva.tv")
    (host == "intl.esperanto.mtvi.com")
    (url.indexOf("proxmate=ch") != -1)
    (host == "zattoo.com")
    (host == "www.srf.ch")
    (host == "srgssruni1ch-lh.akamaihd.net")
    (host == "srgssruni2ch-lh.akamaihd.net")
    (host == "srgssruni3ch-lh.akamaihd.net")
    (host == "www.teleboy.ch")
    (host == "aka-cdn-ns.adtech.de")
    (host == "teleboy.customers.cdn.iptv.ch")) { return 'PROXY ch-node.proxmate.me:8008' } else if ((host == "www.bbc.co.uk")
    (host == "open.live.bbc.co.uk")
    (host == "fig.bbc.co.uk")
    (host == "vod-hds-uk-live.edgesuite.net")
    (host == "vod-hds-uk-live.bbcfmt.vo.llnwd.net")
    (host == "www.bbc.co.uk")
    (host == "vs-hds-uk-live.bbcfmt.vo.llnwd.net")
    (host == "vs-hds-uk-live.edgesuite.net")
    (host == "c.brightcove.com")
    (host == "secure.brightcove.com")
    (host == "metrics.brightcove.com")
    (host == "stv-ak.cds1.yospace.com")
    (host == "core.stvfiles.com")
    (host == "player.stv.tv")
    (host == "stv.brightcove.com.edgesuite.net")
    (host == "uk-dev-stv.cdn.videoplaza.tv")
    (host == "mercury.itv.com")
    (host == "www.itv.com")
    (host == "itv.com")
    (host == "llnw.live.btv.simplestream.com")
    (host == "players.simplestream.com")
    (host == "uapi.simplestream.com")
    (host == "channel5.com")
    (host == "wwwcdn.channel5.com")
    (host == "cassie.channel5.com")
    (host == "player.channel5.com")
    (host == "deliver-hls.channel5.com")
    (host == "akahls.channel5.com")
    (host == "llnwhls.channel5.com")
    (host == "milkshake.tv")
    (host == "www.milkshake.tv")
    (host == "trk-euwest.tidaltv.com")
    (host == "mp.adverts.itv.com")
    (host == "req.tidaltv.com")
    (host == "s1.2mdn.net")
    (host == "pes.itv.com")
    (host == "ned.itv.com")
    (host == "itvdotcom.2cnt.net")
    (host == "tom.itv.com")
    (host == "dave.uktv.co.uk")
    (host == "uktvplay.uktv.co.uk")
    (host == "uktvhdse.brightcove.com.edgesuite.net")
    (host == "admin.brightcove.com")
    (host == "really.uktv.co.uk")
    (host == "yesterday.uktv.co.uk")
    (host == "drama.uktv.co.uk")
    (host == "live.tvplayer.com")
    (host == "tvplayer.com")
    (host == "sapi.tvplayer.com")
    (host == "api.tvplayer.com")
    (host == "www.gamefront.com")
    (url.indexOf("proxmate=uk") != -1)
    (host == "channel4.com")
    (host == "ais.channel4.com")
    (host == "pandr.my.channel4.com")
    (host == "all4nav.channel4.com")
    (host == "4id.channel4.com")) { return 'PROXY uk-node.proxmate.me:8008' } else if ((host == "link.theplatform.com")
    (host == "discidevflash-f.akamaihd.net")
    (host == "api.geoip.dp.discovery.com")
    (host == "vidtech.cbsinteractive.com")
    (host == "vidtech.cbsima.com")
    (host == "om.cbsi.com")
    (host == "media.mtvnservices.com")
    (host == "api-manga.crunchyroll.com")
    (host == "crunchyroll.com")
    (host == "www.crunchyroll.com")
    (host == "cdn.wwtv.warnerbros.com")
    (host == "hlsioscwtv.warnerbros.com")
    (host == "media.cwtv.com")
    (host == "servicesaetn-a.akamaihd.net")
    (host == "live.mlssoccer.com")
    (host == "tvewnbc-i.akamaihd.net")
    (host == "tvenbceast-i.akamaihd.net")
    (host == "nbcmpx-vh.akamaihd.net")
    (host == "www.pandora.com")
    (host == "video.pbs.org")
    (host == "ga.video.cdn.pbs.org")
    (host == "urs.pbs.org")
    (host == "play.spotify.com")
    (host == "www.spotify.com")
    (host == "play.spotify.edgekey.net")
    (host == "www.iheart.com")
    (host == "api2.iheart.com")
    (host == "api.iheart.com")
    (host == "iheart.com")
    (host == "nick.mtvnimages.com")
    (host == "sni-vh.akamaihd.net")
    (host == "api.segment.io")
    (host == "www.vevo.com")
    (host == "vevo.com")
    (host == "apiv2.vevo.com")
    (host == "songza.com")
    (host == "new.songza.com")
    (host == "www.daisuki.net")
    (host == "bngn-vh.akamaihd.net")
    (host == "bngnwww.b-ch.com")
    (host == "www.hbogo.com")
    (host == "catalog.lv3.hbogo.com")
    (host == "profile.lv3.hbogo.com")
    (host == "profile.hbogo.com")
    (url.indexOf(".lv3.hbogo.com") != -1)
    (host == "register.hbogo.com")
    (host == "play.hbogo.com")
    (host == "smetrics.hbogo.com")
    (url.indexOf(".lv3.cdn.hbo.com") != -1)
    (host == "comet.api.hbo.com")
    (host == "play.google.com")
    (host == "checkout.google.com")
    (host == "store.google.com")
    (host == "apis.google.com")
    (host == "amc350888def-vh.akamaihd.net")
    (host == "a564avoddashnsus-a.akamaihd.net")
    (host == "atv-ps.amazon.com")
    (host == "www.amazon.com")
    (host == "amazon.com")
    (host == "fls-na.amazon.com")
    (host == "phds-vod.cdn.turner.com")
    (host == "token.vgtf.net")
    (host == "www.ondemandkorea.com")
    (host == "www.fxnetworks.com")
    (host == "fxvcms-f.akamaihd.net")
    (host == "tvetelemundo-vh.akamaihd.net")
    (host == "feed.theplatform.com")
    (host == "fsvideohds-vh.akamaihd.net")
    (host == "watchable.com")
    (host == "cilhlsvod-f.akamaihd.net")
    (host == "oxygenvod-vh.akamaihd.net")
    (host == "tvesyfy-vh.akamaihd.net")
    (host == "www.smithsonianchannel.com")
    (host == "brightcove01.brightcove.com")
    (host == "edge.api.brightcove.com")
    (host == "www.eonline.com")
    (host == "link.theplatform.com")
    (host == "api.listenlive.co")
    (host == "playerservices.streamtheworld.com")
    (host == "player.listenlive.co")
    (url.indexOf("live.streamtheworld.com") != -1)
    (host == "www.cartoonnetwork.com")
    (host == "www.viki.com")
    (host == ""www.viki.com")
    (host == "www.origin.com")
    (host == "ht.cdn.turner.com")
    (host == "aolvideoshd-vh.akamaihd.net")
    (host == "syn.5min.com")
    (host == "stvideos.5min.com")
    (host == "www.showtime.com")
    (host == "secure.showtime.com")
    (url.indexOf(".vgtf.net") != -1)
    (host == "phds-live.cdn.turner.com")) { return 'PROXY us-node.proxmate.me:8008' } else if ((host == "livestreams.omroep.nl")
    (host == ".npostreaming.nl")
    (host == "ida.omroep.nl")
    (host == "npoplayer.omroep.nl")
    (host == "www.zapp.nl")
    (host == "tellerapi.omroep.nl")
    (host == "e.omroep.nl")
    (url.indexOf("proxmate=nl") != -1)) { return 'PROXY nl-node.proxmate.me:8008' } else if ((host == "tvthek.orf.at")
    (host == "apasfiisl.apa.at")
    (host == "orf.oewabox.at")
    (host == "atvplus.oewabox.at")
    (host == "cdn.atv.at")
    (url.indexOf("proxmate=at") != -1)
    (host == "hdsvodsportsman-vh.akamaihd.net")
    (host == "streamaccess.unas.tv")
    (host == "www.laola1.tv")
    (host == "www.livestation.com")
    (host == "livestation.com")
    (url.indexOf(".emigrantas.tv") != -1)) { return 'PROXY at-node.proxmate.me:8008' } else if ((host == "netflix.com")
    (host == "www.netflix.com")
    (host == "cbp-us.nccp.netflix.com")
    (host == "secure.netflix.com")
    (host == "api-global.netflix.com")
    (host == "ichnaea.netflix.com")
    (host == "customerevents.netflix.com")
    (host == "s.thebrighttag.com")
    (url.indexOf("proxmate=us") != -1)
    (url.indexOf("proxmate=us") != -1)) { return 'PROXY usnet-node.proxmate.me:8008' } else if ((host == "s.hulu.com")
    (host == "www.funimation.com")
    (host == "wpc.8c48.edgecastcdn.net")
    (host == "southpark.cc.com")
    (host == "api.utils.watchabc.go.com")
    (host == "www.dramafever.com")
    (host == "www.logotv.com")
    (host == "api.watchabc.go.com")
    (host == "theanimenetwork.com")
    (host == "huluim.com")
    (host == "www.hulu.com")
    (host == "t2.hulu.com")
    (host == "urlcheck.hulu.com")
    (host == "t.hulu.com")
    (host == "s.hulu.com")
    (host == "play.hulu.com")
    (host == "t2.huluim.com")) { return 'PROXY ush-node.proxmate.me:8008' } else if ((host == "player.ooyala.com")
    (host == "l.ooyala.com")) { return 'PROXY auv-node.proxmate.me:8008' } else if ((host == "web-api-us.crackle.com")
    (host == "legacyweb-us.crackle.com")) { return 'PROXY us2-node.proxmate.me:8000' } else if ((host == "counter.yadro.ru")
    (host == "turbik.tv")
    (host == "player.rutv.ru")
    (host == "api.rutv.ru")
    (host == "cdnng.v.rtr-vesti.ru")
    (host == "player.vgtrk.com")
    (url.indexOf("proxmate=ru") != -1)
    (host == "stream.1tv.ru")
    (host == "mobdrm.1tv.ru")) { return 'PROXY ru-node.proxmate.me:8008' } else if ((host == "security.video.globo.com")
    (host == "api.globovideos.com")
    (host == "s.videos.globo.com")
    (host == "gshow.globo.com")
    (host == "voddownload02.video.globo.com")
    (host == "secure.nuuvem.com")) { return 'PROXY br-node.proxmate.me:8008' } else { return 'DIRECT'; }}"
    FF Extension: (MEGA) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\firefox@mega.co.nz.xpi [2017-01-08]
    FF Extension: (Proxmate) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2016-04-17]
    FF Extension: (Adblock Plus) - C:\Users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\5954ldyi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
    FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
    FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-01-08] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin HKU\S-1-5-21-4016113358-843845156-2686539769-1000: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
    CHR Profile: C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default [2017-01-08]
    CHR Extension: (YouTube) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
    CHR Extension: (uBlock Origin) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-12-20]
    CHR Extension: (Google Search) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
    CHR Extension: (Gmail) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
    CHR Extension: (Chrome Media Router) - C:\Users\Marvin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-09-30] (Advanced Micro Devices, Inc.)
    S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
    R2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [180224 2017-01-08] () [File not signed]
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-06] (Dropbox, Inc.)
    R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [42096 2016-12-21] (Dropbox, Inc.)
    R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [4649000 2015-09-16] (Binary Fortress Software)
    R2 Ds3Service; C:\Program Files\PS3 Controllers\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
    S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-18] (EasyAntiCheat Ltd)
    R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
    S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
    R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
    R2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1638704 2012-02-24] (M-Audio)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2119688 2016-12-07] (Electronic Arts)
    S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180624 2016-12-07] (Electronic Arts)
    R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-09-05] ()
    R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2016-09-05] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
    S3 cdrombus; C:\Windows\System32\Drivers\cdrombus.sys [25088 2012-08-22] (Windows (R) Codename Longhorn DDK provider)
    S3 h647906; C:\Windows\System32\drivers\h647906.sys [62576 2008-12-01] (Your Corporation)
    S3 hid7906; C:\Windows\SysWOW64\drivers\hid7906.sys [41096 2008-12-01] (Your Corporation)
    S3 MADFUMIDISPORT2010; C:\Windows\System32\DRIVERS\MAudioMIDISPORT_DFU.sys [30512 2012-02-24] (M-Audio)
    S3 MAUSBMIDISPORT; C:\Windows\System32\DRIVERS\MAudioMIDISPORT.sys [201008 2012-02-24] (M-Audio)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-08] (Malwarebytes)
    R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
    S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [151184 2016-03-10] (MBB)
    S3 dbx; system32\DRIVERS\dbx.sys [X]
    S3 gdrv; \??\C:\Windows\gdrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-08 20:51 - 2017-01-08 20:51 - 00039857 _____ C:\Users\Marvin\Desktop\FRST.txt
    2017-01-08 20:50 - 2017-01-08 20:51 - 00000000 ____D C:\FRST
    2017-01-08 20:50 - 2017-01-08 20:50 - 02419200 _____ (Farbar) C:\Users\Marvin\Desktop\FRST64.exe
    2017-01-08 20:49 - 2017-01-08 20:49 - 00019582 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
    2017-01-08 20:49 - 2017-01-08 20:49 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARVINS_PC-Windows-7-Ultimate-(64-bit).dat
    2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\RegBackup
    2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2017-01-08 20:49 - 2017-01-08 20:49 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2017-01-08 20:48 - 2017-01-08 20:49 - 05766144 _____ (Tweaking.com) C:\Users\Marvin\Downloads\tweaking.com_registry_backup_setup.exe
    2017-01-08 20:36 - 2017-01-08 20:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2017-01-08 20:15 - 2017-01-08 20:15 - 00602112 _____ (OldTimer Tools) C:\Users\Marvin\Downloads\OTL.exe
    2017-01-08 16:49 - 2017-01-08 16:56 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2017-01-08 16:49 - 2017-01-08 16:56 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2017-01-08 16:49 - 2017-01-08 16:49 - 00002259 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-01-08 16:49 - 2017-01-08 16:49 - 00002247 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2017-01-08 16:48 - 2017-01-08 16:48 - 01065376 _____ (Google Inc.) C:\Users\Marvin\Downloads\ChromeSetup.exe
    2017-01-08 16:17 - 2017-01-08 16:47 - 00000000 ____D C:\Users\Marvin\AppData\Local\UVFmedia
    2017-01-08 16:17 - 2017-01-08 16:17 - 00000000 ____D C:\Program Files\LAT8TQJDDX
    2017-01-08 16:16 - 2017-01-08 16:16 - 00000000 ____H C:\Windows\system32\BIT5D78.tmp
    2017-01-08 16:16 - 2017-01-08 16:16 - 00000000 ____D C:\Program Files\IJD61O2L61
    2017-01-08 15:50 - 2017-01-08 20:50 - 00000000 ____D C:\Users\Marvin\Desktop\WHEN SHIT GOES WRONG
    2017-01-08 15:43 - 2017-01-08 20:12 - 00000000 ____D C:\AdwCleaner
    2017-01-08 15:43 - 2017-01-08 15:43 - 03988944 _____ C:\Users\Marvin\Downloads\adwcleaner_6.042.exe
    2017-01-08 15:29 - 2017-01-08 15:29 - 00000000 ____D C:\Program Files\Common Files\AV
    2017-01-08 15:25 - 2017-01-08 20:09 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2017-01-08 15:23 - 2017-01-08 19:08 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2017-01-08 15:23 - 2017-01-08 15:32 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2017-01-08 15:23 - 2017-01-08 15:23 - 00001391 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2017-01-08 15:23 - 2017-01-08 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2017-01-08 15:23 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
    2017-01-08 15:22 - 2017-01-08 15:22 - 01496584 _____ C:\Users\Marvin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
    2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-01-08 15:22 - 2017-01-08 15:22 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-01-08 15:22 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
    2017-01-08 15:21 - 2017-01-08 15:21 - 01496584 _____ C:\Users\Marvin\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe
    2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Windows\system32\SSL
    2017-01-08 15:21 - 2017-01-08 15:21 - 00000000 ____D C:\Users\Marvin\AppData\Local\Downloaded Installations
    2017-01-08 15:20 - 2017-01-08 15:20 - 00003090 _____ C:\Windows\System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902}
    2017-01-08 15:20 - 2017-01-08 15:20 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Ergickmidution
    2017-01-08 14:14 - 2017-01-08 16:47 - 00000000 ____D C:\Users\Marvin\AppData\Local\Upmedia
    2017-01-08 14:14 - 2017-01-08 15:32 - 00000000 ____D C:\Program Files (x86)\Mapadomcoaveck
    2017-01-08 14:14 - 2017-01-08 14:15 - 00000000 ____D C:\Program Files\EET2FMBFLG
    2017-01-08 14:14 - 2017-01-08 14:14 - 00006056 _____ C:\Windows\System32\Tasks\Wuzapyfuqerch Update
    2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____H C:\Windows\system32\BIT91AC.tmp
    2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\SysWOW64\sstmp
    2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 ____D C:\Windows\system32\sstmp
    2017-01-08 14:14 - 2017-01-08 14:14 - 00000000 _____ C:\TOSTACK
    2017-01-05 22:53 - 2017-01-05 22:53 - 02137268 _____ C:\Windows\f45a21687b2122533a920d405cd65568.exe
    2017-01-05 20:48 - 2017-01-05 22:26 - 01445154 _____ C:\Users\Marvin\Desktop\Die Einführung des Mindestlohns.pptx
    2017-01-02 13:54 - 2017-01-02 20:11 - 04767777 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation (1).pptx
    2017-01-02 13:10 - 2017-01-02 14:52 - 00000000 ____D C:\Users\Marvin\Documents\Darkest
    2017-01-02 13:09 - 2017-01-02 13:09 - 00003332 _____ C:\Windows\System32\Tasks\SessionControlAgent
    2017-01-02 13:09 - 2017-01-02 13:09 - 00000937 _____ C:\Users\Marvin\Desktop\Darkest Dungeon.lnk
    2017-01-02 12:57 - 2017-01-02 12:57 - 00015026 _____ C:\Users\Marvin\Downloads\Darkest_Dungeon_2016_RPG-CODEX.torrent
    2017-01-02 12:56 - 2017-01-02 12:56 - 04510004 _____ C:\Users\Marvin\Downloads\Virtual-Reality-Präsentation.pptx
    2016-12-29 18:19 - 2016-12-29 18:19 - 00069878 _____ C:\Users\Marvin\Downloads\15696174_10210872013973089_1280108056_o.jpg
    2016-12-29 18:18 - 2016-12-29 18:18 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG (2).PDF
    2016-12-29 18:12 - 2017-01-03 00:44 - 00000000 ____D C:\Users\Marvin\Desktop\Virtual Reality Präsentation
    2016-12-29 13:47 - 2016-12-29 13:47 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\SmartSteamEmu
    2016-12-29 13:42 - 2016-12-29 13:42 - 00000000 ____D C:\Users\Marvin\AppData\LocalLow\Monomi Park
    2016-12-28 19:51 - 2016-12-28 19:51 - 00077824 _____ ( ) C:\Users\Marvin\Downloads\guiformat.exe
    2016-12-28 19:19 - 2016-12-28 19:19 - 00188133 _____ C:\Users\Marvin\Downloads\Fat32FormatterEN.zip
    2016-12-22 19:56 - 2016-12-22 19:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\AMD
    2016-12-22 19:30 - 2016-12-22 19:30 - 00013254 _____ C:\Users\Marvin\Downloads\American_Dad_-_Season_13.torrent
    2016-12-22 19:12 - 2016-12-22 19:12 - 00014039 _____ C:\Users\Marvin\Downloads\American_Dad_-_Season_12_-_1080P_-_WEB-DL_-_X265-HEVC_-_O69.torrent
    2016-12-22 19:11 - 2016-12-22 19:11 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv] (1).torrent
    2016-12-22 19:09 - 2016-12-22 19:09 - 00001627 _____ C:\Users\Marvin\Downloads\American_Dad_S12E01_HDTV_x264-KILLERS[ettv].torrent
    2016-12-22 14:02 - 2016-12-22 14:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2016-12-21 19:42 - 2016-12-21 19:54 - 82345072 _____ C:\Users\Marvin\Downloads\Ace_Stream_Media_3.1.12.1.exe
    2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
    2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
    2016-12-21 19:15 - 2016-12-21 19:15 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
    2016-12-21 19:15 - 2016-12-21 19:15 - 00042096 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
    2016-12-18 23:46 - 2016-12-18 23:46 - 11273864 _____ C:\Users\Marvin\Downloads\AerialTraining.zip
    2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\UnrealEngine
    2016-12-18 19:02 - 2016-12-18 19:02 - 00000000 ____D C:\Users\Marvin\AppData\Local\DeadByDaylight
    2016-12-18 19:02 - 2016-12-18 18:54 - 00395024 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
    2016-12-17 14:51 - 2016-12-17 19:28 - 00000000 ___RD C:\Users\Marvin\Desktop\Drum Rack DnB Project
    2016-12-16 13:54 - 2016-12-16 13:54 - 00000000 ____D C:\Users\Marvin\Desktop\.midi files
    2016-12-15 16:05 - 2016-12-15 16:41 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\discord
    2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
    2016-12-15 16:05 - 2016-12-15 16:05 - 00000000 ____D C:\Users\Marvin\AppData\Local\Discord
    2016-12-15 16:04 - 2016-12-15 16:05 - 50343608 _____ (Hammer & Chisel, Inc.) C:\Users\Marvin\Downloads\DiscordSetup.exe
    2016-12-14 14:36 - 2016-11-21 19:16 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2016-12-14 14:36 - 2016-11-21 19:16 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2016-12-14 14:36 - 2016-11-21 19:12 - 01462272 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2016-12-14 14:36 - 2016-11-21 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2016-12-14 14:36 - 2016-11-20 17:20 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2016-12-14 14:36 - 2016-11-20 17:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2016-12-14 14:36 - 2016-11-20 17:20 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2016-12-14 14:36 - 2016-11-20 17:20 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
    2016-12-14 14:36 - 2016-11-20 17:20 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2016-12-14 14:36 - 2016-11-20 17:19 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2016-12-14 14:36 - 2016-11-20 17:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2016-12-14 14:36 - 2016-11-20 16:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
    2016-12-14 14:36 - 2016-11-20 16:57 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
    2016-12-14 14:36 - 2016-11-20 16:57 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
    2016-12-14 14:36 - 2016-11-20 16:57 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
    2016-12-14 14:36 - 2016-11-20 16:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2016-12-14 14:36 - 2016-11-20 16:52 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
    2016-12-14 14:36 - 2016-11-20 15:07 - 00467392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2016-12-14 14:36 - 2016-11-17 17:41 - 00370920 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2016-12-14 14:36 - 2016-11-10 17:32 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
    2016-12-14 14:36 - 2016-11-10 17:19 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
    2016-12-14 14:36 - 2016-11-09 17:41 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2016-12-14 14:36 - 2016-11-09 17:33 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2016-12-14 14:36 - 2016-11-09 17:33 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2016-12-14 14:36 - 2016-11-09 17:33 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2016-12-14 14:36 - 2016-11-09 17:33 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2016-12-14 14:36 - 2016-11-09 17:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
    2016-12-14 14:36 - 2016-11-09 17:33 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2016-12-14 14:36 - 2016-11-09 17:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2016-12-14 14:36 - 2016-11-09 17:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2016-12-14 14:36 - 2016-11-09 17:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2016-12-14 14:36 - 2016-11-09 17:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
    2016-12-14 14:36 - 2016-11-09 17:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2016-12-14 14:36 - 2016-11-09 17:02 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
    2016-12-14 14:36 - 2016-11-09 16:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
    2016-12-14 14:36 - 2016-11-06 17:33 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2016-12-14 14:36 - 2016-11-06 17:16 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2016-12-14 14:36 - 2016-11-06 17:01 - 03219456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2016-12-14 14:36 - 2016-10-27 16:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2016-12-14 14:36 - 2016-10-27 16:20 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2016-12-14 14:36 - 2016-10-11 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2016-12-14 14:36 - 2016-10-11 16:37 - 05547752 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2016-12-14 14:36 - 2016-10-11 16:37 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2016-12-14 14:36 - 2016-10-11 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2016-12-14 14:36 - 2016-10-11 16:32 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2016-12-14 14:36 - 2016-10-11 16:32 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2016-12-14 14:36 - 2016-10-11 16:32 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2016-12-14 14:36 - 2016-10-11 16:32 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2016-12-14 14:36 - 2016-10-11 16:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\nlsbres.dll
    2016-12-14 14:36 - 2016-10-11 16:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2016-12-14 14:36 - 2016-10-11 16:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2016-12-14 14:36 - 2016-10-11 16:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2016-12-14 14:36 - 2016-10-11 16:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:24 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2016-12-14 14:36 - 2016-10-11 16:24 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2016-12-14 14:36 - 2016-10-11 16:21 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlsbres.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 16:03 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2016-12-14 14:36 - 2016-10-11 16:03 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2016-12-14 14:36 - 2016-10-11 16:03 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2016-12-14 14:36 - 2016-10-11 15:59 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2016-12-14 14:36 - 2016-10-11 15:59 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2016-12-14 14:36 - 2016-10-11 15:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
    2016-12-14 14:36 - 2016-10-11 15:55 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2016-12-14 14:36 - 2016-10-11 15:51 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2016-12-14 14:36 - 2016-10-11 15:51 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2016-12-14 14:36 - 2016-10-11 15:51 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2016-12-14 14:36 - 2016-10-11 15:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2016-12-14 14:36 - 2016-10-11 15:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 15:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 15:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 15:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2016-12-14 14:36 - 2016-10-11 14:18 - 00419648 _____ C:\Windows\SysWOW64\locale.nls
    2016-12-14 14:36 - 2016-10-11 14:17 - 00419648 _____ C:\Windows\system32\locale.nls
    2016-12-14 14:36 - 2016-10-08 14:06 - 00633296 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2016-12-14 14:36 - 2016-10-04 16:31 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2016-12-14 14:36 - 2016-10-04 16:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2016-12-14 14:36 - 2016-10-04 16:31 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2016-12-14 14:36 - 2016-10-04 16:31 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2016-12-14 14:36 - 2016-10-04 16:13 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2016-12-14 14:36 - 2016-10-04 16:13 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2016-12-14 14:36 - 2016-10-04 16:13 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2016-12-14 14:36 - 2016-10-04 16:13 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2016-12-13 12:59 - 2016-12-13 12:59 - 00000000 ____D C:\Users\Marvin\AppData\Local\Chromium
    2016-12-11 19:11 - 2016-12-11 20:41 - 00000000 ___RD C:\Users\Marvin\Desktop\We gon try this again Project
    2016-12-11 18:21 - 2016-12-11 18:21 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG (1).PDF
    2016-12-11 13:58 - 2016-12-11 13:58 - 00000000 ____D C:\Users\Marvin\AppData\LocalLow\Daedalic Entertainment GmbH
    2016-12-11 13:58 - 2016-12-11 13:58 - 00000000 ____D C:\Users\Marvin\AppData\Local\Daedalic Entertainment GmbH
    2016-12-11 13:53 - 2016-12-11 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daedalic Entertainment GmbH
    2016-12-11 13:18 - 2016-12-11 13:18 - 00001338 _____ C:\Users\Marvin\Downloads\Shadow_Tactics_Blades_of_the_Shogun-FLT.sfdl
    2016-12-10 13:42 - 2016-12-10 13:42 - 00520288 _____ C:\Users\Marvin\Downloads\Neue-Dimensionen-der-Realität-KPMG.PDF
    2016-12-09 15:09 - 2016-12-09 15:09 - 00013444 _____ C:\Users\Marvin\Downloads\Virtual-Reality-im-Unternehmensbereich.docx

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-01-08 20:47 - 2016-04-06 17:24 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
    2017-01-08 20:36 - 2015-09-05 14:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2017-01-08 20:25 - 2015-09-07 00:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2017-01-08 20:12 - 2015-09-05 22:31 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\TS3Client
    2017-01-08 20:09 - 2015-09-18 13:58 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\vlc
    2017-01-08 19:14 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-01-08 19:14 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-01-08 19:12 - 2015-09-13 14:16 - 00000000 ____D C:\Windows\system32\MRT
    2017-01-08 19:12 - 2015-09-05 14:52 - 00000000 ____D C:\Program Files (x86)\Steam
    2017-01-08 19:12 - 2009-07-14 06:13 - 00743506 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-01-08 19:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
    2017-01-08 19:10 - 2015-09-13 14:16 - 135632432 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-01-08 19:07 - 2016-04-06 17:26 - 00000000 ___RD C:\Users\Marvin\Dropbox
    2017-01-08 19:06 - 2016-04-06 17:24 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
    2017-01-08 19:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2017-01-08 19:05 - 2016-08-31 12:44 - 00065536 _____ C:\Windows\system32\spu_storage.bin
    2017-01-08 18:52 - 2015-09-18 23:51 - 00000000 ____D C:\Users\Marvin\AppData\Local\Battle.net
    2017-01-08 16:49 - 2015-09-05 14:40 - 00000000 ____D C:\Program Files (x86)\Google
    2017-01-08 16:48 - 2015-09-18 23:49 - 00000000 ____D C:\Program Files (x86)\Battle.net
    2017-01-08 16:22 - 2015-09-18 23:27 - 00000000 ____D C:\Users\Marvin\AppData\Local\Spotify
    2017-01-08 16:22 - 2015-09-18 23:25 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Spotify
    2017-01-08 16:19 - 2015-09-05 14:54 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2017-01-08 16:17 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files (x86)\Windows NT
    2017-01-08 14:31 - 2015-09-05 22:16 - 00000000 ____D C:\Users\Marvin\AppData\Local\ElevatedDiagnostics
    2017-01-05 20:41 - 2015-09-23 20:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\CrashDumps
    2017-01-03 14:46 - 2015-09-28 17:52 - 00000000 ____D C:\ProgramData\Origin
    2017-01-03 14:44 - 2015-09-28 17:56 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Origin
    2017-01-02 22:20 - 2015-09-10 15:32 - 00000000 ____D C:\Program Files\PeerBlock
    2017-01-02 13:03 - 2015-09-15 23:04 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\uTorrent
    2016-12-30 22:17 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
    2016-12-29 13:46 - 2015-10-14 10:10 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
    2016-12-29 13:46 - 2015-10-14 10:10 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
    2016-12-29 13:46 - 2015-10-14 10:10 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
    2016-12-29 13:46 - 2015-10-14 10:10 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
    2016-12-28 20:17 - 2016-04-18 17:44 - 00000000 ____D C:\Users\Marvin\AppData\Local\Windows Live
    2016-12-22 16:13 - 2015-10-01 18:39 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
    2016-12-22 14:02 - 2016-04-06 17:24 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2016-12-19 20:48 - 2016-08-11 17:53 - 00000000 ____D C:\Windows\rescache
    2016-12-17 21:14 - 2016-07-22 10:14 - 00000000 ____D C:\Users\Marvin\Documents\ManiaPlanet
    2016-12-17 21:06 - 2016-07-22 10:14 - 00000000 ____D C:\ProgramData\ManiaPlanet
    2016-12-15 16:49 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\Microsoft.NET
    2016-12-15 16:48 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\assembly
    2016-12-15 16:05 - 2016-01-04 18:31 - 00000000 ____D C:\Users\Marvin\AppData\Local\SquirrelTemp
    2016-12-15 08:51 - 2015-09-05 16:23 - 00000000 ____D C:\ProgramData\Package Cache
    2016-12-15 08:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\winsxs
    2016-12-15 08:19 - 2009-07-14 03:34 - 00189440 ____H C:\Users\Default\NTUSER.DAT.LOG1
    2016-12-15 08:18 - 2009-07-14 05:45 - 00509392 _____ C:\Windows\system32\FNTCACHE.DAT
    2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\en-US
    2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\en-US
    2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Boot
    2016-12-15 08:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppPatch
    2016-12-15 00:17 - 2015-09-05 14:41 - 00734476 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2016-12-14 14:44 - 2015-09-06 20:15 - 00013553 _____ C:\Users\Marvin\Desktop\Pushups Crunches.xlsx
    2016-12-14 14:37 - 2015-09-07 11:30 - 00000000 ____D C:\ProgramData\Microsoft Help
    2016-12-14 14:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\catroot2
    2016-12-13 19:25 - 2015-09-07 00:08 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2016-12-13 19:25 - 2015-09-07 00:08 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2016-12-13 19:25 - 2015-09-07 00:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2016-12-13 19:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2016-12-13 19:25 - 2015-09-07 00:08 - 00000000 ____D C:\Windows\system32\Macromed
    2016-12-13 12:59 - 2015-09-05 14:57 - 00000000 ____D C:\Users\Marvin\AppData\Local\Steam
    2016-12-12 23:52 - 2015-12-29 19:00 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\Skype
    2016-12-11 13:42 - 2015-12-01 13:55 - 00000000 ____D C:\Users\Marvin\AppData\Roaming\SFDL.NET 2
    2016-12-09 17:51 - 2016-12-06 15:07 - 00000000 ___RD C:\Users\Marvin\Desktop\White Blood Project

    ==================== Files in the root of some directories =======

    2015-09-17 00:20 - 2015-09-17 00:20 - 0000037 ___SH () C:\Users\Marvin\AppData\Local\20986331705021ca58edc424.96250074
    2016-02-19 10:56 - 2016-02-19 10:56 - 0000036 _____ () C:\Users\Marvin\AppData\Local\housecall.guid.cache
    2016-01-03 00:59 - 2016-01-05 23:07 - 0007600 _____ () C:\Users\Marvin\AppData\Local\Resmon.ResmonCfg
    2015-09-18 16:55 - 2015-09-18 16:55 - 0000057 _____ () C:\ProgramData\Ament.ini
    2015-09-05 14:45 - 2015-09-05 14:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some files in TEMP:
    ====================
    C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe
    C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe
    C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-01-07 21:48

    ==================== End of FRST.txt ============================


    Addition:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
    Ran by Marvin (08-01-2017 20:51:45)
    Running from C:\Users\Marvin\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) (2015-09-05 13:38:00)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4016113358-843845156-2686539769-500 - Administrator - Disabled)
    Guest (S-1-5-21-4016113358-843845156-2686539769-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4016113358-843845156-2686539769-1002 - Limited - Enabled)
    Marvin (S-1-5-21-4016113358-843845156-2686539769-1000 - Administrator - Enabled) => C:\Users\Marvin

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AS: Spybot - Search and Destroy (Enabled - Up to date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
    Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
    Ableton Live 9 Suite (HKLM\...\{F6BA3E9F-8637-4DCE-BBA8-75A6A57A9D0B}) (Version: 9.0.0.0 - Ableton)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
    Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version: - Skybox Labs)
    AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
    Analog Lab 1.2.3 (HKLM-x32\...\Analog Lab_is1) (Version: 1.2.3 - Arturia)
    Arturia Software Center 1.2.1 (HKLM-x32\...\Arturia Software Center_is1) (Version: 1.2.1 - Arturia)
    AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version: - AVM Berlin)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
    Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.47.30570 - Electronic Arts)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
    Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
    Bionic Dues (HKLM-x32\...\Steam App 238910) (Version: - Arcen Games, LLC)
    Borderless Gaming (HKLM-x32\...\Borderless Gaming_is1) (Version: 8.4 - Codeusa Software)
    Brawlhalla (HKLM-x32\...\Steam App 291550) (Version: - Blue Mammoth Games)
    Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
    Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version: - Infinity Ward)
    Catalyst Control Center Next Localization BR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CHT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization CS (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization DE (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization EL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization ES (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FI (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization FR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization HU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization IT (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization JA (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization KO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization NO (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization PL (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization RU (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization SV (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TH (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Next Localization TR (Version: 2016.0811.443.6667 - Advanced Micro Devices, Inc.) Hidden
    Counter-Strike (HKLM-x32\...\Steam App 10) (Version: - Valve)
    Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DARK SOULS II - Scholar of the First Sin (HKLM-x32\...\DARK SOULS II - Scholar of the First Sin_is1) (Version: - )
    Dark Souls III (HKLM-x32\...\Dark Souls III_is1) (Version: - )
    DARK SOULS™ II: Scholar of the First Sin (HKLM\...\Steam App 335300) (Version: - FromSoftware, Inc)
    Darkest Dungeon (HKLM-x32\...\Darkest Dungeon_is1) (Version: - )
    Darksiders II: Deathinitive Edition (HKLM\...\Steam App 388410) (Version: - Gunfire Games)
    Darksiders Warmastered Edition (HKLM\...\Steam App 462780) (Version: - KAIKO)
    Dead by Daylight (HKLM\...\Steam App 381210) (Version: - Behaviour Digital Inc.)
    Discord (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
    Dishonored (HKLM\...\Steam App 205100) (Version: - Arkane Studios)
    DisplayFusion 7.3 (HKLM-x32\...\B076073A-5527-4f4f-B46B-B10692277DA2_is1) (Version: 7.3.0.0 - Binary Fortress Software)
    Distance (HKLM-x32\...\Steam App 233610) (Version: - Refract)
    Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.13 - Dolby Laboratories Inc)
    Don't Starve (HKLM-x32\...\Steam App 219740) (Version: - Klei Entertainment)
    Don't Starve Together Beta (HKLM-x32\...\Steam App 322330) (Version: - Klei Entertainment)
    Dr. Langeskov, The Tiger, and The Terribly Cursed Emerald: A Whirlwind Heist (HKLM-x32\...\Steam App 409160) (Version: - Crows Crows Crows)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    DuelystLauncher (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\launcher) (Version: 0.0.9 - Counterplay Games Inc.)
    Enter the Gungeon (HKLM-x32\...\1456912569_is1) (Version: 2.0.0.2 - GOG.com)
    Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.118 - Etron Technology)
    Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
    Evolve Stage 2 (HKLM\...\Steam App 273350) (Version: - Turtle Rock Studios)
    Fallout 4 (HKLM-x32\...\Fallout 4_is1) (Version: - )
    FIFA 17 (HKLM-x32\...\{8C0DD062-B659-409C-9AB7-8EBD1D64D2EB}) (Version: 1.0.45.44416 - Electronic Arts)
    Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
    FlatOut 2 (HKLM\...\Steam App 2990) (Version: - Bugbear Entertainment)
    Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.7.139.918 - Foxit Software Inc.)
    Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.0.722 - Foxit Software Inc.)
    GameRanger (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\GameRanger) (Version: - GameRanger Technologies)
    Gaming Mouse Editor (HKLM-x32\...\GamingMouseEditor) (Version: 13.04.0002 - )
    Golf With Your Friends (HKLM\...\Steam App 431240) (Version: - Blacklight Interactive)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Industry Giant 2 (HKLM\...\aW5kdXN0cnlnaWFudDI_is1) (Version: 1 - )
    Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    Mafia II (HKLM\...\Steam App 50130) (Version: - 2K Czech)
    Mafia III (HKLM-x32\...\Mafia III_is1) (Version: - )
    MAGIX Common Components 1 (HKLM-x32\...\{38BF501B-F285-4A3B-99E2-09F58A130A59}) (Version: 1.7.0.0 - MAGIX Software GmbH)
    MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
    MAGIX Fonts Package 2 (x32 Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
    MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B396DA26-0959-44BA-812B-2E6AF4F678E1}) (Version: 7.0.2.6 - MAGIX Software GmbH)
    MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
    Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
    marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1020 - Marvell)
    M-Audio MIDISPORT 6.1.3 (x64) (HKLM\...\{AED2A1D4-19B4-4692-8004-E1A3E8A9E85B}) (Version: 6.1.3 - M-Audio)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
    Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
    MIDI Control Center 1.2.2 (HKLM-x32\...\MIDI Control Center_is1) (Version: 1.2.2 - Arturia)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 47.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0.2 (x86 de)) (Version: 47.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.2.6148 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Native Instruments Guitar Rig 3 (HKLM-x32\...\Native Instruments Guitar Rig 3) (Version: - )
    Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
    Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
    Need For Speed Most Wanted Black Edition version 1.3.0.0 (HKLM-x32\...\Need For Speed Most Wanted Black Edition_is1) (Version: 1.3.0.0 - Mr DJ)
    Need for Speed™ The Run (HKLM-x32\...\{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}) (Version: 1.1.0.0 - Electronic Arts)
    NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
    ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
    OpenAL (HKLM-x32\...\OpenAL) (Version: - )
    OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
    Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
    Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
    Pazera Free MKV to AVI Converter 1.4 (HKLM-x32\...\{EDFA6B29-7667-4FD2-86F3-9835AFCE837A}_is1) (Version: 1.4 - Jacek Pazera)
    PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
    Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
    PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
    Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
    Project Highrise (HKLM-x32\...\2018730457_is1) (Version: 2.0.0.4 - GOG.com)
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3 beta r2461 - )
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6767 - Realtek Semiconductor Corp.)
    Reus (HKLM\...\Steam App 222730) (Version: - Abbey Games)
    Rise of Nations: Extended Edition (HKLM-x32\...\Rise of Nations: Extended Edition_is1) (Version: - Microsoft Studios)
    Rocket League (HKLM-x32\...\Steam App 252950) (Version: - Psyonix)
    Shadow Tactics - Blades of the Shogun 1.1.2 (HKLM-x32\...\{BB762706-65FA-44C1-B2BB-EF29CA88D7CE}_is1) (Version: 1.1.2 - Daedalic Entertainment GmbH)
    Sid Meier's Civilization V (HKLM-x32\...\Sid Meier's Civilization V_is1) (Version: - )
    Skyborn (HKLM-x32\...\Steam App 278460) (Version: - Dancing Dragon Games)
    Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
    SNOW (HKLM\...\Steam App 244930) (Version: - Poppermost Productions)
    SONAR 8.0 Producer Edition (HKLM-x32\...\SONAR8Producer_x64_is1) (Version: 17.0 - Cakewalk Music Software)
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
    Stronghold (HKLM-x32\...\{97A19679-4C07-4B34-8ACB-D5565C3440FC}) (Version: - )
    Stronghold Crusader Extreme HD (HKLM\...\Steam App 16700) (Version: - Firefly Studios)
    Stronghold Crusader HD (HKLM\...\Steam App 40970) (Version: - FireFly Studios)
    Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.4.0.5 - GOG.com)
    Super Meat Boy (HKLM\...\Steam App 40800) (Version: - Team Meat)
    TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
    Terraria (HKLM\...\Steam App 105600) (Version: - Re-Logic)
    Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
    The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
    The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
    The Room (HKLM-x32\...\The Room_is1) (Version: - Fireproof Games)
    The Room Two (HKLM\...\Steam App 425580) (Version: - Fireproof Games)
    The Ship (HKLM-x32\...\Steam App 2400) (Version: - Outerlight Ltd.)
    The Ship Single Player (HKLM-x32\...\Steam App 2420) (Version: - Outerlight Ltd.)
    The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
    This Is the Police (HKLM-x32\...\This Is the Police_is1) (Version: - )
    TOXIKK (HKLM\...\Steam App 324810) (Version: - Reakktor Studios)
    Trine 2 (HKLM\...\Steam App 35720) (Version: - Frozenbyte)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.5.3 - Tweaking.com)
    Unreal Development Kit: 2015-01 (HKLM\...\UDK-5e1b7663-0639-46c5-882c-a64cefc97f4d) (Version: - Epic Games, Inc.)
    Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
    USB Network Joystick (HKLM-x32\...\{2A558A06-A44E-400D-95AD-D9FAA89AFD36}) (Version: V3.70a - )
    Velocibox (HKLM-x32\...\Steam App 317710) (Version: - Shawn Beck)
    Vita 2 (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    White Night (HKLM-x32\...\White Night_is1) (Version: - )
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    World of Goo (HKLM\...\Steam App 22000) (Version: - 2D BOY)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {015D408D-BFF6-437D-86FD-B4E1CD58743B} - System32\Tasks\Wuzapyfuqerch Update => C:\Program Files (x86)\Mapadomcoaveck\vazering.exe [2017-01-08] (Glarysoft Ltd)
    Task: {2075174D-DA69-43F3-B9AC-DB550763ABAF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
    Task: {476E2E3D-7994-4604-83C4-054AF01BD337} - System32\Tasks\SessionControlAgent => C:\windows\mfdvdec.exe
    Task: {4F0AE84A-66A1-4265-A761-E8A418FA8722} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
    Task: {63E4E2EA-492C-41FB-BF97-AE7231771156} - System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
    Task: {72D72D62-605D-4038-8B0D-BA0D4EEC48EE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
    Task: {A6ECCEEE-5AEE-416B-8968-7A0D124938D0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-04-06] (Dropbox, Inc.)
    Task: {BD6F6ECA-881B-4477-8788-59E26BCE7DBC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-08] (Google Inc.)
    Task: {FAC70300-0CF5-4A75-A198-4F098D1518F3} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-08-11] (Advanced Micro Devices, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-09-29 23:49 - 2015-09-29 23:49 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
    2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
    2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
    2010-01-21 00:40 - 2010-01-21 00:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
    2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
    2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
    2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
    2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
    2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
    2017-01-08 16:16 - 2017-01-08 16:16 - 00369664 _____ () C:\Program Files\IJD61O2L61\IJD61O2L6.exe
    2017-01-08 16:17 - 2017-01-08 16:17 - 00369664 _____ () C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
    2017-01-08 14:14 - 2017-01-08 14:14 - 00117561 _____ () C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe
    2016-06-22 13:09 - 2008-12-10 10:10 - 00796784 _____ () C:\Windows\USB Vibration\7906\USB Gamepad.exe
    2015-10-01 21:19 - 2016-09-05 13:30 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
    2017-01-08 15:22 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-01-08 16:49 - 2016-12-08 09:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
    2017-01-08 16:49 - 2016-12-08 09:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
    2017-01-08 14:14 - 2017-01-08 14:14 - 00180224 _____ () c:\program files (x86)\mapadomcoaveck\bmssch.dll
    2016-08-11 09:22 - 2016-08-11 09:22 - 00223744 _____ () C:\Windows\SysWOW64\GameManager32.dll
    2015-09-05 14:57 - 2016-12-08 16:13 - 00656160 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2015-09-05 14:57 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
    2015-09-05 14:57 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
    2015-09-05 14:57 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
    2015-09-05 14:57 - 2016-12-20 03:25 - 02322720 _____ () C:\Program Files (x86)\Steam\video.dll
    2015-09-05 14:57 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
    2015-09-05 14:57 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
    2015-09-05 14:57 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
    2015-09-05 14:57 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
    2015-09-05 14:57 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
    2015-09-05 14:57 - 2016-12-20 03:25 - 00838944 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2016-03-09 13:13 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
    2016-04-06 17:25 - 2016-11-11 21:36 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
    2016-04-06 17:25 - 2016-11-11 21:36 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
    2016-04-06 17:25 - 2016-11-11 21:36 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
    2016-04-06 17:25 - 2016-12-21 19:26 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
    2016-04-06 17:25 - 2016-11-11 21:36 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
    2016-04-06 17:25 - 2016-11-11 21:37 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
    2016-12-22 14:02 - 2016-11-11 21:36 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
    2016-12-22 14:02 - 2016-11-11 21:37 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
    2016-12-22 14:02 - 2016-11-11 21:36 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
    2016-04-06 17:25 - 2016-11-11 21:38 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
    2016-08-04 23:23 - 2016-12-21 19:26 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
    2016-12-22 14:02 - 2016-11-11 21:36 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
    2016-12-22 14:02 - 2016-11-11 21:38 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
    2016-04-06 17:25 - 2016-11-11 21:38 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
    2016-04-06 17:25 - 2016-11-11 21:39 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
    2016-04-06 17:25 - 2016-12-21 19:26 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
    2016-04-06 17:25 - 2016-11-11 21:38 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
    2016-08-04 23:23 - 2016-12-21 19:26 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
    2016-04-06 17:25 - 2016-11-11 21:38 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
    2016-04-06 17:25 - 2016-11-11 21:38 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
    2016-04-06 17:25 - 2016-11-11 21:38 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
    2016-04-06 17:25 - 2016-11-11 21:39 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
    2016-04-06 17:25 - 2016-11-11 21:39 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
    2016-04-06 17:25 - 2016-11-11 21:38 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
    2016-04-06 17:25 - 2016-11-11 21:39 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
    2016-08-04 23:23 - 2016-11-11 21:37 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
    2016-04-06 17:25 - 2016-11-11 21:39 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
    2016-04-06 17:25 - 2016-12-21 19:26 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
    2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
    2016-04-06 17:25 - 2016-12-21 19:26 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
    2016-04-06 17:25 - 2016-12-21 19:26 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
    2016-04-06 17:25 - 2016-11-11 21:39 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
    2016-04-06 17:25 - 2016-12-21 19:26 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
    2016-12-22 14:02 - 2016-11-11 21:35 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
    2016-12-22 14:02 - 2016-12-21 19:26 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
    2016-12-22 14:02 - 2016-12-21 19:26 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
    2016-04-06 17:25 - 2016-11-11 21:37 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
    2016-08-04 23:23 - 2016-12-21 19:26 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
    2016-12-22 14:02 - 2016-11-11 21:42 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
    2016-12-22 14:02 - 2016-11-11 21:42 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
    2016-12-22 14:02 - 2016-12-21 19:26 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00171320 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
    2016-04-06 17:25 - 2016-11-11 21:39 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
    2016-08-04 23:23 - 2016-12-21 19:26 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
    2016-12-22 14:02 - 2016-12-21 19:26 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
    2017-01-08 15:23 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2017-01-08 15:23 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2017-01-08 15:23 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-12-13 12:59 - 2016-12-05 17:21 - 67304736 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
    2015-09-05 14:57 - 2016-12-20 03:25 - 00388384 _____ () C:\Program Files (x86)\Steam\steam.dll
    2015-09-05 14:57 - 2015-09-25 00:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
    2017-01-08 15:23 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2017-01-08 15:23 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Marvin\Desktop\In Praise of Idleness.docx:com.dropbox.attributes [168]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:34 - 2017-01-08 16:16 - 00003762 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 down.baidu2016.com
    127.0.0.1 123.sogou.com
    127.0.0.1 www.czzsyzgm.com
    127.0.0.1 www.czzsyzxl.com
    127.0.0.1 union.baidu2019.com
    127.0.0.1 down.baidu2016.com
    127.0.0.1 123.sogou.com
    127.0.0.1 www.czzsyzgm.com
    127.0.0.1 www.czzsyzxl.com
    127.0.0.1 union.baidu2019.com
    34.195.153.94 www.google-analytics.com
    34.195.153.94 google-analytics.com
    34.195.153.94 mc.yandex.ru
    34.195.153.94 top-fwz1.mail.ru
    34.195.153.94 site.yandex.net
    34.195.153.94 pagead2.googlesyndication.com
    34.195.153.94 ad.mail.ru
    34.195.153.94 ads.adfox.ru
    34.195.153.94 ads.pubmatic.com
    34.195.153.94 apis.google.com
    34.195.153.94 autocontext.begun.ru
    34.195.153.94 b.scorecardresearch.com
    34.195.153.94 c.amazon-adsystem.com
    34.195.153.94 cdn.admixer.net
    34.195.153.94 cdn.cxense.com
    34.195.153.94 cdn.livefyre.com
    34.195.153.94 cdn.onthe.io
    34.195.153.94 cdn.optimizely.com
    34.195.153.94 cdn.prom.st
    34.195.153.94 cdn.pushwoosh.com

    There are 55 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Marvin\AppData\Local\DisplayFusion\Wallpaper_1
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{2C67024C-DC4B-4314-9C8B-057AE5ABCCE8}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{52C9B7A2-64FC-4CE1-BE7D-258A25741A08}] => C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{AD82BC66-3211-4AFF-AB15-A20EE4F7E229}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{14E327E9-4066-49A2-8544-495618EE2CDE}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{129DBF11-1F8C-497C-AA60-16B561D33EEA}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{169051FB-0C5F-4F54-BC54-4932336D2AB0}] => C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
    FirewallRules: [{078093FA-5DAE-4ED3-A4CF-F4E5E7D2CB26}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
    FirewallRules: [{9FD1C2D6-7906-4318-A23C-E192FBD43156}] => C:\Program Files (x86)\Steam\steamapps\common\The Binding Of Isaac\Isaac.exe
    FirewallRules: [{E553F81E-6859-4F48-8BD2-2B1027A62D75}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{E930793D-DE5A-4CA0-B77B-EAF8F6F960D4}] => C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
    FirewallRules: [{C335B409-E9C8-4696-98D0-FDB4F87DDC36}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
    FirewallRules: [{AE233376-CDF0-4D65-BA6A-D33D6365EDC9}] => D:\SteamLibrary2\steamapps\common\Fine Sweeper\Fine Sweeper.exe
    FirewallRules: [{96230585-A1DA-4710-AF5C-1304C89991D5}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{009D2D9A-0A85-4A44-B40F-73A12D35D250}] => D:\SteamLibrary2\steamapps\common\Team Fortress 2\hl2.exe
    FirewallRules: [{8C9891A1-1FA2-477C-BA45-A25FB9B92113}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
    FirewallRules: [{F93FD07B-352B-4010-B2CB-1839EFF573C7}] => D:\SteamLibrary2\steamapps\common\Mad Max\MadMax.exe
    FirewallRules: [{520998B0-63E3-43A0-A903-3D21DF510F79}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
    FirewallRules: [{FD148EBC-ABAF-4294-9F3E-8C76090C81EF}] => D:\SteamLibrary2\steamapps\common\Skyborn\Game.exe
    FirewallRules: [{4A803132-5785-4794-893E-ACA9815A0168}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{83E60C6D-B439-4AD8-9B63-26360FC9002D}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{DD92F503-5E4B-4DB2-A168-B102BA7BB6BA}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{7C44DA4A-40FB-4AD2-87D9-1CB8426EFED0}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{F5D217C4-4EDB-4251-BC68-C42F3E0E8818}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{F5769C73-527D-4FE5-B2B2-D7A25EE96410}] => C:\Users\Marvin\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{C0457E1B-4D27-4302-9D5A-A67794A081CB}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{018665DB-381B-4249-8A7C-88C910A5A92F}] => D:\SteamLibrary2\steamapps\common\tbs\win32\The Banner Saga.exe
    FirewallRules: [{54458FA4-6EB8-42CC-A80B-FADEAB620123}] => F:\FSetup.exe
    FirewallRules: [{BEA043F3-AB1B-4988-85F0-4F6B06C4223E}] => F:\FSetup.exe
    FirewallRules: [{14F65062-EB39-4798-9D8A-4D5A865F06B5}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{F33CCFB0-60C6-4F2B-998D-0996993D8DD4}] => D:\SteamLibrary2\steamapps\common\Counter-Strike Source\hl2.exe
    FirewallRules: [{F7270DDA-B899-4893-A56D-642AC3120C51}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe
    FirewallRules: [{3D086A43-BE50-472F-A1C1-3C8D1E2960FC}] => LPort=5357
    FirewallRules: [{22C31F31-C114-49DD-96E9-CE31BA4A42AD}] => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [TCP Query User{54FC33AE-AE9E-4ECF-8184-41857E10B6EA}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{BD5A772D-7E44-4759-88BA-48E4A5F96BB5}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{60D11025-A6F7-41DD-8791-AAB06D7F61A6}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
    FirewallRules: [{007CC6DF-CC7F-4BA5-BA31-40B240518B72}] => D:\Battle Net Games\Hearthstone\Hearthstone.exe
    FirewallRules: [{681930F8-C1C6-429C-A186-9A2F769D7D63}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
    FirewallRules: [{FE48D0CF-EC49-4097-A142-ED3C5547BC19}] => D:\SteamLibrary2\steamapps\common\Monaco\MONACO.exe
    FirewallRules: [TCP Query User{647A6EFE-B391-4B64-8951-4EEF599154A4}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
    FirewallRules: [UDP Query User{A5F2208D-30E9-49D1-B908-5C959896B1CA}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
    FirewallRules: [{2B504F76-0490-4133-BCBF-5675D3CF0D13}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
    FirewallRules: [{B6657BBB-6EBE-4FBA-AADC-973EFEE18990}] => D:\SteamLibrary2\steamapps\common\Bionic_Dues\Bionic.exe
    FirewallRules: [{30DA0CC5-6031-49A7-8478-6D4423165B57}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
    FirewallRules: [{61AEC935-F92E-4BC0-B732-594F00592BF5}] => D:\Origin Games\STAR WARS Battlefront Beta\starwarsbattlefront.exe
    FirewallRules: [{FF174677-EDC1-4CE9-94C4-CBEF8A5C2F81}] => C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{014B0979-388C-4777-91AC-801E0E6F89AA}] => C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{CCA7CDEB-C500-460E-AE48-A3A68DA060A9}] => C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{311DD911-DC6B-4259-A70B-97694993B5D7}] => C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{40F1223A-5435-4EB0-90A7-7D74F4EB51F5}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
    FirewallRules: [{A742BC14-4049-4014-BA4D-F3B48792F747}] => D:\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe
    FirewallRules: [TCP Query User{01352EF0-7CB0-49BE-8589-EF386A74FFB5}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
    FirewallRules: [UDP Query User{75D3C9EB-9B38-4358-94E5-4C62D5A6A767}D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe] => D:\battle net games\starcraft ii - legacy of the void beta\versions\base37164\sc2_x64.exe
    FirewallRules: [{06291B2E-0FB5-4483-B9F0-1D6387714701}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
    FirewallRules: [{22583C7A-FB6E-47B6-A2ED-9DCAD531BD51}] => D:\SteamLibrary2\steamapps\common\Gunpoint\Gunpoint.exe
    FirewallRules: [{198581A9-1D51-4E9B-AF2A-F55FC1A06106}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
    FirewallRules: [{DB0FA115-A0AC-44B0-BFFC-CE32C388E04F}] => D:\SteamLibrary2\steamapps\common\The Ship Single Player\ship.exe
    FirewallRules: [{5756E919-A02F-42FA-8DA2-3C58C9988CCD}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
    FirewallRules: [{A6481242-7297-4090-BD13-1775ADD7A08B}] => D:\SteamLibrary2\steamapps\common\The Ship\ship.exe
    FirewallRules: [{E1B3C425-7A16-4AEF-86A9-FFA6FE518590}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
    FirewallRules: [{07E23BBF-B0AC-4D8E-9E9B-9EB78818554D}] => D:\Origin Games\Need for Speed The Run\Need For Speed The Run.exe
    FirewallRules: [{0A1D96D5-3C6F-43FB-B3E5-4C229AE224C5}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{E1B76222-696E-4889-8692-D1A2F162E6E3}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{945393B7-0AB3-4867-A835-CFDA8A5D9CA5}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
    FirewallRules: [{6800929E-6C93-4D0C-B46D-89C7C172F8E3}] => D:\SteamLibrary2\steamapps\common\Call of Duty Modern Warfare 3\iw5mp.exe
    FirewallRules: [{2681F1A1-F6F4-4CF0-ADE4-591E5C281A3E}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
    FirewallRules: [{C18C9176-B8B6-47FF-A573-A35925CF04A1}] => D:\SteamLibrary2\steamapps\common\Velocibox\Velocibox.exe
    FirewallRules: [{AF66DE81-46C8-4BC0-A8E0-4DCBA79747CA}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
    FirewallRules: [{B0852FD9-1130-4FC4-8A6E-2FFF291AE5D1}] => D:\SteamLibrary2\steamapps\common\Distance\Distance.exe
    FirewallRules: [{69A0E37D-3266-45B2-BBCA-DA7312B41049}] => C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{9AF6C141-AF24-4985-A26E-FFA0149C8E60}] => C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{2C340C38-0B26-4BA8-8449-50F45EF51956}] => C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{E6620324-6937-4A32-9DCF-FD5AA0EC06F3}] => C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{6C67B8D7-6D29-46E7-8C9F-C5CA4A2AA24E}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
    FirewallRules: [{C1C44579-42E9-45DE-8718-75E7555A834B}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
    FirewallRules: [{49D0AF96-8BA0-498D-82F0-6BED639B3F00}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
    FirewallRules: [{43E90CDC-71DE-463D-B12D-1A75D722412D}] => D:\SteamLibrary2\steamapps\common\Dr Langeskov The Tiger and The Terribly Cursed Emerald A Whirlwind Heist\DrLangeskov.exe
    FirewallRules: [{12BAE19A-1AA1-44FB-BE77-8960E239E938}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [{16E8671D-B9D1-4115-861C-4C167191E8D2}] => D:\SteamLibrary2\steamapps\common\Brawlhalla\Brawlhalla.exe
    FirewallRules: [TCP Query User{C19518B1-FB8E-4656-8B09-36379EDBAB17}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
    FirewallRules: [UDP Query User{9C3F3F23-32BA-4B53-AED4-671063BE47DD}D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe] => D:\steamlibrary2\steamapps\common\portal stories mel\portal2.exe
    FirewallRules: [TCP Query User{0D50C0B1-AE55-4CDC-A8E2-83FE8CCA1A40}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
    FirewallRules: [UDP Query User{600D271E-D530-45C6-BDA2-5BD835F3CBCC}D:\steamlibrary2\steamapps\common\alien isolation\ai.exe] => D:\steamlibrary2\steamapps\common\alien isolation\ai.exe
    FirewallRules: [{DF9637FE-9271-4755-83CA-64EC22124DCC}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{A4640C5F-93EF-475F-A849-544277DA8FBD}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{BC065E74-9DFB-44F7-9093-3E8B5D901608}] => C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [TCP Query User{9C45B3AC-4CB2-459A-8422-778B25383CB9}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
    FirewallRules: [UDP Query User{5E83E391-249A-4DB4-BE6C-F854329B3442}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
    FirewallRules: [TCP Query User{2FF6C920-B74A-4E0D-819E-D56337F2EB23}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
    FirewallRules: [UDP Query User{E27BAD56-AB74-4D21-A893-336DD260CACE}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
    FirewallRules: [{2CABC0C9-2329-4A54-823E-E74629960D96}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
    FirewallRules: [{4A2ED845-1DBE-4666-9E54-CFDE0337583A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
    FirewallRules: [{763DE35C-D07C-4A62-B596-91BE2DAA1FFD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
    FirewallRules: [{7F45ABBA-92AF-4F8D-8BF8-27270D43A9C1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
    FirewallRules: [{6003E9CD-A138-4031-B09D-9D65D7BAAFF1}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
    FirewallRules: [{A79D523A-6610-4CE5-9EF4-0C43F9F0B3DD}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
    FirewallRules: [{6D24357E-B5EE-42E2-A7BF-ED36973295EB}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
    FirewallRules: [{9D9F7801-388C-49AB-82A7-74FFD38BDC4D}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
    FirewallRules: [{CC3BEC4B-F9EA-4A41-A74B-DBE5B5ADFE0A}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{DF06961E-9960-4F51-B55F-47624BEEB7DA}] => D:\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{F15ED7ED-329F-4608-9F58-C420C07DE427}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{E5B1B159-E816-460F-BF5C-8BB6AC88CA6F}] => D:\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{B443FBA7-2848-4CFC-812E-5151B025666F}] => D:\Origin Games\Titanfall\Titanfall.exe
    FirewallRules: [{05950F9F-92DE-40E3-B8F0-D5F0B7FED4FF}] => D:\Origin Games\Titanfall\Titanfall.exe
    FirewallRules: [{8992FF96-67B3-4CAB-BB72-ADE46920965C}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
    FirewallRules: [{B4E7D120-3B2C-4175-B5A8-0BDDB77B3DF5}] => D:\SteamLibrary2\steamapps\common\Cities_Skylines\Cities.exe
    FirewallRules: [{0AF7D012-5356-4BEA-A25D-A8A5F5525E3D}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [{23FCFBDE-AFA6-4D7D-AD8E-58F54863334F}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect.exe
    FirewallRules: [{B34222C4-CF8D-4912-828B-98D66889BDB0}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
    FirewallRules: [{08313B4B-831B-4D22-89C7-A2446F2DC868}] => D:\SteamLibrary2\steamapps\common\Portal 2\portal2.exe
    FirewallRules: [{6EA2A39E-D5CE-4E6F-97B1-FC72AA45D541}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
    FirewallRules: [{625DD56D-7837-4399-A13C-8988BBACBB28}] => E:\Files\StarCraft II 2\Versions\Base39576\SC2_x64.exe
    FirewallRules: [{40891563-B988-46EA-9820-B7C5E464B166}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{50E31DE1-BCEB-43B2-A993-F186683BB640}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{3D9C6597-B922-4202-B955-03224C20A984}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
    FirewallRules: [{190A8C82-862C-4A73-B3BD-1F951E22AAF2}] => D:\SteamLibrary2\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
    FirewallRules: [{7219BC4D-3E4F-4576-988B-00DBABE989E7}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{0694F81E-A89C-4A66-977E-7F5CF48BE772}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{7CA5FEF0-87EA-4438-9DD0-17B73E15EAE5}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
    FirewallRules: [{D636D9FA-939C-4B65-A172-66F716596E13}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
    FirewallRules: [{3CDF4703-E5D5-4713-8862-17CA78560788}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
    FirewallRules: [{EAFF5FFF-7F7C-46CD-BAD7-84E1011B35AF}] => E:\Files\StarCraft II 2\Versions\Base41743\SC2_x64.exe
    FirewallRules: [TCP Query User{55482BD3-AA22-4146-AA31-442043D5DDF9}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
    FirewallRules: [UDP Query User{CE7A66C2-99D4-4A01-9C2E-DA0E4D070019}C:\gog games\enter the gungeon\etg.exe] => C:\gog games\enter the gungeon\etg.exe
    FirewallRules: [{BD410568-C2D8-4E75-B531-B9981040E885}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{C6C5A191-9C82-4C67-B429-EA617663A79F}] => LPort=2869
    FirewallRules: [{20479539-82B1-413E-8E2E-9FDE981C278A}] => LPort=1900
    FirewallRules: [{21CC8884-23C9-440F-B3FC-8054362CEF46}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
    FirewallRules: [{58D02992-1E07-43F8-86BD-440A307566FF}] => E:\Files\StarCraft II 2\Versions\Base42253\SC2_x64.exe
    FirewallRules: [TCP Query User{DC6D1EED-0862-4BA2-B3CF-13D041B47EB2}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
    FirewallRules: [UDP Query User{541CC553-77EB-40FE-A7EE-350BD99116AA}D:\battle net games\overwatch\overwatch.exe] => D:\battle net games\overwatch\overwatch.exe
    FirewallRules: [{5A52CCD4-9F08-4721-BC33-33143B7BF968}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
    FirewallRules: [{D5E5EEFD-2B94-4B86-9B43-19569D6E6218}] => E:\Files\StarCraft II 2\Versions\Base42932\SC2_x64.exe
    FirewallRules: [{A0B1201F-2DEA-4133-904A-9A3E134C56BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{3FB5DB0B-A1E0-48EF-A7F9-1E11620B88BA}] => D:\SteamLibrary2\steamapps\common\Terraria\Terraria.exe
    FirewallRules: [{604CA1CF-3DA8-4987-AE2D-8F1AC569A4FE}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
    FirewallRules: [{3F247AF4-BCCE-4598-AF4B-F570DDE0DC4F}] => D:\SteamLibrary2\steamapps\common\Age2HD\Launcher.exe
    FirewallRules: [{C780D536-056F-46C2-89F9-C75A4AD8D85E}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
    FirewallRules: [{44BE9D03-20AF-4F1E-9C20-C00BB9F15CF8}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe
    FirewallRules: [{C3F8211B-A747-4C36-8FA7-BCD51262422F}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
    FirewallRules: [{50D7A03F-AAB7-4D14-9B3C-F7CB78BAC7CB}] => D:\SteamLibrary2\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe
    FirewallRules: [{C813053E-85C3-4FCE-A98F-F64AB377515C}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
    FirewallRules: [{02AEF83E-A419-4848-9A95-BF8F65230AB4}] => D:\Program Files (x86)\Mr DJ\Need For Speed Most Wanted Black Edition\speed.exe
    FirewallRules: [{A6270AD3-B51A-4767-B29E-5230302EBC74}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
    FirewallRules: [{BB18A7A7-A6AE-41F9-A3D2-3BA26932ABF8}] => D:\SteamLibrary2\steamapps\common\FlatOut2\FlatOut2.exe
    FirewallRules: [{62E27FF0-8270-41AE-A1AA-61425B2814CA}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
    FirewallRules: [{E2AA4C60-776A-478C-884C-4277DDCB44C5}] => D:\SteamLibrary2\steamapps\common\Trine 2\trine2_launcher.exe
    FirewallRules: [TCP Query User{B36987E6-DA30-41C1-B78F-88FEB396BA37}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
    FirewallRules: [UDP Query User{F0EA91A2-71BF-492F-8A89-D459AAA35E2A}D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe] => D:\steamlibrary2\steamapps\common\trine 2\trine2_32bit.exe
    FirewallRules: [{985B2F18-0DA9-4BE0-9519-79F679DAF809}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
    FirewallRules: [{6496500F-62C6-4B53-B07B-F5A3A211FC46}] => D:\SteamLibrary2\steamapps\common\Company of Heroes 2\RelicCoH2.exe
    FirewallRules: [{3DC9802E-1254-43AA-ACA9-ED0848637A91}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
    FirewallRules: [{04B5B5DA-723A-4013-AD21-D79F57877A2C}] => D:\SteamLibrary2\steamapps\common\TheRoomTwo\TheRoomTwo.exe
    FirewallRules: [TCP Query User{A3BA3E4F-10F1-4871-B872-8D0FBFA3BE0D}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
    FirewallRules: [UDP Query User{4C132067-F08A-42B9-AF92-79749DDC6A03}D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe] => D:\steamlibrary2\steamapps\common\trackmania nations forever\tmforever.exe
    FirewallRules: [{130362D6-B9CE-4064-897B-2F85AB365F5E}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
    FirewallRules: [{BACF3C9F-C771-40FB-9B3C-5A2BE79A8076}] => D:\SteamLibrary2\steamapps\common\FreeStyle2\LauncherSteam.exe
    FirewallRules: [TCP Query User{6DC74B46-5DE6-4DEE-99F0-2ECE7EEEDBF6}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{27DDE796-950E-4045-AD88-DDFD83D9AE2A}C:\users\marvin\appdata\roaming\spotify\spotify.exe] => C:\users\marvin\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{6CAFCF52-E329-419A-A260-16B830758CFE}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
    FirewallRules: [{E2141F5F-AE7B-4B46-9164-7B97AF28B215}] => D:\SteamLibrary2\steamapps\common\ManiaPlanet_TMCanyon\ManiaPlanet.exe
    FirewallRules: [{157414F4-28E8-414E-8121-BF5BE1627F46}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
    FirewallRules: [{13CED9B7-DE2A-4F03-8652-2487A048341E}] => D:\SteamLibrary2\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
    FirewallRules: [{790B1BDF-25FA-454E-9D64-D9487D636CF2}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
    FirewallRules: [{F4AE393F-F1BF-497F-8EED-ED76D40F316F}] => D:\SteamLibrary2\steamapps\common\Super Meat Boy\SuperMeatBoy.exe
    FirewallRules: [TCP Query User{11F1608C-BFF3-47F3-929A-7DD7C89EF38D}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
    FirewallRules: [UDP Query User{C9965CC4-661C-4F6F-B4B3-7DD71C96796C}D:\origin games\battlefield 4\bf4.exe] => D:\origin games\battlefield 4\bf4.exe
    FirewallRules: [TCP Query User{2841BF19-E797-4C58-B406-40F14C5F83F3}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
    FirewallRules: [UDP Query User{75B87E49-279D-481E-AB57-53A5FB1F2833}D:\origin games\battlefield bad company 2\bfbc2game.exe] => D:\origin games\battlefield bad company 2\bfbc2game.exe
    FirewallRules: [{7EC9ED00-0873-4C75-98C7-8B1B633473B1}] => C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{FB6F2570-1429-41C0-8DDC-22EC64725726}] => C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{FB7D1C11-C2EA-4466-A264-DB2CBC34A0AD}] => C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{D2784565-EED7-413F-A033-4C79CC252477}] => C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{03D858A8-891C-45F4-9ADE-6B03801E9B72}] => C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{58A2C62B-3121-4CCF-B5B8-A724C6D8ABC8}] => C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{6931E6E7-A38E-415A-9A10-475B778FD92A}] => C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{D18B0565-4C37-4AB0-997F-9215093FDC82}] => C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{68E05207-A717-49D8-B227-6B575701B61C}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
    FirewallRules: [{9267A602-1433-435C-AF13-D703F9C957BA}] => D:\SteamLibrary2\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
    FirewallRules: [{A4A353D7-A425-41D6-BFC4-3A085F8808BA}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
    FirewallRules: [{A301EB7D-7BD7-4C8E-A414-F5FA3B226930}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\Blacklist_Launcher.exe
    FirewallRules: [{0B217961-2D9E-4F00-A7BD-E6F72648CFD9}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{8B98E7E3-1C8A-465E-BE5E-83412440DD24}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_game.exe
    FirewallRules: [{3ABD7847-D2A9-4274-9D03-FBF5F09D0EA6}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{BDBE934F-3142-416F-B96F-CB24F1C31F67}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\Blacklist_DX11_game.exe
    FirewallRules: [{15FB6868-48F4-4F51-A837-A87160D1B72C}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
    FirewallRules: [{A8B4C5E4-3156-45B5-8468-6F7629C8CDAC}] => D:\SteamLibrary2\steamapps\common\Tom Clancy's Splinter Cell Blacklist\src\SYSTEM\gu.exe
    FirewallRules: [TCP Query User{978249A7-E3CA-4254-AA17-FD7FFC4EDF3D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
    FirewallRules: [UDP Query User{972369D7-BF66-41B7-ADFC-FCBCF9908D7D}D:\origin games\fifa 17 demo\fifa17_demo.exe] => D:\origin games\fifa 17 demo\fifa17_demo.exe
    FirewallRules: [{C8D576DD-9C55-467F-A9F1-A20256AB7B27}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
    FirewallRules: [{E1AE626D-105E-479C-9708-7663599A4724}] => D:\SteamLibrary2\steamapps\common\Mafia II\pc\mafia2.exe
    FirewallRules: [TCP Query User{2130A400-1A75-4E97-8252-B394C98186F0}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
    FirewallRules: [UDP Query User{A94C4A47-B01E-426C-9D8F-33E75F426213}D:\origin games\fifa 17\fifa17.exe] => D:\origin games\fifa 17\fifa17.exe
    FirewallRules: [{CC6D2B93-89D0-4C19-A1FD-725069A85B0F}] => D:\Origin Games\Bejeweled 3\Bejeweled3.exe
    FirewallRules: [{F1694BD4-2917-4867-B2A4-155048B905ED}] => D:\Origin Games\Bejeweled 3\Bejeweled3.exe
    FirewallRules: [{AFD55FF9-6C2C-4514-AD82-63B8C7BEF230}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
    FirewallRules: [{75750E89-6CEA-44E1-8327-B37BDF9F380B}] => D:\Origin Games\Burnout Paradise\BurnoutParadise.exe
    FirewallRules: [{9E6C8FB2-16EF-4122-A53A-1B7AADA907B2}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
    FirewallRules: [{CE9D89F1-8B3B-4A78-96AC-18B27FC76425}] => D:\Origin Games\FIFA 17\FIFASetup\fifaconfig.exe
    FirewallRules: [{EB0573A6-634F-42A9-8DC3-015C818D0BAF}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
    FirewallRules: [{C29F4CB3-CF7E-4909-946B-BE24CE91E86C}] => D:\SteamLibrary2\steamapps\common\EvolveGame\bin64_SteamRetail\Evolve.exe
    FirewallRules: [TCP Query User{8CDAEB39-36B6-4964-ABD1-84DAF026AE3C}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
    FirewallRules: [UDP Query User{9FF1126F-CE84-46F0-97CF-B283362D70CA}D:\battle net games\hearthstone\hearthstone.exe] => D:\battle net games\hearthstone\hearthstone.exe
    FirewallRules: [{2A41F4F2-B79A-4047-BE74-9EFA19E292EC}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
    FirewallRules: [{3370B26E-1739-400F-A0BC-04D343CA49D1}] => D:\SteamLibrary2\steamapps\common\BlockNLoad\Win64\BlockNLoad.exe
    FirewallRules: [{0E1EF994-DE8D-4AF9-B260-D3EB90382EE0}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{E8FFAB56-AC8A-40C5-AC11-2A37607C0D90}] => D:\SteamLibrary2\steamapps\common\dont_starve\bin\dontstarve_steam.exe
    FirewallRules: [{A2E6A700-BF36-4C8D-B0AC-44DBE087EB4E}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
    FirewallRules: [{499F64A3-381C-49E2-AF09-F10230E83B6D}] => D:\SteamLibrary2\steamapps\common\Darksiders II Deathinitive Edition\Darksiders2.exe
    FirewallRules: [{3983C252-EAC3-4D0E-A37D-01EC41D8474E}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
    FirewallRules: [{F3FBB721-9D63-4EA8-A938-4C97538C2143}] => D:\SteamLibrary2\steamapps\common\Reus\Reus.exe
    FirewallRules: [{46398286-1FEA-426F-9352-7C75E07C02CB}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
    FirewallRules: [{60436BA4-6FAE-4446-8D67-FFC7E56952BC}] => D:\SteamLibrary2\steamapps\common\World of Goo\WorldOfGoo.exe
    FirewallRules: [{D684CC3E-1515-4DA8-9E90-BF08D90E7934}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
    FirewallRules: [{77435157-5E03-47C1-8472-50EACA04C981}] => D:\SteamLibrary2\steamapps\common\Darksiders Warmastered Edition\darksiders1.exe
    FirewallRules: [{8B18436B-95F7-4998-A0BF-1F102B9AE7D8}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
    FirewallRules: [{C09F3631-6BD3-4F25-B747-521A6F57618E}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\Win32\TOXIKK.exe
    FirewallRules: [{1B759394-8789-4751-838D-11F65701AFA4}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
    FirewallRules: [{C7F5C3B3-76DF-4300-9BE1-5013C9DB4CEE}] => D:\SteamLibrary2\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
    FirewallRules: [TCP Query User{0A88EE2A-FF4E-46CA-BF41-0E2EB85B0486}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
    FirewallRules: [UDP Query User{DE40AC2E-F40D-4C27-B630-A191B1DE905B}C:\users\marvin\appdata\local\amazon music\amazon music helper.exe] => C:\users\marvin\appdata\local\amazon music\amazon music helper.exe
    FirewallRules: [{B5DDBC43-4B11-4512-805A-E775531D17EB}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
    FirewallRules: [{FD8FBE4C-B561-4F5C-B6F0-14CE5AD0CA56}] => D:\SteamLibrary2\steamapps\common\TrialsPC\datapack\trialsFMX.exe
    FirewallRules: [{7118BBCB-A4F8-466B-93C7-5FB3BA2A4C90}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
    FirewallRules: [{1CFF5713-B412-4B15-A9EC-CF7AAF69D257}] => D:\Program Files (x86)\Daedalic Entertainment GmbH\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe
    FirewallRules: [{114858E4-0739-48E6-94B8-BC3213F24CD0}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{F10342DA-92E9-4D88-8D51-61B9267D1D36}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
    FirewallRules: [{5EAEC0EA-C0BB-4E3E-8832-4E544D909F05}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{3F29D248-1DC4-4EFC-8560-0E340DCDDD10}] => D:\Origin Games\Battlefield 1\bf1Trial.exe
    FirewallRules: [{CA1C2292-723D-4293-86B5-29BF865C588F}] => D:\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{B89451EE-ADF6-4063-8614-6B0863BA77C6}] => D:\Origin Games\Battlefield 1\bf1.exe
    FirewallRules: [{A5C03161-B532-48BB-82BE-5AC252B0FD34}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
    FirewallRules: [{F4C26E9B-1BD7-4740-A63B-3F93CCAFA520}] => D:\SteamLibrary2\steamapps\common\SNOW\Bin64\playSNOW.exe
    FirewallRules: [{2830D4EF-D390-4440-AC61-38F232CBFD10}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
    FirewallRules: [{865F1A64-5F18-4C6F-A842-5EA3237CCC24}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos.exe
    FirewallRules: [{EBBE5780-1B68-47F0-A938-798E0644DD1A}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
    FirewallRules: [{125EDD41-CEB4-4BE6-BB51-17AA8DFFC594}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
    FirewallRules: [{13D6559F-0FE8-472D-9E34-FB3D6212F4CE}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
    FirewallRules: [{9F978A16-3502-4FBD-8D72-F5D58AC5B7BF}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
    FirewallRules: [{5AD4D3F5-4002-4E09-AE84-477A49FBBF61}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
    FirewallRules: [{43C1460F-374A-4D44-A2FB-DD2470405923}] => D:\SteamLibrary2\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
    FirewallRules: [{3B5F0660-1479-4781-8580-F69A0CE5D620}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
    FirewallRules: [{C118E5A3-1C55-462B-9785-C4C8C6553341}] => D:\SteamLibrary2\steamapps\common\Dead by Daylight\DeadByDaylight.exe
    FirewallRules: [TCP Query User{1154AE4E-08F0-4B7B-98A2-03DCD8E16BBA}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
    FirewallRules: [UDP Query User{7CD7D6B1-C654-4A9B-8B5E-93A93FA368DB}D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe] => D:\steamlibrary2\steamapps\common\dead by daylight\deadbydaylight\binaries\win64\deadbydaylight-win64-shipping.exe
    FirewallRules: [{3DE95129-D661-41A7-9093-31DA73F7FB36}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{96EE443A-85B4-4834-8D50-214A05604D52}] => D:\SteamLibrary2\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
    FirewallRules: [{8AD68C55-30F1-4739-8CB2-9359FB15CF9D}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
    FirewallRules: [{9A92B0CA-3BBA-4D42-8613-1ECB0DD15BFB}] => C:\Users\Marvin\AppData\Roaming\ACEStream\engine\ace_engine.exe
    FirewallRules: [{3988CA20-3C73-4F09-A1EA-DEC8F707F0CD}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
    FirewallRules: [TCP Query User{51425A23-ADBF-464E-9D46-8AEA57E1BB88}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
    FirewallRules: [UDP Query User{8CD45599-0FE4-44C4-AB50-7D61AD418F4A}D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rnacher\slime.rancher.v0.4.1\x64\slimerancher.exe
    FirewallRules: [TCP Query User{E221ACA7-1FBF-444A-AD79-DD9CAB0F49CE}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
    FirewallRules: [UDP Query User{F999516F-69B3-4131-8DF3-CAB98992EB7A}D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe] => D:\tros\slime rancher\slime.rancher.v0.4.1\x64\slimerancher.exe
    FirewallRules: [{F44EE477-681E-4B9F-92FF-1F98466C034F}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{E750B4EC-C8E4-41B5-9240-8F0EDFFC5BBD}] => D:\SteamLibrary2\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
    FirewallRules: [{11627BC6-5AAC-4944-BC75-4FDB836D1F24}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
    FirewallRules: [{4B75732E-6B1F-4D0F-B432-64C1816D8F92}] => D:\SteamLibrary2\steamapps\common\TOXIKK\Binaries\ToxikkLauncher.exe
    FirewallRules: [{122BFDFA-1959-4CAA-93F3-DDA9DC4B5F6D}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    08-01-2017 15:14:20 Windows Defender Checkpoint
    08-01-2017 15:32:43 chip 1-click download service wurde entfernt.
    08-01-2017 19:10:23 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/08/2017 07:06:35 PM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

    Error: (01/08/2017 04:45:45 PM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

    Error: (01/08/2017 04:30:58 PM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

    Error: (01/08/2017 04:21:36 PM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

    Error: (01/08/2017 03:46:19 PM) (Source: DbxSvc) (EventID: 320) (User: )
    Description: Failed to connect to the driver: (-2147024894) The system cannot find the file specified.

    Error: (01/08/2017 03:34:56 PM) (Source: chip 1-click download service) (EventID: 0) (User: )
    Description: |ERORRS=;(280) error at getVersion:C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe

    Error: (01/08/2017 03:32:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddWin32ServiceFiles: Unable to back up image of service Double Spaced Firewall since QueryServiceConfig API failed

    System Error:
    The system cannot find the file specified.
    .

    Error: (01/08/2017 03:16:15 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 11d8

    Start Time: 01d269b958ba9446

    Termination Time: 3

    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    Report Id: 01262f72-d5ad-11e6-a620-94de807c80e7

    Error: (01/08/2017 03:14:18 PM) (Source: VSS) (EventID: 8194) (User: )
    Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    .
    This is often caused by incorrect security settings in either the writer or requestor process.


    Operation:
    Gathering Writer Data

    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
    Writer Instance ID: {95764d89-ad32-4c36-a558-be2e89b1a400}

    Error: (01/08/2017 03:00:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program chrome.exe version 55.0.2883.87 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 1304

    Start Time: 01d269b74faee6cb

    Termination Time: 4

    Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    Report Id: d1d88284-d5aa-11e6-a620-94de807c80e7


    System errors:
    =============
    Error: (01/08/2017 07:07:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (01/08/2017 07:07:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Origin Web Helper Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (01/08/2017 07:07:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

    Error: (01/08/2017 04:46:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (01/08/2017 04:46:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Origin Web Helper Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (01/08/2017 04:46:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

    Error: (01/08/2017 04:31:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (01/08/2017 04:31:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The Origin Web Helper Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (01/08/2017 04:31:28 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Origin Web Helper Service service to connect.

    Error: (01/08/2017 04:30:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-8320 Eight-Core Processor
    Percentage of memory in use: 30%
    Total physical RAM: 12254.28 MB
    Available physical RAM: 8473.01 MB
    Total Virtual: 24506.75 MB
    Available Virtual: 20581.53 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:111.69 GB) (Free:15.73 GB) NTFS
    Drive d: (New Volume) (Fixed) (Total:931.51 GB) (Free:16.64 GB) NTFS
    Drive e: (Data) (Fixed) (Total:465.76 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 118BED4E)
    Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 1B2569FF)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 255B7F54)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================

    AswMBR Log:

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2017-01-08 20:54:52
    -----------------------------
    20:54:52.108 OS Version: Windows x64 6.1.7601 Service Pack 1
    20:54:52.109 Number of processors: 8 586 0x200
    20:54:52.110 ComputerName: MARVINS_PC UserName: Marvin
    20:54:53.170 Initialize success
    20:54:53.186 VM: initialized successfully
    20:54:53.187 VM: Amd CPU supported
    20:56:10.828 AVAST engine defs: 16122701
    20:56:17.897 Disk 0 \Device\Harddisk0\DR0 -> \Device\0000006b
    20:56:17.902 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11
    20:56:17.906 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\0000006c
    20:56:17.911 Disk 1 Vendor: KINGSTON 505A Size: 114473MB BusType: 11
    20:56:17.917 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006d
    20:56:17.923 Disk 2 Vendor: TOSHIBA_ MS2O Size: 953869MB BusType: 11
    20:56:17.941 Disk 1 MBR read successfully
    20:56:17.945 Disk 1 MBR scan
    20:56:17.951 Disk 1 Windows 7 default MBR code
    20:56:17.956 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    20:56:17.961 Disk 1 Boot: NTFS code=1
    20:56:17.969 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
    20:56:17.988 Disk 1 scanning C:\Windows\system32\drivers
    20:56:21.247 Service scanning
    20:56:31.840 Modules scanning
    20:56:31.854 Disk 1 trace - called modules:
    20:56:31.865 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    20:56:31.873 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800c172060]
    20:56:31.880 3 CLASSPNP.SYS[fffff880013bc43f] -> nt!IofCallDriver -> [0xfffffa800ac43540]
    20:56:31.888 5 amd_xata.sys[fffff880011a8d00] -> nt!IofCallDriver -> \Device\0000006c[0xfffffa800ac4c060]
    20:56:33.014 AVAST engine scan C:\Windows
    20:56:33.977 AVAST engine scan C:\Windows\system32
    20:57:45.671 AVAST engine scan C:\Windows\system32\drivers
    20:57:49.576 AVAST engine scan C:\Users\Marvin
    21:05:20.769 AVAST engine scan C:\ProgramData
    21:08:48.277 Disk 1 statistics 4717012/0/0 @ 3,87 MB/s
    21:08:48.282 Scan finished successfully
    21:09:07.059 Disk 1 MBR has been saved successfully to "C:\Users\Marvin\Desktop\MBR.dat"
    21:09:07.064 The log file has been saved successfully to "C:\Users\Marvin\Desktop\aswMBR.txt"
    Last edited by tashi; 2017-01-09 at 07:55. Reason: Merged three posts

  2. #2
    Junior Member
    Join Date
    Jan 2017
    Posts
    11

    Unhappy Sorry about the three posts!

    I sincerely thought I had only opened one thread. I read the rules and I know it is work for you to clean them up. Sorry!

  3. #3
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    First
    C:\Windows\SysWOW64\EasyAntiCheat.exe ==> EasyAntiCheat Ltd
    http://www.isthisfilesafe.com/sha1/1...5_details.aspx
    I'd remove this.

    Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
    The above should be removed for now since they are outdated and exploitable. We can download the most current version later.

    ~~~~~~~~~
    I see you have peer-to-peer (P2P) file sharing software installed on your computer (uTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of malware is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

    Your P2P software can be removed by following the instructions below.
    • Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the aforementioned programme(s), right-click and click Uninstall. Follow the prompts.

    If you choose not to, please refrain from using the programme(s) during this process.

    ~~~~

    I have found several suspicious files/folders that I cannot get enough information on to delete off your machine so, we'll have to do some detective work.
    If we can.

    R2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [180224 2017-01-08] () [File not signed]
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe [117561 2017-01-08] ()
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => C:\Program Files\IJD61O2L61\IJD61O2L6.exe [369664 2017-01-08] ()
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe [369664 2017-01-08] ()
    HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
    HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
    HKU\S-1-5-18\...\Run: [71KFQTEHQA] => C:\Program Files\EET2FMBFLG\EET2FMBFL.exe [369664 2017-01-08] ()
    HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
    2017-01-08 16:17 - 2017-01-08 16:17 - 00000000 ____D C:\Program Files\LAT8TQJDDX

    These seem to have the same creation date. Can you look at the files/folders and let me know if you know what these might be?

    I feel like we should try to scan one or two out

    Please go to one of the below sites to scan the following files:
    Virus Total (Recommended)
    jotti.org
    VirScan
    click on Browse, and upload the following file for analysis:

    C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe


    Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
    If it says already scanned -- click "reanalyze now"
    Please post the results in your next reply.

    Also, let's try this file
    C:\Program Files\EET2FMBFLG\EET2FMBFL.exe

    Please post the results in your next reply.

    ~~~~~~~~~~~~~~~~~``

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [UVFmedia] => regsvr32.exe C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll <===== ATTENTION
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
    FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
    FF Plugin HKU\S-1-5-21-4016113358-843845156-2686539769-1000: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
    C:\Windows\SysWOW64\EasyAntiCheat.exe
    C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe
    C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe
    C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe
    Task: {63E4E2EA-492C-41FB-BF97-AE7231771156} - System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
    AlternateDataStreams: C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Marvin\Desktop\In Praise of Idleness.docx:com.dropbox.attributes [168]
    RemoveProxy:
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~``

    I can see AdwCleaner is already on the machine, please right click on that and send it to the recycle bin. We'll get an updated version.

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~~~~

    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~
    please post
    Info on files requested scanned
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Junior Member
    Join Date
    Jan 2017
    Posts
    11

    Default

    I think you may be right about the following files, as they seem to pop up as my troubles with the malware started on the 8.10:

    R2 Chikiing; C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll [180224 2017-01-08] () [File not signed]
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Upmedia] => C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe [117561 2017-01-08] ()
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [Ozmics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [WTVLR6FR20] => C:\Program Files\IJD61O2L61\IJD61O2L6.exe [369664 2017-01-08] ()
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [HV1V03D1C9] => C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe [369664 2017-01-08] ()
    HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
    HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
    HKU\S-1-5-18\...\Run: [71KFQTEHQA] => C:\Program Files\EET2FMBFLG\EET2FMBFL.exe [369664 2017-01-08] ()
    HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"
    2017-01-08 16:17 - 2017-01-08 16:17 - 00000000 ____D C:\Program Files\LAT8TQJDDX

    However i seem to have deleted some of the folders already between my first post and now. To be precise the following directories are gone:
    HKU\S-1-5-18\...\Run: [AOPEMA7LGO] => "C:\Program Files\C5XOWA3WK3\C5XOWA3WK.exe"
    HKU\S-1-5-18\...\Run: [CH6JD6R59R] => "C:\Program Files\CD0CMV632N\CD0CMV632.exe"
    HKU\S-1-5-18\...\Run: [64QMH4ZJYD] => "C:\Program Files\91D5JJKT93\71KFQTEHQ.exe"


    Up next is the Virus Total scan of C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe

    C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe
    https://www.virustotal.com/en/file/0...is/1484049709/


    C:\Program Files\EET2FMBFLG\EET2FMBFL.exe
    https://www.virustotal.com/en/file/0...is/1484050408/

    (I hope this is what is meant with results link)



    Up next is the Adw cleaner log. Everything seemed fine. No files were ticked that needed to stay and googling some of the names revealed virus information. However once my pc restarted my window mode was set to classic windows style and i cannot change it back to my normal windows 7 style. Im not worried, just letting you know. Here are the adw logs:

    # AdwCleaner v6.042 - Logfile created 10/01/2017 at 13:33:18
    # Updated on 06/01/2017 by Malwarebytes
    # Database : 2017-01-09.3 [Server]
    # Operating System : Windows 7 Ultimate Service Pack 1 (X64)
    # Username : Marvin - MARVINS_PC
    # Running from : C:\Users\Marvin\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    [-] Service deleted: WinSAPSvc
    [-] Service deleted: Archer
    [-] Service deleted: iThemes5
    [-] Service deleted: GubedZL


    ***** [ Folders ] *****

    [-] Folder deleted: C:\ProgramData\WinSAPSvc
    [#] Folder deleted on reboot: C:\ProgramData\winsapsvc
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\WinSAPSvc
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\winsapsvc
    [-] Folder deleted: C:\Program Files (x86)\WinArcher
    [#] Folder deleted on reboot: C:\Program Files (x86)\winarcher
    [-] Folder deleted: C:\Program Files (x86)\Gubed


    ***** [ Files ] *****



    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\ScreenShot
    [-] Key deleted: HKLM\SOFTWARE\WinArcher
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
    [-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]


    ***** [ Web browsers ] *****



    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [8071 Bytes] - [08/01/2017 15:45:16]
    C:\AdwCleaner\AdwCleaner[C2].txt - [10267 Bytes] - [08/01/2017 16:20:03]
    C:\AdwCleaner\AdwCleaner[C3].txt - [1345 Bytes] - [08/01/2017 16:30:09]
    C:\AdwCleaner\AdwCleaner[C4].txt - [4666 Bytes] - [09/01/2017 01:14:42]
    C:\AdwCleaner\AdwCleaner[C5].txt - [1865 Bytes] - [10/01/2017 13:33:18]
    C:\AdwCleaner\AdwCleaner[S0].txt - [7221 Bytes] - [08/01/2017 15:44:35]
    C:\AdwCleaner\AdwCleaner[S1].txt - [10082 Bytes] - [08/01/2017 16:19:12]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1481 Bytes] - [08/01/2017 16:29:58]
    C:\AdwCleaner\AdwCleaner[S3].txt - [1604 Bytes] - [08/01/2017 16:43:00]
    C:\AdwCleaner\AdwCleaner[S4].txt - [1677 Bytes] - [08/01/2017 20:12:41]
    C:\AdwCleaner\AdwCleaner[S5].txt - [4988 Bytes] - [09/01/2017 01:14:30]
    C:\AdwCleaner\AdwCleaner[S6].txt - [1897 Bytes] - [09/01/2017 12:58:56]
    C:\AdwCleaner\AdwCleaner[S7].txt - [2557 Bytes] - [10/01/2017 13:31:08]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [2523 Bytes] ##########



    The JRT Log:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 7 Ultimate x64
    Ran by Marvin (Administrator) on 10.01.2017 at 13:42:05,42
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    File System: 16

    Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50GTL9XJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPVY4851 (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRAKWLBR (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLCCXOWP (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2W5SLIY (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M19NFGBN (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSTJUA0W (Temporary Internet Files Folder)
    Successfully deleted: C:\Users\Marvin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYVPIPW2 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50GTL9XJ (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CPVY4851 (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DRAKWLBR (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLCCXOWP (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2W5SLIY (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M19NFGBN (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSTJUA0W (Temporary Internet Files Folder)
    Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYVPIPW2 (Temporary Internet Files Folder)



    Registry: 0
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10.01.2017 at 13:43:46,05
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    I hope that is all. I think I didn't forget anything. Not unlikely though as the autosave of this website didn't save all the text I had written on one of the restarts.
    Attached Files Attached Files

  5. #5
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    By chance, did you run the fixlist. I had created?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Junior Member
    Join Date
    Jan 2017
    Posts
    11

    Default

    Yes! I thought I had written that but i guess it must have gotten lost between the restarts. I closely followed every point mentioned!

  7. #7
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Good.

    Can you search for Fixlog.txt and post the log?

    ~~~

    Also, since you already have Malwarebytes Anti-Malware onboard let's run a new scan.

    Open Malwarebytes Anti-Malware

    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Please paste the log back into this thread for review

    • Exit Malwarebytes
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Junior Member
    Join Date
    Jan 2017
    Posts
    11

    Default

    Fixlog:

    Fix result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
    Ran by Marvin (10-01-2017 13:18:42) Run:1
    Running from C:\Users\Marvin\Desktop\Fixing things
    Loaded Profiles: Marvin (Available Profiles: Marvin)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\...\Run: [UVFmedia] => regsvr32.exe C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll <===== ATTENTION
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
    FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
    FF Plugin HKU\S-1-5-21-4016113358-843845156-2686539769-1000: @acestream.net/acestreamplugin,version=3.1.12.1 -> C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll [No File]
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
    C:\Windows\SysWOW64\EasyAntiCheat.exe
    C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe
    C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe
    C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe
    Task: {63E4E2EA-492C-41FB-BF97-AE7231771156} - System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => pcalua.exe -a "C:\Program Files (x86)\mpck\uninstaller.exe"
    AlternateDataStreams: C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx:com.dropbox.attributes [168]
    AlternateDataStreams: C:\Users\Marvin\Desktop\In Praise of Idleness.docx:com.dropbox.attributes [168]
    RemoveProxy:
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset
    EmptyTemp:
    Hosts:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\Microsoft\Windows\CurrentVersion\Run\\UVFmedia => value removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
    HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
    HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
    HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.91.2 => key not found.
    "C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll" => not found.
    HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2 => key not found.
    "C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll" => not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2 => key not found.
    C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll => not found.
    HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2 => key not found.
    C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll => not found.
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\Software\MozillaPlugins\@acestream.net/acestreamplugin,version=3.1.12.1 => key removed successfully
    C:\Users\Marvin\AppData\Roaming\ACEStream\player\npace_plugin.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\ppGoogleNaClPluginChrome.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\pdf.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\gcswf32.dll => not found.
    C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => not found.
    "C:\Windows\SysWOW64\EasyAntiCheat.exe" => not found.
    C:\Users\Marvin\AppData\Local\Temp\8B5D.tmp.exe => moved successfully
    C:\Users\Marvin\AppData\Local\Temp\900F.tmp.exe => moved successfully
    C:\Users\Marvin\AppData\Local\Temp\ICReinstall_900F.tmp.exe => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63E4E2EA-492C-41FB-BF97-AE7231771156} => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63E4E2EA-492C-41FB-BF97-AE7231771156} => key removed successfully
    C:\Windows\System32\Tasks\{491BF032-D6A1-4FEE-BCB9-110186A33902} => moved successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{491BF032-D6A1-4FEE-BCB9-110186A33902} => key removed successfully
    C:\Users\Marvin\Desktop\22.06.16 Marvin Hartung.docx => ":com.dropbox.attributes" ADS removed successfully.
    C:\Users\Marvin\Desktop\Einführung ins Studium Paper.docx => ":com.dropbox.attributes" ADS removed successfully.
    C:\Users\Marvin\Desktop\In Praise of Idleness.docx => ":com.dropbox.attributes" ADS removed successfully.

    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44361292 B
    Java, Flash, Steam htmlcache => 474441976 B
    Windows/system/drivers => 498569504 B
    Edge => 0 B
    Chrome => 496393371 B
    Firefox => 381544633 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 67300 B
    systemprofile32 => 9015935 B
    LocalService => 332914 B
    NetworkService => 717644 B
    Marvin => 1265678822 B

    RecycleBin => 0 B
    EmptyTemp: => 3 GB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 13:19:12 ====



    Malwarebytes (I only have the free version so I couldn't enter the advanced settings):

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 1/8/17
    Scan Time: 3:29 PM
    Logfile:
    Administrator: Yes

    -Software Information-
    Version: 3.0.5.1299
    Components Version: 1.0.0
    Update Package Version: 1.0.951
    License: Free

    -System Information-
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Marvins_PC\Marvin

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 383970
    Time Elapsed: 1 min, 55 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 6
    PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [863], [325509],1.0.951
    PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009\QNSL6EBB.TMP, Quarantined, [77], [100459],1.0.951
    Adware.DownloadSponsor, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\DMR\DMR_80.EXE, Quarantined, [2435], [358371],1.0.951
    PUP.Optional.Komodia, C:\PROGRAM FILES (X86)\OTHERSEARCH\ZIENGINE.EXE, Quarantined, [1292], [106353],1.0.951
    PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\D4CC.TMP, Quarantined, [77], [156783],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\2b4a6eef476009e5a07c0388a81cb729.exe, Quarantined, [17834], [259462],1.0.951

    Module: 13
    PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Quarantined, [863], [318108],1.0.951
    PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Quarantined, [1292], [106353],1.0.951
    PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Quarantined, [1292], [106353],1.0.951
    PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Quarantined, [1292], [106353],1.0.951
    PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Quarantined, [1292], [106353],1.0.951
    PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Quarantined, [863], [325509],1.0.951
    PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009\QNSL6EBB.TMP, Quarantined, [77], [100459],1.0.951
    Trojan.Miuref.THC, C:\USERS\MARVIN\APPDATA\LOCAL\UPMEDIA\RCBTAMCJ.DLL, Quarantined, [7478], [65255],1.0.951
    Adware.DownloadSponsor, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\DMR\DMR_80.EXE, Quarantined, [2435], [358371],1.0.951
    PUP.Optional.Komodia, C:\PROGRAM FILES (X86)\OTHERSEARCH\ZIENGINE.EXE, Quarantined, [1292], [106353],1.0.951
    PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\D4CC.TMP, Quarantined, [77], [156783],1.0.951
    Adware.Elex.Generic, C:\Program Files (x86)\Qosdomckeloent Launcher\local64spl.dll, Quarantined, [2409], [358290],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\2b4a6eef476009e5a07c0388a81cb729.exe, Quarantined, [17834], [259462],1.0.951

    Registry Key: 27
    PUP.Optional.ConvertAd, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zigipyro, Delete-on-Reboot, [77], [100459],1.0.951
    PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016, Delete-on-Reboot, [863], [325509],1.0.951
    PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [130], [170024],1.0.951
    PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Delete-on-Reboot, [130], [-1],0.0.0
    PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [130], [170024],1.0.951
    PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Delete-on-Reboot, [130], [170024],1.0.951
    PUP.Optional.CleanBrowser, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CleanBrowser, Delete-on-Reboot, [1859], [181961],1.0.951
    PUP.Optional.OtherSearch, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\OtherSearch, Delete-on-Reboot, [707], [306041],1.0.951
    Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DPower_is1, Delete-on-Reboot, [2306], [350732],1.0.951
    Adware.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mobilepcstarterkit_is1, Delete-on-Reboot, [2306], [350732],1.0.951
    PUP.Optional.ConvertAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PopupProduct, Delete-on-Reboot, [77], [236933],1.0.951
    PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\d3a01f8ee8c49abc0a56c9bdd2e477ae, Delete-on-Reboot, [17881], [261569],1.0.951
    PUP.Optional.ConvertAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NUIns, Delete-on-Reboot, [77], [246227],1.0.951
    PUP.Optional.OtherSearch, HKLM\SOFTWARE\WOW6432NODE\OTHERSEARCH, Delete-on-Reboot, [707], [305744],1.0.951
    PUP.Optional.StartGo123, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetUtils2016srv, Delete-on-Reboot, [863], [325507],1.0.951
    PUP.Optional.Trovi, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Delete-on-Reboot, [6149], [244207],1.0.951
    PUP.Optional.Social2Search, HKLM\SOFTWARE\WOW6432NODE\Socia2Sear Browser Enhancer, Delete-on-Reboot, [444], [345866],1.0.951
    PUP.Optional.Social2Search, HKLM\SOFTWARE\Socia2Sear Browser Enhancer, Delete-on-Reboot, [444], [345866],1.0.951
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASAPI32, Delete-on-Reboot, [12875], [253642],1.0.951
    PUP.Optional.SearchProtect.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASMANCS, Delete-on-Reboot, [12875], [253642],1.0.951
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\cltmng_RASAPI32, Delete-on-Reboot, [2455], [184777],1.0.951
    PUP.Optional.SearchProtect, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\cltmng_RASMANCS, Delete-on-Reboot, [2455], [184777],1.0.951
    PUP.Optional.AppTrailers, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\APPDATALOW\SOFTWARE\AppTrailers, Delete-on-Reboot, [1067], [324090],1.0.951
    Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\apc6tt41, Delete-on-Reboot, [2086], [339986],1.0.951
    PUP.Optional.Wajam.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\d3a01f8ee8c49abc0a56c9bdd2e477ae, Delete-on-Reboot, [17834], [259462],1.0.951
    PUP.Optional.Wajam, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\WajIEnhance, Delete-on-Reboot, [130], [244670],1.0.951
    PUP.Optional.Tuto4PC, HKU\S-1-5-18\SOFTWARE\MICROSOFT\wewewe, Delete-on-Reboot, [112], [339689],1.0.951

    Registry Value: 20
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|OMEWPRODUCT_OO26R, Delete-on-Reboot, [2306], [350732],1.0.951
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|OTUTPRODUCT_ZTC9C, Delete-on-Reboot, [2306], [350732],1.0.951
    PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [130], [-1],0.0.0
    PUP.Optional.Wajam, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [130], [-1],0.0.0
    PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Delete-on-Reboot, [130], [-1],0.0.0
    Adware.Tuto4PC, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|OMEWPRODUCT_K3D4B, Delete-on-Reboot, [2306], [350732],1.0.951
    PUP.Optional.Tuto4PC, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9M71O69FYI, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|9M71O69FYI, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|DiskPower, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [95], [-1],0.0.0
    PUP.Optional.Linkury.ACMB1, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, Delete-on-Reboot, [95], [-1],0.0.0
    PUP.Optional.Social2Search.Gen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\d3a01f8ee8c49abc0a56c9bdd2e477ae|DISPLAYNAME, Delete-on-Reboot, [17881], [261569],1.0.951
    PUP.Optional.OtherSearch, HKLM\SOFTWARE\WOW6432NODE\OTHERSEARCH|AFFID, Delete-on-Reboot, [707], [305744],1.0.951
    PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DPOWER_IS1|PUBLISHER, Delete-on-Reboot, [112], [314797],1.0.951
    PUP.Optional.ConvertAd.Gen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\zigipyro|IMAGEPATH, Delete-on-Reboot, [10337], [257691],1.0.951
    Adware.Sasquor.SPL, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\PROVIDERS\apc6tt41|NAME, Delete-on-Reboot, [2086], [339986],1.0.951
    PUP.Optional.Trovi, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|URL, Delete-on-Reboot, [6149], [244206],1.0.951
    PUP.Optional.Conduit, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|SUGGESTIONSURL_JSON, Delete-on-Reboot, [715], [236867],1.0.951
    PUP.Optional.Trovi, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}|DISPLAYNAME, Delete-on-Reboot, [6149], [244206],1.0.951
    PUP.Optional.Trovi, HKU\S-1-5-21-4016113358-843845156-2686539769-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Replace-on-Reboot, [6149], [293219],1.0.951

    Data Stream: 0
    (No malicious items detected)

    Folder: 21
    PUP.Optional.HDWallPaper, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\HDWallPaper, Delete-on-Reboot, [169], [314888],1.0.951
    PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser\Temp, Delete-on-Reboot, [1859], [181961],1.0.951
    PUP.Optional.CleanBrowser, C:\PROGRAM FILES (X86)\CleanBrowser, Delete-on-Reboot, [1859], [181961],1.0.951
    PUP.Optional.HDWallPaper, C:\PROGRAM FILES (X86)\HDWallPaper, Delete-on-Reboot, [169], [314832],1.0.951
    PUP.Optional.OtherSearch, C:\PROGRAM FILES (X86)\OtherSearch, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.Tuto4PC, C:\Users\Marvin\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105\2.00, Delete-on-Reboot, [112], [182348],1.0.951
    PUP.Optional.Tuto4PC, C:\Users\Marvin\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105, Delete-on-Reboot, [112], [182348],1.0.951
    PUP.Optional.Tuto4PC, C:\USERS\MARVIN\APPDATA\LOCAL\tuto_monetize_120170105, Delete-on-Reboot, [112], [182348],1.0.951
    PUP.Optional.Tuto4PC, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105\2.00, Delete-on-Reboot, [112], [182348],1.0.951
    PUP.Optional.Tuto4PC, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105, Delete-on-Reboot, [112], [182348],1.0.951
    PUP.Optional.Tuto4PC, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\tuto_monetize_120170105, Delete-on-Reboot, [112], [182348],1.0.951
    Adware.Wajam, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\SOCIA2SEAR BROWSER ENHANCER, Delete-on-Reboot, [1771], [348378],1.0.951
    PUP.Optional.Tuto4PC, C:\PROGRAM FILES (X86)\DPOWER, Delete-on-Reboot, [112], [314798],1.0.951
    Adware.Elex.Generic, C:\PROGRAM FILES (X86)\QOSDOMCKELOENT LAUNCHER, Delete-on-Reboot, [2409], [358290],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\index-dir, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\USERS\MARVIN\APPDATA\LOCAL\APPTRAILERS, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009, Delete-on-Reboot, [77], [236933],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\ba6f752ba72daac512434e87abb96fc6, Delete-on-Reboot, [17834], [259462],1.0.951
    PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\d3a01f8ee8c49abc0a56c9bdd2e477ae, Delete-on-Reboot, [17834], [259462],1.0.951

    File: 179
    PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\NETUTILS2016.DLL, Delete-on-Reboot, [863], [318108],1.0.951
    PUP.Optional.Komodia, C:\WINDOWS\SYSTEM32\ZDENGINE64.DLL, Delete-on-Reboot, [1292], [106353],1.0.951
    PUP.Optional.StartGo123, C:\WINDOWS\SYSWOW64\NETUTILS2016.EXE, Delete-on-Reboot, [863], [325509],1.0.951
    PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009\QNSL6EBB.TMP, Delete-on-Reboot, [77], [100459],1.0.951
    Trojan.Miuref.THC, C:\USERS\MARVIN\APPDATA\LOCAL\UPMEDIA\RCBTAMCJ.DLL, Delete-on-Reboot, [7478], [65255],1.0.951
    Adware.DownloadSponsor, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\DMR\DMR_80.EXE, Delete-on-Reboot, [2435], [358371],1.0.951
    PUP.Optional.Komodia, C:\PROGRAM FILES (X86)\OTHERSEARCH\ZIENGINE.EXE, Delete-on-Reboot, [1292], [106353],1.0.951
    PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\D4CC.TMP, Delete-on-Reboot, [77], [156783],1.0.951
    PUP.Optional.StartGo123, C:\WINDOWS\SYSTEM32\DRIVERS\NETUTILS2016.SYS, Delete-on-Reboot, [863], [325509],1.0.951
    Adware.Tuto4PC, C:\WINDOWS\TEMP\QDI1TJ9L5N.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
    Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MPCK\VVJ2V9.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
    Adware.Tuto4PC, C:\PROGRAM FILES (X86)\DPOWER\A91E4T.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
    PUP.Optional.HDWallPaper, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\HDWallPaper\config.ini, Delete-on-Reboot, [169], [314888],1.0.951
    PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser\Temp\_1.zip, Delete-on-Reboot, [1859], [181961],1.0.951
    PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser\uninstall.exe, Delete-on-Reboot, [1859], [181961],1.0.951
    PUP.Optional.CleanBrowser, C:\Program Files (x86)\CleanBrowser\version, Delete-on-Reboot, [1859], [181961],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\freebl3.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\kke.exe, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\libnspr4.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\libplc4.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\libplds4.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\nss3.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\nssckbi.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\nssdbm3.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\nssutil3.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\slite.exe, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\smime3.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\softokn3.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\sqlite3.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\ssl3.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\uninstall.exe, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\updengine.exe, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdengine.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdengine.exe, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdengine.tlb, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdengine64.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdenginecert.dll, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdinstaller.exe, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdwfp.sys, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\zdwfp64.sys, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\ziengine.ini, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.OtherSearch, C:\Program Files (x86)\OtherSearch\ziengine64.exe, Delete-on-Reboot, [707], [306041],1.0.951
    PUP.Optional.Tuto4PC, C:\Users\Marvin\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105\2.00\cnf.cyl, Delete-on-Reboot, [112], [182348],1.0.951
    PUP.Optional.Tuto4PC, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\tuto_monetize_120170105\tuto_monetize_120170105\2.00\cnf.cyl, Delete-on-Reboot, [112], [182348],1.0.951
    Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\Settings.lnk, Delete-on-Reboot, [1771], [348378],1.0.951
    Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\SignIn with Twitter.lnk, Delete-on-Reboot, [1771], [348378],1.0.951
    Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\Social2Search Website.lnk, Delete-on-Reboot, [1771], [348378],1.0.951
    Adware.Wajam, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer\uninstall.lnk, Delete-on-Reboot, [1771], [348378],1.0.951
    PUP.Optional.Trovi, C:\USERS\MARVIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5954LDYI.DEFAULT\PREFS.JS, Replaced, [6149], [301684],1.0.951
    PUP.Optional.Tuto4PC, C:\PROGRAM FILES (X86)\MPCK\MOBILEPCSTARTERKIT_WIDGET.EXE, Delete-on-Reboot, [112], [14224],1.0.951
    Adware.Elex.Generic, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\ERGICKMIDUTION\TABUTAIN.DLL, Delete-on-Reboot, [2409], [356335],1.0.951
    Adware.Tuto4PC, C:\PROGRAM FILES (X86)\DPOWER\UNINSTALLER.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
    Adware.Tuto4PC, C:\PROGRAM FILES (X86)\MPCK\UNINSTALLER.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
    PUP.Optional.Tuto4PC, C:\PROGRAM FILES (X86)\DPOWER\UNINS000.DAT, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\A91E4T.exe.config, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\B16NQ2AGGD.exe, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\B16NQ2AGGD.exe.config, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\cast.config, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\config.conf, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\DiskPower.exe, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\DiskPower.exe.conf, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\LinqBridge.dll, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\unins000.exe, Delete-on-Reboot, [112], [314798],1.0.951
    PUP.Optional.Tuto4PC, C:\Program Files (x86)\DPower\uninstaller.exe.config, Delete-on-Reboot, [112], [314798],1.0.951
    Adware.Elex.Generic, C:\PROGRAM FILES (X86)\MAPADOMCOAVECK\TABUTAIN.DLL, Delete-on-Reboot, [2409], [356335],1.0.951
    PUP.Optional.Linkury.ACMB1, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\INSTALLATIONCONFIGURATION.XML, Delete-on-Reboot, [95], [302554],1.0.951
    PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\NSB46E0.TMP, Delete-on-Reboot, [77], [290930],1.0.951
    PUP.Optional.Komodia, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\ZDENGINE.LOG, Delete-on-Reboot, [1292], [257778],1.0.951
    PUP.Optional.PreInstaller, C:\WINDOWS\TEMP\44D4.TMP, Delete-on-Reboot, [8553], [77080],1.0.951
    Adware.Elex.Generic, C:\PROGRAM FILES (X86)\QOSDOMCKELOENT LAUNCHER\LOCAL64SPL.DLL.INI, Delete-on-Reboot, [2409], [358290],1.0.951
    Adware.Elex.Generic, C:\Program Files (x86)\Qosdomckeloent Launcher\local64spl.dll, Delete-on-Reboot, [2409], [358290],1.0.951
    Adware.Tuto4PC, C:\WINDOWS\TEMP\KMLN8HZGI3\APPSOFT.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
    PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\44CE.TMP, Delete-on-Reboot, [77], [100461],1.0.951
    Adware.ConvertAd, C:\WINDOWS\TEMP\44CF.TMP, Delete-on-Reboot, [118], [158747],1.0.951
    Bootkit.Agent.VBR, C:\WINDOWS\TEMP\SETCS86.EXE, Delete-on-Reboot, [2935], [356131],1.0.951
    PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\5Q94R4H0M6\CASTER12.EXE, Delete-on-Reboot, [112], [331647],1.0.951
    PUP.Optional.Freemium, C:\USERS\MARVIN\DOWNLOADS\PAZERA-FREE-MKV-TO-AVI-CONVERTER-1.4-SETUP.EXE, Delete-on-Reboot, [12540], [301050],1.0.951
    PUP.Optional.SilentInstaller, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\F9626892-7A78-3199-ABD2-97BBCE96297B\OFFERINSTALLER.EXE, Delete-on-Reboot, [4042], [11846],1.0.951
    PUP.Optional.AppTrailers, C:\USERS\MARVIN\APPDATA\LOCAL\APPTRAILERS\WEB DATA, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\index-dir\the-real-index, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\01ebf43b86245e64_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\02cdb733b079655d_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0457719a18f2c25e_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0531a1d1ab0cc80f_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0571c8d23ca44cda_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\08bc571418449ead_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0d38e65b97b6ca2f_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0ed73590870cfbd2_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0ed7399215f555d7_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0ef5b10d79d9f0cb_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\b76bcaff47320d20_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\bd48447363dfb226_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\be189d201694bf89_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\bfbe9938bbb38577_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c2265d7297447e4e_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c3329b5e71fb9773_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c3e54f2da56e3070_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c487316b1c7eb401_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c79eea9e3fb663aa_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\c8bff37e9d993e8c_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\d19a15ac54bfa3ba_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\d1e76506be7d2271_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\d652598e0bff0a74_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\dc7c883ebdb4ce43_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\31dd53db120ebb87_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\3a977894dc0fcd39_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\404cef6e0d04e861_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\442182c02ee0a243_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\4be17a7342b462e7_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\4d75eab78299f375_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\5125b9f58b582f46_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\52992baca7882ec5_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\575096e145d8e7dc_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\5787831d921a5b92_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\5ede7465ad814101_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\60fa0cf60109e35a_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\66e510668b4796e9_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\dd1fa8967c9eedf1_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\e992121cad948854_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\ea15db24a55301bc_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\f4beaede20fc0699_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\f552ab47376f113e_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\f74a8c1655500d73_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\fbef9ceaf336383d_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\fddd11ea475c5135_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\index, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\690236e4ca6ee8d1_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\6a049d05dc31f2bf_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\76e51e810ffd774c_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\7d8cebaadfd53fbf_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\8326a92c0f293bc4_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\83a226c1379f7a18_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\8d9b27c428a8f6a3_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\8f60e69a4afd6f60_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\95232c08f503d1f3_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\a1f309cd5a3eb6fa_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\a43e398740182b4b_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\b3986aa6d1a5b1ca_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\b3edef432256edd5_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\0fc3db66b9cbe75d_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\1b72c2d37a2af109_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\1dff67c9badf383d_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\1e20774a42d716f3_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\234986793e71f265_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\26968e7a0c71776d_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\2819c5233c1f77b4_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\2ac381ccd53e2ce0_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\2b11e2e523e5d524_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\3082972055161e5d_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Cache\dcd59cd60e5c727c_0, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage\file__0.localstorage, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage\file__0.localstorage-journal, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Local Storage\http_www.imdb.com_0.localstorage-journal, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\cookies, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\cookies-journal, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.AppTrailers, C:\Users\Marvin\AppData\Local\AppTrailers\Web Data-journal, Delete-on-Reboot, [1067], [324095],1.0.951
    PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\AD7LU40SJU.EXE, Delete-on-Reboot, [112], [314786],1.0.951
    PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\SGQP2M4VR7.EXE, Delete-on-Reboot, [112], [124446],1.0.951
    PUP.Optional.Komodia, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\ZIENGINE.INI.LOG, Delete-on-Reboot, [1292], [257777],1.0.951
    Adware.DownloadSponsor, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\DMR\DMR_72.EXE, Delete-on-Reboot, [2435], [358371],1.0.951
    Trojan.Agent, C:\WINDOWS\TEMP\HCPLCS.EXE, Delete-on-Reboot, [22], [357677],1.0.951
    PUP.Optional.ConvertAd, C:\WINDOWS\TEMP\NSC7FD5.TMP, Delete-on-Reboot, [77], [290930],1.0.951
    Adware.Tuto4PC, C:\WINDOWS\TEMP\5Q94R4H0M6\ADVISE.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
    PUP.Optional.Komodia, C:\WINDOWS\SYSWOW64\ZDENGINE.DLL, Delete-on-Reboot, [1292], [106353],1.0.951
    PUP.Optional.Bundler, C:\USERS\MARVIN\APPDATA\LOCAL\TEMP\FSD4A58.EXE, Delete-on-Reboot, [222], [8918],1.0.951
    PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\5Q94R4H0M6\CASTER19.EXE, Delete-on-Reboot, [112], [331647],1.0.951
    PUP.Optional.Tuto4PC, C:\WINDOWS\TEMP\KMLN8HZGI3\CAS.EXE, Delete-on-Reboot, [112], [331647],1.0.951
    Adware.Tuto4PC, C:\WINDOWS\TEMP\SKN52WL02O\APPSOFT.EXE, Delete-on-Reboot, [2306], [350732],1.0.951
    PUP.Optional.ConvertAd, C:\USERS\MARVIN\APPDATA\LOCAL\03DE0294-1483888355-057C-8006-E70700080009\UNINSTALL.EXE, Delete-on-Reboot, [77], [236933],1.0.951
    PUP.Optional.ResultsHub, C:\USERS\MARVIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\https_manyresultshub-a.akamaihd.net_0.localstorage, Delete-on-Reboot, [12044], [242323],1.0.951
    PUP.Optional.Wajam.Gen, C:\PROGRAM FILES\d3a01f8ee8c49abc0a56c9bdd2e477ae\ba6f752ba72daac512434e87abb96fc6\7623053ac9ebe33858647506cdbf2f89.ico, Delete-on-Reboot, [17834], [259462],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\ba6f752ba72daac512434e87abb96fc6\7bd57047150e93a8a64b87905cf54301.ico, Delete-on-Reboot, [17834], [259462],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\ba6f752ba72daac512434e87abb96fc6\7dfd53909d5f754c9c0a2510f14c807f.ico, Delete-on-Reboot, [17834], [259462],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\0108cc1966b04a525eeec2f2c19ecf06.exe, Delete-on-Reboot, [17834], [259462],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\2b4a6eef476009e5a07c0388a81cb729.exe, Delete-on-Reboot, [17834], [259462],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\3348092d021e7bca63f77820731c3243, Delete-on-Reboot, [17834], [259462],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\7bd57047150e93a8a64b87905cf54301.ico, Delete-on-Reboot, [17834], [259462],1.0.951
    PUP.Optional.Wajam.Gen, C:\Program Files\d3a01f8ee8c49abc0a56c9bdd2e477ae\f45a21687b2122533a920d405cd65568.exe, Delete-on-Reboot, [17834], [259462],1.0.951

    Physical Sector: 0
    (No malicious items detected)


    (end)

  9. #9
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Whoa nellie!

    Had no idea you had this amount of junk on your computer.

    After the last scan I hope your seeing improvements?

    ~~~~~~~~~~~~~~~~~~~~~~

    • Download Emsisoft Emergency Kit and save it to your desktop.
    • Double-click icon then click Install
    • A Window should open highlighting Start Emergency Kit Scanner
    • Right click on the icon and select Run as administrator
    • Click Update now!
    • Once the update is completed select Settings under Scan
    • Uncheck Join the Emsisoft Anti-Malware Network
    • Click Scan at the top
    • Click On scan completion
    • Click Quarantine detected objects, then click OK
    • Click Malware Scan
    • Once completed click View Report
    • Save the file to your Desktop using the default file name
    • Copy and paste the report in your reply

    ===============
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Jan 2017
    Posts
    11

    Default

    It seems so. Wasn't aware of it either. I am indeed noticing changes. I can use Youtube again and one program that wouldn't start up yesterday is starting up now. Whether that has anything to do with what we have done so far, I don't know.

    Here is the Emisoft Emergency Kit Scan log (Unfortunately in German, must have overlooked the language selection screen):

    Emsisoft Emergency Kit – Version 12.0
    Letztes Update: 10.01.2017 18:02:37
    Benutzerkonto: Marvins_PC\Marvin
    Computer name: MARVINS_PC
    OS version: Windows 7x64 Service Pack 1

    Scan-Einstellungen:

    Scan-Methode: Malware-Scan
    Objekte: Rootkits, Speicher, Traces, Dateien

    PUPs-Erkennung: An
    Archiv-Scan: Aus
    ADS-Scan: An
    Dateierweiterungen: Aus
    Direkter Festplattenzugriff: Aus

    Scan-Beginn: 10.01.2017 18:05:13
    C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe Gefunden: Gen:Heur.MSIL.Krypt.4 (B) [krnl.xmd]
    C:\Program Files\IJD61O2L61\IJD61O2L6.exe Gefunden: Gen:Heur.MSIL.Krypt.4 (B) [krnl.xmd]
    C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll Gefunden: Gen:Variant.Razy.22856 (B) [krnl.xmd]
    C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe Gefunden: Trojan.GenericKD.4134817 (B) [krnl.xmd]
    c:\program files (x86)\mapadomcoaveck\bmssch.dll Gefunden: Gen:Variant.Graftor.313143 (B) [krnl.xmd]
    C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll Gefunden: Gen:Variant.Graftor.313143 (B) [krnl.xmd]
    C:\Program Files (x86)\Mapadomcoaveck\Shidpywifuph.dll Gefunden: Gen:Variant.Mikey.57567 (B) [krnl.xmd]
    C:\Program Files (x86)\Mapadomcoaveck\CrashReport.dll Gefunden: Gen:Variant.Graftor.318031 (B) [krnl.xmd]
    C:\Program Files (x86)\Mapadomcoaveck\Release038.dll Gefunden: Gen:Variant.Graftor.312033 (B) [krnl.xmd]
    C:\Program Files\EET2FMBFLG\EET2FMBFL.exe Gefunden: Gen:Heur.MSIL.Krypt.4 (B) [krnl.xmd]
    C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll Gefunden: Gen:Variant.Razy.22856 (B) [krnl.xmd]
    C:\Users\Marvin\Desktop\install_patch\sonar 8 install patch.exe Gefunden: Trojan.Generic.5487364 (B) [krnl.xmd]
    C:\Users\Marvin\Desktop\install_patch\sonar 8.02 update install patch.exe Gefunden: Trojan.Generic.1410268 (B) [krnl.xmd]
    C:\Users\Marvin\Desktop\install_patch\sonar 8.01 update install patch.exe Gefunden: Trojan.Generic.1410268 (B) [krnl.xmd]
    C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8 install patch.exe Gefunden: Virtool.21901 (B) [krnl.xmd]
    C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8.01 update install patch.exe Gefunden: Virtool.22821 (B) [krnl.xmd]
    C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8.02 update install patch.exe Gefunden: Virtool.21371 (B) [krnl.xmd]
    C:\Users\Marvin\Downloads\Better DS3 - CHIP-Installer.exe Gefunden: Application.AdLoad (A) [283292]
    C:\Users\Marvin\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe Gefunden: Application.AdLoad (A) [283292]
    C:\Users\Marvin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe Gefunden: Application.AdLoad (A) [283292]
    C:\Users\Marvin\Downloads\SpeedFan - CHIP-Installer.exe Gefunden: Application.AdLoad (A) [283292]
    C:\Windows\f45a21687b2122533a920d405cd65568.exe Gefunden: Adware.GenericKD.4147491 (B) [krnl.xmd]

    Gescannt: 80550
    Gefunden 22

    Scan-Ende: 10.01.2017 18:06:34
    Scan-Zeit: 0:01:21

    c:\program files (x86)\mapadomcoaveck\bmssch.dll Gen:Variant.Graftor.313143 (B)
    C:\Users\Marvin\AppData\Local\UVFmedia\gdiServices54.dll Gen:Variant.Razy.22856 (B)
    C:\Program Files (x86)\Mapadomcoaveck\Shidpywifuph.dll Gen:Variant.Mikey.57567 (B)
    C:\Program Files (x86)\Mapadomcoaveck\CrashReport.dll Gen:Variant.Graftor.318031 (B)
    C:\Users\Marvin\Downloads\SpyBot Search Destroy - CHIP-Installer.exe Application.AdLoad (A)
    C:\Program Files\LAT8TQJDDX\LAT8TQJDD.exe Gen:Heur.MSIL.Krypt.4 (B)
    C:\Users\Marvin\AppData\Local\Upmedia\gdks34.exe Trojan.GenericKD.4134817 (B)
    C:\Users\Marvin\Desktop\install_patch\sonar 8.01 update install patch.exe Trojan.Generic.1410268 (B)
    C:\Users\Marvin\Desktop\install_patch\sonar 8.02 update install patch.exe Trojan.Generic.1410268 (B)
    C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8.01 update install patch.exe Virtool.22821 (B)
    C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8.02 update install patch.exe Virtool.21371 (B)
    C:\Program Files (x86)\Mapadomcoaveck\Release038.dll Gen:Variant.Graftor.312033 (B)
    C:\Users\Marvin\Desktop\install_patch\sonar 8 install patch.exe Trojan.Generic.5487364 (B)
    C:\Users\Marvin\Downloads\SpeedFan - CHIP-Installer.exe Application.AdLoad (A)
    C:\Program Files (x86)\Mapadomcoaveck\BmsSch.dll Gen:Variant.Graftor.313143 (B)
    C:\Users\Marvin\Downloads\Malwarebytes Malware Scanner - CHIP-Installer.exe Application.AdLoad (A)
    C:\Program Files\EET2FMBFLG\EET2FMBFL.exe Gen:Heur.MSIL.Krypt.4 (B)
    C:\Program Files\IJD61O2L61\IJD61O2L6.exe Gen:Heur.MSIL.Krypt.4 (B)
    C:\Users\Marvin\AppData\Local\Upmedia\gdiServices54.dll Gen:Variant.Razy.22856 (B)
    C:\Windows\f45a21687b2122533a920d405cd65568.exe Adware.GenericKD.4147491 (B)
    C:\Users\Marvin\Desktop\install_patch\alternative\Sonar 8 install patch.exe Virtool.21901 (B)
    C:\Users\Marvin\Downloads\Better DS3 - CHIP-Installer.exe Application.AdLoad (A)

    Quarantäne 22

    If you want me to use the scan again in english, just tell me and I will see what I can do.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •