Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-virus turns off after reboot


  • This topic is locked This topic is locked
10 replies to this topic

#1 Black_ice

Black_ice

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 03 November 2015 - 09:36 AM

My Panda Free Antivirus turns off after i turn on my computer. I believe it does this every time i start up Windows. I am afraid my PC is infected with malware or a rootkit. I get a message from Windows 10 saying my antivirus software is disabled, I can turn Panda back on but scanning my PC with Panda Antivirus (rootkit scanning enabled) and Malwarebytes Anti-Malware yields no results.

Also today Windows would not start properly after installing an update. Startup programs loaded incredibly slow and the task bar was slow as well. It would take minutes for every program to show up as an icon in the task bar, if at all (including Panda). Task manager would not open. Only after managing to restart the PC through Windows it went back to normal. Don't know if this is related but it has happened before. Could be one of my external HDD's going crazy.
 
Aside from an occasional blue screen crash (something about 'critical process stopped'), I do not notice any other abnormalities in the behaviour of my PC.

Here's my FRST.txt log:
"Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Martijn (administrator) on MARTYBOY (03-11-2015 15:16:43)
Running from I:\Programs
Loaded Profiles: Martijn (Available Profiles: Martijn & Administrator)
Platform: Windows 10 Pro N (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Seagate Technology LLC) D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(http://winaero.com) D:\Programs\x64\OpaqueTaskbar.exe
(Seagate Technology LLC) D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Pushbullet Inc) C:\Users\Martijn\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Google Inc.) C:\Users\Martijn\AppData\Local\Google\Update\GoogleUpdate.exe
() C:\Program Files (x86)\SVP\SVPMgr.exe
(Pushbullet Inc) C:\Users\Martijn\AppData\Local\Temp\pushbullet_watchdog.exe
() D:\Programs\cpkeeper\CPKeeper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
() D:\Program Files (x86)\Func\MS-3\MS-3_Core.exe
() D:\Program Files (x86)\Func\MS-3\MS-3_Tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Waterfox) C:\Program Files\Waterfox\waterfox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(OldTimer Tools) D:\Programs\TFC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-07-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104088 2012-11-01] (VMware, Inc.)
HKLM-x32\...\Run: [DBAgent] => D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM-x32\...\Run: [Func Ms3] => D:\Program Files (x86)\Func\MS-3\MS-3_Core
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [904824 2015-08-19] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [OpaqueTaskbar] => D:\Programs\x64\OpaqueTaskbar.exe [62464 2013-04-22] (http://winaero.com)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Uploader] => D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Pushbullet] => D:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Google Update] => C:\Users\Martijn\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-18] (Google Inc.)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [SVPMgr] => C:\Program Files (x86)\SVP\SVPMgr.exe [973824 2015-07-06] ()
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Martijn\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Color Profile Keeper] => D:\Programs\cpkeeper\CPKeeper.exe [7922176 2015-08-20] ()
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\MountPoints2: {75f8ebcf-4675-11e5-9d95-e03f49115a4c} - "G:\autorun.exe"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\MountPoints2: {a05884e0-6ae3-11e5-9de1-806e6f6e6963} - "G:\autorun.exe"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\MountPoints2: {be3cfdd7-6051-11e5-9dcd-e03f49115a4c} - "G:\autorun.exe"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\sshtml.scr [227840 2015-03-14] (djmclean)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{352C92E7-E8EF-4E62-9785-25263D66ADE1}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{87c21c88-5e67-4f75-920f-d9624993afc3}: [DhcpNameServer] 10.211.254.254 8.8.8.8
Tcpip\..\Interfaces\{98dcc31a-1725-471d-b98a-45334c16c0a0}: [DhcpNameServer] 192.168.2.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: AlxHelper Class -> {F443A627-5009-4323-9C1D-7FD598D0D712} -> C:\Program Files\Alexa Toolbar\AlexaToolbar.11.0.dll [2013-10-18] (Alexa.com)
BHO-x32: Microsoft.Search.HRSToolBar.InitToolbarBHO -> {1d970ed5-3eda-438d-bffd-715931e2775d} -> C:\WINDOWS\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: No Name -> {F443A627-5009-4323-9C1D-7FD598D0D712} -> No File
Toolbar: HKLM - Alexa Toolbar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Alexa Toolbar\AlexaToolbar.11.0.dll [2013-10-18] (Alexa.com)
Toolbar: HKLM-x32 - No Name - {EA582743-9076-4178-9AA6-7393FDF4D5CE} -  No File
Toolbar: HKLM-x32 - Bing HRS Toolbar - {c9a6357b-25cc-4bcf-96c1-78736985d414} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default
FF DefaultSearchEngine: StartPage
FF Homepage: hxxp://www.netvibes.com/privatepage/1#Algemeen
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [2014-08-27] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [2014-08-27] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1789035615-2181655339-79741492-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1789035615-2181655339-79741492-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\searchplugins\lastfm.xml [2015-03-20]
FF SearchPlugin: C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\searchplugins\path-of-exile-wiki-en.xml [2015-07-11]
FF SearchPlugin: C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\searchplugins\youtube-video-search.xml [2015-01-20]
FF Extension: Avira Browser Safety - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\abs@avira.com [2015-10-24] [not signed]
FF Extension: CyberSearch - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\cybersearch@cybernetnews.com [2015-05-29]
FF Extension: FoxyProxy Standard - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: Woordenboek Nederlands - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2015-05-12] [not signed]
FF Extension: FT DeepDark - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-09-15]
FF Extension: Block site - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-08-27]
FF Extension: Metal Lion Australis Theme - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{F2C70981-7CDC-4c46-ACF3-41F18693E79E} [2015-10-06]
FF Extension: Right Inbox for Gmail - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\firefox@rightinbox.com.xpi [2015-09-03]
FF Extension: BetterTTV - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\jid0-OeCFXKAPh2tC0bN3Li9ajRAZx6c@jetpack.xpi [2014-08-28] [not signed]
FF Extension: Privacy Badger - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\jid1-MnnxcxisBPnSXQ-eff@jetpack.xpi [2015-10-20]
FF Extension: ProxMate - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2015-05-29]
FF Extension: mx4 - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\mx4@dkgo.com.xpi [2015-08-28]
FF Extension: NoSquint - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\nosquint@urandom.ca.xpi [2015-05-29]
FF Extension: Scrollbar Search Highlighter - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\scrollbar.search.highlighter@rob.iverson.com.xpi [2015-05-29]
FF Extension: Social Fixer - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\socialfixer@mattkruse.com.xpi [2014-12-13] [not signed]
FF Extension: Test Pilot - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\testpilot@labs.mozilla.com.xpi [2015-04-25]
FF Extension: Facebook Phishing Protector - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2015-04-25]
FF Extension: FlashGot - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-04-25]
FF Extension: ProxTube - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2015-04-08] [not signed]
FF Extension: uBlock - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-11-01]
FF Extension: Stylish - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-05-29]
FF Extension: YouTube High Definition - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-10-26]
FF Extension: ReloadEvery - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-05-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2015-05-29]
FF Extension: Tamper Data - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-05-29]
FF Extension: Modify Headers - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2015-05-29]
FF Extension: RightToClick - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-05-29]
FF Extension: Adblock Plus - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF Extension: Download Statusbar - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2015-05-29]
FF Extension: Greasemonkey - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-10-25]
FF Extension: User Agent Switcher - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found

Chrome:
=======
CHR Profile: C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-23]
CHR Extension: (Google Search) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-07-13]
CHR Extension: (Dark Vibe) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2015-07-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-10-31]
CHR Extension: (CrowdFlower) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\moncgiclmgkdhmkagcincfkkikpaggcd [2015-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-06-22] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-13] (ASUSTeK Computer Inc.) [File not signed]
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437880 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-08-19] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [839288 2015-08-19] (BlueStack Systems, Inc.)
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-05-19] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-05-19] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-07] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
R2 Seagate Dashboard Services; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-10-31] (VMware, Inc.) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13234176 2012-11-01] () [File not signed]
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; D:\EEK\bin\a2ddax64.sys [26176 2015-03-11] (Emsisoft GmbH)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [146040 2015-08-19] (BlueStack Systems)
S3 cleanhlp; D:\EEK\bin\cleanhlp64.sys [57024 2015-03-11] (Emsisoft GmbH)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-29] (Disc Soft Ltd)
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28640 2015-04-13] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [38368 2015-04-13] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
S3 SnakeEyes; C:\Windows\system32\drivers\SnakeEyes.sys [25600 2012-09-05] ( ) [File not signed]
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WinRing0_1_2_0; D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-03 15:16 - 2015-11-03 15:16 - 00000000 ____D C:\FRST
2015-11-03 15:08 - 2015-11-03 15:09 - 00000000 ____D C:\rsit
2015-11-03 15:08 - 2015-11-03 15:08 - 00000000 ____D C:\Program Files (x86)\trend micro
2015-11-03 14:55 - 2015-11-03 14:55 - 00016148 _____ C:\WINDOWS\system32\MARTYBOY_Martijn_HistoryPrediction.bin
2015-11-02 13:38 - 2015-10-28 00:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-02 13:38 - 2015-10-28 00:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-02 13:38 - 2015-10-21 13:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-02 13:38 - 2015-10-21 06:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-02 13:37 - 2015-10-21 13:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-02 13:37 - 2015-10-21 13:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-02 13:37 - 2015-10-21 13:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-02 13:37 - 2015-10-21 13:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-02 13:37 - 2015-10-21 13:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-02 13:37 - 2015-10-21 12:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-02 13:37 - 2015-10-21 12:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-02 13:37 - 2015-10-21 12:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-02 13:37 - 2015-10-21 12:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-02 13:37 - 2015-10-21 12:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-02 13:37 - 2015-10-21 12:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-02 13:37 - 2015-10-21 12:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-02 13:37 - 2015-10-21 12:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-02 13:37 - 2015-10-21 12:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-02 13:37 - 2015-10-21 12:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-02 13:37 - 2015-10-21 12:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-02 13:37 - 2015-10-21 12:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-02 13:37 - 2015-10-21 12:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-02 13:37 - 2015-10-21 12:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-02 13:37 - 2015-10-21 12:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-02 13:37 - 2015-10-21 06:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-02 13:37 - 2015-10-21 06:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-02 13:37 - 2015-10-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-02 13:37 - 2015-10-21 06:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-02 13:37 - 2015-10-21 06:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-02 13:37 - 2015-10-21 06:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-02 13:37 - 2015-10-21 06:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-02 13:37 - 2015-10-21 05:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-02 13:37 - 2015-10-21 05:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-01 14:48 - 2015-11-01 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-11-01 03:19 - 2015-11-01 03:27 - 00000000 ____D C:\Users\Martijn\AppData\Local\UNDERTALE
2015-10-30 17:35 - 2015-11-02 20:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-30 17:35 - 2015-10-30 17:35 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-30 17:35 - 2015-10-30 17:35 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-26 19:46 - 2015-10-26 19:46 - 00000000 ____D C:\Users\Martijn\Documents\Shadowrun Hong Kong
2015-10-26 19:17 - 2015-10-26 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shadowrun - Hong Kong [GOG.com]
2015-10-26 13:39 - 2015-10-26 13:39 - 00000000 ____D C:\Users\Martijn\Documents\AbbeyCore
2015-10-26 01:15 - 2015-11-03 15:01 - 00005212 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Martyboy-Martijn Martyboy
2015-10-26 01:10 - 2015-10-26 12:54 - 00000000 ____D C:\Users\Martijn\Documents\Renowned Explorers International Society
2015-10-22 00:36 - 2015-10-23 04:33 - 00000000 ____D C:\Users\Martijn\Documents\Banished
2015-10-21 23:47 - 2015-10-21 23:47 - 00000000 ____D C:\Users\Martijn\AppData\LocalLow\Temp
2015-10-21 20:57 - 2015-10-21 20:57 - 00000952 _____ C:\Users\Public\Desktop\Banished.lnk
2015-10-21 20:57 - 2015-10-21 20:57 - 00000952 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banished.lnk
2015-10-20 20:08 - 2015-10-20 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebel Galaxy [GOG.com]
2015-10-20 16:20 - 2015-10-20 16:20 - 00001433 _____ C:\Users\Martijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tales of Zestiria.lnk
2015-10-20 16:20 - 2015-10-20 16:20 - 00000988 _____ C:\Users\Martijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mgsvtpp.lnk
2015-10-15 15:13 - 2015-10-15 15:13 - 00000000 ____D C:\Users\Martijn\AppData\Roaming\sp6_log
2015-10-15 14:30 - 2015-10-15 14:30 - 00000756 _____ C:\WINDOWS\LkmdfCoInst.log
2015-10-14 16:17 - 2015-10-17 14:12 - 00000000 ____D C:\Users\Martijn\Documents\Heroes of the Storm
2015-10-14 15:56 - 2015-10-14 15:56 - 00000909 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-10-14 15:56 - 2015-10-14 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-10-14 14:03 - 2015-10-10 08:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 14:03 - 2015-10-06 04:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 14:03 - 2015-10-06 03:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 14:03 - 2015-10-01 05:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 14:03 - 2015-10-01 05:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 14:03 - 2015-10-01 05:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 14:03 - 2015-10-01 05:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 14:03 - 2015-10-01 05:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 14:03 - 2015-10-01 04:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 14:03 - 2015-09-25 05:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 14:03 - 2015-09-25 05:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 14:03 - 2015-09-25 04:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 14:03 - 2015-09-25 04:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 14:03 - 2015-09-25 04:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 14:03 - 2015-09-25 04:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 14:03 - 2015-09-25 04:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 14:03 - 2015-09-25 04:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 14:03 - 2015-09-25 04:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 14:03 - 2015-09-25 04:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 14:03 - 2015-09-25 04:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 14:03 - 2015-09-25 04:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 14:03 - 2015-09-25 04:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 14:03 - 2015-09-25 04:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 14:03 - 2015-09-25 04:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 14:03 - 2015-09-25 04:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-14 14:03 - 2015-09-25 04:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 14:03 - 2015-09-25 04:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 14:03 - 2015-09-25 04:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-14 14:03 - 2015-09-25 04:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 14:03 - 2015-09-25 04:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-14 14:03 - 2015-09-25 04:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 14:03 - 2015-09-25 04:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 14:03 - 2015-09-25 03:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 14:03 - 2015-09-25 03:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 14:03 - 2015-09-25 03:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 14:03 - 2015-09-25 03:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 14:03 - 2015-09-25 03:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 14:03 - 2015-09-25 03:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 14:03 - 2015-09-25 03:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 14:03 - 2015-09-25 03:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-14 14:03 - 2015-09-25 03:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 14:03 - 2015-09-25 03:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 14:03 - 2015-09-25 03:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 14:03 - 2015-09-25 03:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 14:03 - 2015-09-25 03:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 14:03 - 2015-09-25 03:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 14:03 - 2015-09-25 03:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-12 17:10 - 2015-10-12 17:10 - 00000000 ____D C:\Users\Martijn\Documents\Almost Human
2015-10-12 11:56 - 2015-10-12 13:57 - 00000000 ____D C:\Users\Martijn\Documents\Xenonauts
2015-10-08 02:33 - 2015-10-08 02:33 - 00000000 ____D C:\Users\Martijn\AppData\Roaming\com.freakinware.mitosis
2015-10-07 14:54 - 2015-10-07 14:54 - 00000000 ____D C:\Users\Martijn\AppData\Local\AMD
2015-10-07 13:38 - 2015-10-07 13:38 - 00000000 ____D C:\ProgramData\ATI
2015-10-07 12:12 - 2015-10-07 12:12 - 00061917 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510071312181129.log
2015-10-07 12:12 - 2015-10-07 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-10-07 12:11 - 2015-10-07 12:11 - 00061155 _____ C:\WINDOWS\SysWOW64\CCCInstall_201510071311558121.log
2015-10-07 12:10 - 2015-10-07 12:10 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 30776304 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2015-10-07 12:10 - 2015-10-07 12:10 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2015-10-07 12:10 - 2015-10-07 12:10 - 01223552 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00833800 _____ C:\WINDOWS\system32\amdicdxx.dat
2015-10-07 12:10 - 2015-10-07 12:10 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 00662392 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2015-10-07 12:10 - 2015-10-07 12:10 - 00662392 _____ C:\WINDOWS\system32\atiapfxx.blb
2015-10-07 12:10 - 2015-10-07 12:10 - 00631280 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
2015-10-07 12:10 - 2015-10-07 12:10 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
2015-10-07 12:10 - 2015-10-07 12:10 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 00151936 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00138384 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00117608 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00112368 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00110320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2015-10-07 12:10 - 2015-10-07 12:10 - 00097776 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00089584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00081168 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-10-07 12:10 - 2015-10-07 12:10 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00047664 _____ C:\WINDOWS\system32\kapp_ci.sbin
2015-10-07 12:10 - 2015-10-07 12:10 - 00043536 _____ C:\WINDOWS\system32\kapp_si.sbin
2015-10-07 12:10 - 2015-10-07 12:10 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-10-07 12:10 - 2015-10-07 12:10 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-10-07 00:28 - 2015-10-07 00:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOMA [GOG.com]
2015-10-06 22:47 - 2015-10-06 22:48 - 00000000 ____D C:\Users\Martijn\AppData\Roaming\NationRed

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-03 15:17 - 2015-04-18 14:48 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001UA.job
2015-11-03 15:15 - 2014-06-29 02:31 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-03 15:01 - 2015-07-30 04:23 - 00857266 _____ C:\WINDOWS\system32\perfh013.dat
2015-11-03 15:01 - 2015-07-30 04:23 - 00177630 _____ C:\WINDOWS\system32\perfc013.dat
2015-11-03 15:01 - 2015-07-29 18:37 - 01959566 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-03 14:55 - 2015-07-10 13:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-03 14:55 - 2015-03-28 16:07 - 00000000 ____D C:\Users\Martijn\AppData\Local\Pushbullet
2015-11-03 14:55 - 2015-01-28 16:17 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-03 14:55 - 2014-06-29 02:31 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-03 14:54 - 2015-07-29 18:29 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-03 14:54 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-03 14:54 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-03 14:45 - 2015-07-29 18:30 - 00000000 ____D C:\Users\Martijn
2015-11-03 14:43 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-03 14:38 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-03 14:37 - 2015-07-29 18:27 - 00035186 _____ C:\WINDOWS\PFRO.log
2015-11-03 14:37 - 2015-04-18 14:48 - 00001040 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001Core.job
2015-11-03 04:22 - 2015-04-07 20:00 - 00000000 ____D C:\Users\Martijn\AppData\Roaming\qBittorrent
2015-11-03 03:40 - 2014-06-29 21:38 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-03 03:37 - 2014-06-28 20:37 - 00211968 _____ C:\Users\Martijn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-03 02:09 - 2014-06-28 19:38 - 00000000 ____D C:\Users\Martijn\AppData\Local\Last.fm
2015-11-03 01:25 - 2015-08-30 02:57 - 00000000 ____D C:\Program Files (x86)\Dishonored
2015-11-02 20:44 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-02 13:23 - 2015-03-04 14:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-01 17:22 - 2014-08-27 11:53 - 00000000 ____D C:\Users\Martijn\AppData\Local\Battle.net
2015-10-30 20:49 - 2014-08-18 15:13 - 00000000 ____D C:\Users\Martijn\AppData\Local\Adobe
2015-10-30 17:40 - 2015-08-30 15:20 - 00000000 ____D C:\Users\Martijn\Documents\Visual Studio 2015
2015-10-30 17:35 - 2014-12-25 13:08 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 17:35 - 2014-07-21 20:22 - 00000000 ____D C:\ProgramData\Adobe
2015-10-28 14:12 - 2014-06-29 08:38 - 00000000 ____D C:\Users\Martijn\AppData\Local\Packages
2015-10-27 20:40 - 2014-06-30 20:38 - 00000000 ____D C:\Users\Martijn\Documents\Larian Studios
2015-10-27 19:21 - 2014-06-30 19:51 - 00000000 ____D C:\Users\Martijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-10-26 19:46 - 2014-07-07 21:03 - 00000000 ____D C:\Users\Martijn\AppData\LocalLow\Harebrained Schemes
2015-10-26 19:44 - 2014-07-07 20:57 - 00000000 ____D C:\Users\Martijn\AppData\Local\Harebrained Schemes
2015-10-26 01:03 - 2014-06-11 13:39 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-10-26 00:57 - 2015-03-04 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-26 00:57 - 2015-03-04 14:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-26 00:53 - 2015-07-29 18:29 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-26 00:53 - 2015-02-07 19:03 - 00148803 _____ C:\WINDOWS\DirectX.log
2015-10-21 19:57 - 2015-08-29 02:45 - 00000000 ____D C:\Users\Martijn\.oracle_jre_usage
2015-10-21 19:57 - 2014-11-25 18:48 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 19:57 - 2014-11-25 18:47 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-10-21 19:57 - 2014-11-25 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 19:57 - 2014-11-25 18:47 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-20 22:28 - 2014-06-28 22:53 - 00000000 ____D C:\Users\Martijn\Documents\My Games
2015-10-16 13:46 - 2014-06-29 20:52 - 00000000 ____D C:\Games
2015-10-16 11:59 - 2015-07-10 13:23 - 00033067 _____ C:\WINDOWS\setupact.log
2015-10-16 04:10 - 2015-10-02 11:46 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 04:10 - 2015-10-02 11:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 15:13 - 2015-04-01 19:48 - 00018095 _____ C:\WINDOWS\LDPINST.LOG
2015-10-15 15:13 - 2014-06-28 18:41 - 00000000 ____D C:\ProgramData\Logishrd
2015-10-15 14:30 - 2014-06-28 18:41 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-10-15 12:32 - 2015-09-13 11:23 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-15 12:32 - 2014-06-29 08:35 - 00162859 ____N C:\WINDOWS\Minidump\101515-6828-01.dmp
2015-10-14 16:17 - 2014-08-27 11:53 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-10-14 15:58 - 2014-06-29 16:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 15:54 - 2014-06-29 16:37 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-08 04:58 - 2015-04-04 01:41 - 00000000 ____D C:\Program Files\Waterfox
2015-10-07 15:00 - 2015-08-19 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turbine
2015-10-07 12:12 - 2015-07-29 18:29 - 00000000 ____D C:\Program Files\ATI Technologies
2015-10-07 12:12 - 2015-07-29 18:29 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-10-07 12:11 - 2014-06-29 09:01 - 00000000 ____D C:\AMD
2015-10-07 12:10 - 2015-07-16 01:12 - 00162240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-10-07 12:10 - 2015-07-16 01:11 - 12088008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-10-07 12:10 - 2015-07-16 01:11 - 08982440 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-10-07 12:10 - 2015-07-16 01:11 - 08864928 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-10-07 12:10 - 2015-07-16 01:11 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-10-07 12:10 - 2015-07-16 01:11 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-10-07 12:10 - 2015-07-16 01:11 - 00130072 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-10-07 12:10 - 2015-07-16 01:06 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-10-07 12:10 - 2015-07-16 01:00 - 39721456 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-10-07 12:10 - 2015-07-16 00:59 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-10-07 12:10 - 2015-07-16 00:57 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-10-07 12:10 - 2015-07-16 00:17 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-10-07 12:10 - 2015-07-16 00:17 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-10-07 12:10 - 2015-07-16 00:17 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-10-07 12:10 - 2015-07-16 00:13 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-10-07 12:10 - 2015-07-16 00:13 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-10-07 12:10 - 2015-07-16 00:13 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-10-07 12:10 - 2015-07-16 00:13 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-10-07 12:10 - 2015-07-16 00:12 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-10-05 09:50 - 2015-03-04 14:40 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-05 09:50 - 2015-03-04 14:40 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-05 09:50 - 2015-03-04 14:40 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-04 23:35 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\rescache

==================== Files in the root of some directories =======

2014-06-28 20:37 - 2015-11-03 03:37 - 0211968 _____ () C:\Users\Martijn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-12 18:51 - 2015-06-12 18:51 - 0000000 ___SH () C:\Users\Martijn\AppData\Local\LumaEmu
2015-07-29 18:29 - 2015-07-29 18:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Martijn\AppData\Local\Temp\dotNetFx40_Full_setup.exe
C:\Users\Martijn\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Martijn\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Martijn\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Martijn\AppData\Local\Temp\pushbullet_watchdog.exe
C:\Users\Martijn\AppData\Local\Temp\Skin.dll
C:\Users\Martijn\AppData\Local\Temp\tmp811.exe
C:\Users\Martijn\AppData\Local\Temp\tmpBE2F.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-02 20:43

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Martijn (2015-11-03 15:17:04)
Running from I:\Programs
Windows 10 Pro N (X64) (2015-07-29 17:43:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1789035615-2181655339-79741492-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1789035615-2181655339-79741492-503 - Limited - Disabled)
Guest (S-1-5-21-1789035615-2181655339-79741492-501 - Limited - Disabled)
Martijn (S-1-5-21-1789035615-2181655339-79741492-1001 - Administrator - Enabled) => C:\Users\Martijn

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\uTorrent) (Version: 3.4.3.40019 - BitTorrent Inc.)
ACP Application (Version: 2.14.30.0001 - Advanced Micro Devices, Inc.) Hidden
ACP Application (Version: 2.15.30.0019 - Advanced Micro Devices, Inc.) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.56 - ASUSTeK Computer Inc.)
Akamai NetSession Interface (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Akamai) (Version: - Akamai Technologies, Inc)
Alexa Toolbar (HKLM\...\Alexa Toolbar) (Version: 11.0.2013.1018 - Alexa.com)
Amazon Kindle (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{529C5283-F484-94CA-8D10-3A69FD0776D3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anno 1404 - Dawn of Discovery version 1.3 (HKLM-x32\...\{1520E069-19A9-4B01-BA5D-87B67D56F55D}_is1) (Version: 1.3 - )
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3 - Microsoft Corporation) Hidden
Aqua Kitty - Milk Mine Defender (HKLM-x32\...\Steam App 263880) (Version: - Dugan)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version: - Trion Worlds, Inc.)
Astebreed version 1.0 (HKLM-x32\...\{E3848ADA-B107-47E2-816C-C84A51E333CF}_is1) (Version: 1.0 - Edelweiss)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
aWARemote Server 3.0.3 (HKLM-x32\...\aWARemote Server) (Version: 3.0.3 - GeB Development)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version: - Threaks)
Bing HRS Toolbar (HKLM-x32\...\{34BF9365-A446-46F1-8ABE-3C92D3388079}) (Version: 3.20.0.0 - Microsoft Corporation)
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
BloodRealm: Battlegrounds (HKLM-x32\...\Steam App 311700) (Version: - Redpoint Labs)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{473E82D7-79E2-43DF-8FA0-025407C93191}) (Version: 0.10.0.4321 - BlueStack Systems, Inc.)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
BOSS Userlist Manager (HKLM-x32\...\{F0AB569C-99EF-4F4D-992D-2206E354C903}) (Version: 6.7.2 - Surazal)
calibre 64bit (HKLM\...\{2E2F6591-1465-4C64-8F50-E75F4AAB0ED8}) (Version: 2.27.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version: - 773)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
Clicker Heroes (HKLM-x32\...\Steam App 363970) (Version: - Playsaurus)
ClipSync Server (HKLM-x32\...\{2E4AB750-27D1-4D7E-BD37-BC69FD8D341E}) (Version: 1.0.0 - BDWM)
Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version: - SEGA)
Crimsonland (HKLM-x32\...\Steam App 262830) (Version: - 10tons Ltd)
Curse Client (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DEFCON (HKLM-x32\...\Steam App 1520) (Version: - Introversion Software)
Defender's Quest: Valley of the Forgotten (HKLM-x32\...\Steam App 218410) (Version: - Level Up Labs, LLC)
Defense Grid 2 ver. 1.0.1887.1506 (HKLM-x32\...\{38373635-34KL-33XC-32DF0-91DD6F2186AC}_is1) (Version: 1.0.1887.1506 - Reverb Publishing)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Divinity: Original Sin Enhanced Edition (HKLM-x32\...\Steam App 373420) (Version: - Larian Studios)
Dotfuscator and Analytics Community Edition 5.18.1 (x32 Version: 5.18.1.2898 - PreEmptive Solutions) Hidden
Dungeons of Dredmor (HKLM-x32\...\Steam App 98800) (Version: - Gaslamp Games, Inc.)
Emperor - RotMK Bonus Campaign (HKLM-x32\...\{8F1A3107-FE6E-4FFA-B973-73BE1932FCEF}) (Version: - )
Emperor: Rise of the Middle Kingdom 1.0.1.0 (HKLM-x32\...\{821DABD6-26F2-49E5-AE55-40A589ADBE6D}) (Version: - )
Entity Framework 6.1.3 Tools for Visual Studio 2015 (HKLM-x32\...\{1A8A9739-BAD7-491F-B5B9-A79A2B965422}) (Version: 14.0.40302.0 - Microsoft Corporation)
Factorio version 0.12.0 (HKLM\...\Factorio_is1) (Version: - )
Fallen Enchantress: Legendary Heroes (HKLM-x32\...\Steam App 228260) (Version: - Stardock Entertainment)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Fallout New Vegas DLCs (HKLM-x32\...\{1B8CE8F2-4D3C-4014-B63F-034E0A638717}}_is1) (Version: - Bethesda Softworks)
ffdshow v1.3.4533 [2014-09-29] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4533.0 - )
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Func MS-3 Settings software (HKLM-x32\...\{1A3E3EA7-5A7C-4292-8A13-B0DE1BF49E13}_ms3) (Version: - )
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
Gods Will Be Watching (HKLM-x32\...\1207664883_is1) (Version: 2.0.0.1 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Grim Dawn (HKLM-x32\...\Steam App 219990) (Version: - Crate Entertainment)
Guacamelee! Super Turbo Championship Edition (HKLM-x32\...\1207665733_is1) (Version: 2.0.0.1 - GOG.com)
Gunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version: - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 41.003.55.00.06 - Huawei Technologies Co.,Ltd)
Homeworld Remastered Collection (HKLM-x32\...\SG9tZXdvcmxkUmVtYXN0ZXJlZENvbGxlY3Rpb24=_is1) (Version: 1 - )
I am Bread (HKLM-x32\...\I am Bread_is1) (Version: - )
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Influent (HKLM-x32\...\Steam App 274980) (Version: - Rob Howland)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Invisible, Inc. (HKLM-x32\...\Invisible, Inc._is1) (Version: - )
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
KAMI (HKLM-x32\...\Steam App 272040) (Version: - State of Play Games)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version: - Last.fm)
LAV Filters 0.65 (HKLM-x32\...\lavfilters_is1) (Version: 0.65 - Hendrik Leppkes)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Legend of Grimrock (HKLM-x32\...\Steam App 207170) (Version: - Almost Human Games)
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
LOOT (HKLM-x32\...\LOOT) (Version: 0.7.0 - LOOT Development Team)
LYNE (HKLM-x32\...\Steam App 266010) (Version: - Thomas Bowker)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Metro 2033 Redux v.1.0.7.u1 (HKLM-x32\...\Metro 2033 Redux_is1) (Version: - )
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{3D3CEBE6-40EA-4C48-97FD-73828281AB4A}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Nederlands (HKLM\...\{90150000-001F-0413-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.50616.0) (HKLM-x32\...\{58246C80-3941-4B69-AE31-264644E2ADB8}) (Version: 14.0.50616.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{68BA34E8-9B9D-4A74-83F0-7D366B532D75}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 (HKLM-x32\...\{50b32652-69d2-4b93-9316-edcd12067b8b}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{ED4CC1E5-043E-4157-8452-B5E533FE2BA1}) (Version: 3.1238.1955 - Microsoft Corporation)
Microsoft Xbox One Controller for Windows (HKLM\...\{DC2CB48C-FD96-48EB-A36A-7D995BB587EB}) (Version: 1.0.2 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mitos.is: The Game (HKLM-x32\...\Steam App 389570) (Version: - Freakinware Studios)
Monaco What's Yours Is Mine 1.01 (HKLM-x32\...\Monaco What's Yours Is Mine_is1) (Version: - )
Movie Collector (HKLM-x32\...\{8EC6EBB4-D899-4C6B-BA17-C21B78988F23}_is1) (Version: - Collectorz.com)
Mozilla Firefox 38.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0 (x86 en-US)) (Version: 38.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mp3tag v2.71 (HKLM-x32\...\Mp3tag) (Version: v2.71 - Florian Heidenreich)
MT SpeedTest (HKLM-x32\...\MT SpeedTest_is1) (Version: - )
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Music Manager (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\MusicManager) (Version: - Google, Inc.)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.54.10 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenTTD Manager 1.0.5 (HKLM-x32\...\{185BB21A-C992-42B7-A353-9A38A53610C9}_is1) (Version: - Andrés Zsögön)
OpenVPN 2.3.6-I603 (HKLM\...\OpenVPN) (Version: 2.3.6-I603 - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.11.2806 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PakkISO 0.4 (HKLM-x32\...\PakkISO_is1) (Version: PakkISO 0.4 by zorted, installer by BitLooter - )
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.01.00.0002 - Panda Security)
Panda Free Antivirus (Version: 7.82.00.0000 - Panda Security) Hidden
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
Pinball Arcade (HKLM-x32\...\Steam App 238260) (Version: - FarSight Studios)
Pinball FX2 (HKLM-x32\...\Steam App 226980) (Version: - Zen Studios)
Pix the Cat (HKLM-x32\...\Steam App 330180) (Version: - Pastagames)
Pixel Piracy (HKLM-x32\...\Steam App 264140) (Version: - Vitali Kirpu)
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PlanetSide 2 (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\SOE-PlanetSide 2) (Version: - Sony Online Entertainment)
Popcorn Time (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Popcorn Time) (Version: - Popcorn Official)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)
Project Zomboid (HKLM-x32\...\Steam App 108600) (Version: - The Indie Stone)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.994 - Even Balance, Inc.)
Pushbullet version 312 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 312 - Pushbullet Inc)
Python 2.7 comtypes-0.6.2 (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\comtypes-py2.7) (Version: - )
Python 2.7 pywin32-219 (HKLM-x32\...\pywin32-py2.7) (Version: - )
Python 2.7.7 (HKLM-x32\...\{049CA433-77A0-4e48-AC76-180A282C4E10}) (Version: 2.7.7150 - Python Software Foundation)
qBittorrent 3.2.5 (HKLM-x32\...\qBittorrent) (Version: 3.2.5 - The qBittorrent project)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Rebel Galaxy (HKLM-x32\...\1435582019_is1) (Version: 2.0.0.1 - GOG.com)
ReClock (HKLM-x32\...\ReClock) (Version: - SlySoft, Inc.)
Ring Runner: Flight of the Sages (HKLM-x32\...\Steam App 258010) (Version: - Triple.B.Titles)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.1 - Rockstar Games)
Rogue Legacy (HKLM-x32\...\GOGPACKROGUELEGACY_is1) (Version: 2.2.0.10 - GOG.com)
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version: - )
RollerCoaster Tycoon 2: Time Twister (HKLM-x32\...\{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}) (Version: 1.00.000 - )
RollerCoaster Tycoon 2: Wacky Worlds (HKLM-x32\...\{B1AD83A0-DC92-41E3-B111-E9472349768C}) (Version: - )
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\RollerCoaster Tycoon 3 Platinum_is1) (Version: - GOG.com)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Scrolls (HKLM-x32\...\{3041BF15-4F22-4F26-8C2A-A31E55E79DBB}) (Version: 1.0.1.0 - Mojang)
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)
SEGA Bass Fishing (HKLM-x32\...\Steam App 71240) (Version: - SEGA)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Settlers 2 GOLD (HKLM-x32\...\Settlers 2 GOLD_is1) (Version: - GOG.com)
Shadowrun - Hong Kong (HKLM-x32\...\1436866438_is1) (Version: 2.0.0.1 - GOG.com)
Shadowrun: Dragonfall - Director's Cut (HKLM-x32\...\Steam App 300550) (Version: - Harebrained Schemes)
Shovel Knight (HKLM-x32\...\1207664823_is1) (Version: 2.3.0.9 - GOG.com)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 7.1 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
SmoothVideo Project version 3.1.7 (HKLM-x32\...\SmoothVideo Project_is1) (Version: 3.1.7 - SVP)
SolForge (HKLM-x32\...\Steam App 232450) (Version: - Stone Blade Entertainment)
SOMA (HKLM-x32\...\1439487606_is1) (Version: 2.0.0.1 - GOG.com)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Sonic Adventure DX (HKLM-x32\...\Steam App 71250) (Version: - SEGA)
Sonic Generations (HKLM-x32\...\Steam App 71340) (Version: - Devil's Details)
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version: - )
Space Run v1.11e (2014) (HKLM-x32\...\Space Run v1.11e (2014)1.11e) (Version: 1.11e - Friends in War)
Star Realms version 1.13 (HKLM-x32\...\{F4DEB22F-AC61-4111-89B2-CF434A2BABFB}_is1) (Version: 1.13 - White Wizard Games)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
SteamWorld Dig (HKLM-x32\...\Steam App 252410) (Version: - Image&amp;Form)
Sunless Sea (HKLM-x32\...\1421064427_is1) (Version: 2.4.0.5 - GOG.com)
Super Sanctum TD (HKLM-x32\...\Steam App 235250) (Version: - Coffee Stain Studios)
Super Splatters (HKLM-x32\...\Steam App 95000) (Version: - SpikySnail)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Shock 2 (HKLM-x32\...\GOGPACKSSHOCK2_is1) (Version: 2.1.0.19 - GOG.com)
Tales of Maj'Eyal (HKLM-x32\...\Steam App 259680) (Version: - DarkGod)
Talisman: Digital Edition (HKLM-x32\...\Steam App 247000) (Version: - Nomad Games Limited)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.23102 - Microsoft Corporation) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Darkness II (HKLM-x32\...\Steam App 67370) (Version: - Digital Extremes)
The Last Federation (HKLM-x32\...\Steam App 273070) (Version: - Arcen Games, LLC)
Theme Hospital (HKLM-x32\...\{5118A4C2-C8A4-4CE5-AC37-F3E51C25402F}) (Version: 3.0.0.2 - Electronic Arts)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Transistor ver. 1.26281 (HKLM-x32\...\{50000005-10AE-00BA-96F5-98TG6F0006KU}_is1) (Version: 1.26281 - Larian Studios)
Trials Fusion (HKLM-x32\...\Trials Fusion_is1) (Version: - )
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version: - Tunngle.net GmbH)
TypeScript Power Tool (x32 Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.5.4.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.5.4.0 (HKLM-x32\...\{4cde0c8c-47b3-448f-babf-fe5d392432a6}) (Version: 1.5.23128.0 - Microsoft Corporation)
Unepic (HKLM-x32\...\Steam App 233980) (Version: - Francisco Téllez de Meneses)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3054946) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5280698D-EE40-4A94-9E69-ED2E2B1E12A2}) (Version: - Microsoft)
Uplay (HKLM-x32\...\Uplay) (Version: 4.6 - Ubisoft)
Valkyria Chronicles (HKLM-x32\...\Valkyria Chronicles_is1) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.1 - VMware, Inc)
VMware Workstation (Version: 9.0.1 - VMware, Inc.) Hidden
Wallpaper Downloader 2.7 (HKLM-x32\...\{6452D097-5646-4039-93B6-183B54E208C0}_is1) (Version: - WallpaperDownloader.com)
Warframe (HKLM-x32\...\Steam App 230410) (Version: - Digital Extremes)
Waterfox 40.0.2 (x64 en-US) (HKLM\...\Waterfox 40.0.2 (x64 en-US)) (Version: 40.0.2 - Mozilla)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.581 - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 8 Portable Device Enabling Kit for MTP - Tools, Version 8 (HKLM-x32\...\{F04FB07B-0C96-48F8-95BB-FF8CAD522D2F}) (Version: 1 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY)
wxPython 2.8.12.1 (unicode) for Python 2.7 (HKLM-x32\...\wxPython2.8-unicode-py27_is1) (Version: 2.8.12.1-unicode - Total Control Software)
Xenonauts (HKLM-x32\...\Steam App 223830) (Version: - Goldhawk Interactive)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

19-10-2015 18:31:33 Scheduled Checkpoint
20-10-2015 20:08:36 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
25-10-2015 16:19:46 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
27-10-2015 20:40:27 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
02-11-2015 20:43:40 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0231EEB5-03F6-496A-A7B0-62BAA224020B} - \GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001Core -> No File <==== ATTENTION
Task: {0B9DF9D5-8355-40DE-B9E5-3724AE664A7D} - \{F29DCFD4-FBF6-444E-9043-4D7B23D78CA3} -> No File <==== ATTENTION
Task: {0EB178F2-DFA8-45CA-B222-10AB17FC87CC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {14064B29-8B8A-4ED2-BF3D-9BA649A74ACF} - \{D39A295A-9389-4AA1-8A7B-C60FF3B68417} -> No File <==== ATTENTION
Task: {24094629-62D3-4AFB-91F8-F12FB7468625} - \Optimize Start Menu Cache Files-S-1-5-21-1789035615-2181655339-79741492-1001 -> No File <==== ATTENTION
Task: {2795C328-8AF4-4994-92A5-F564780672D1} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {2F1861CF-48C0-4A09-B758-FA93B50BF92F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {337E2D87-6932-4269-8554-0ECF677BC2C9} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {38C3D831-2816-41FD-B7C0-0C586F18DC96} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3AE39065-C8FC-4778-82C2-1A58538A9ABC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {46E02ACC-E6D2-49C8-A7D0-AEC9C946B548} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-14] (Microsoft Corporation)
Task: {4AC94C67-8C7C-433F-90B3-7A184260C177} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-08-13] ()
Task: {4E6A8B59-2E7B-4B12-A1CC-8589D1EC2CA9} - \{E7B7984B-652F-4F95-9A90-2ED83F0369D8} -> No File <==== ATTENTION
Task: {4EF33713-3CAF-4187-961D-736DBB0ED235} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-07-24] ()
Task: {524D9731-C50D-4800-ADD5-84EFE3CADF5F} - \Game_Booster_AutoUpdate -> No File <==== ATTENTION
Task: {617C5004-3F4E-48E9-8F1C-122E5E2BF125} - \Microsoft\Windows\Setup\gwx\runappraiser -> No File <==== ATTENTION
Task: {75843C60-6512-4076-B27D-B6A973BA9021} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {793A8603-2153-4610-A202-902BD178716C} - \{616D57D5-CE06-47BC-9699-6BE2CD94BC58} -> No File <==== ATTENTION
Task: {9361D974-C0B8-43F3-8A33-9C6FCA23A4DD} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-08-07] (ASUSTeK Computer Inc.)
Task: {A6ACB70B-EFC1-4594-A110-E359623C09BE} - \{3D6622C0-7A0E-45CE-9305-AC7525EB69B1} -> No File <==== ATTENTION
Task: {A7978F62-22DB-460B-A474-238DAFEEF408} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Martyboy-Martijn Martyboy => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-04-14] (Microsoft Corporation)
Task: {A8029D45-9494-4E67-A870-173327A7651C} - \Optimize Start Menu Cache Files-S-1-5-21-1789035615-2181655339-79741492-500 -> No File <==== ATTENTION
Task: {B1B3A10F-15D5-4F91-88E0-D42281B2965F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {B9ED3C18-2AFE-4F6C-9898-9713D1D791F3} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {C101EA79-4334-4047-AF99-7DE9237B5856} - \Seagate_Install_Launch -> No File <==== ATTENTION
Task: {CC5B637F-B13B-4256-BC8E-5D6CB3A77355} - \GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001UA -> No File <==== ATTENTION
Task: {E903DBA8-1F16-4407-B013-EEA3A8F11342} - \{F4B28102-3601-413F-AB84-80CAE11D768F} -> No File <==== ATTENTION
Task: {E941DF29-151A-46B4-A0F6-58318BC84109} - \Martijn DBAgent 2 0 -> No File <==== ATTENTION
Task: {E9870E59-861B-4F4E-AF10-3EDB0C6B73AE} - \AutoKMS -> No File <==== ATTENTION
Task: {EB213E30-BD2A-4F15-A402-F94A958D38D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EEC16373-D5B8-4533-9BCE-08DF83A751EC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {F9856C14-4A1E-4799-88AC-79D9AB9BFA04} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {FDDC10BA-36BD-401A-A60C-7341CDE47CBA} - \{7E7528AE-CE89-49FE-9F42-D23728C474C9} -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001Core.job => C:\Users\Martijn\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001UA.job => C:\Users\Martijn\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-30 04:25 - 2015-07-30 04:25 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-29 18:29 - 2013-07-04 11:32 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-08-19 15:09 - 2015-05-19 09:27 - 00138544 _____ () C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
2015-08-19 15:09 - 2015-05-19 09:27 - 00192304 _____ () C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
2014-07-02 13:34 - 2015-02-07 19:03 - 00076152 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2015-10-01 13:42 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-06-29 03:28 - 2013-08-13 19:55 - 01225528 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-06-29 03:28 - 2013-07-24 09:16 - 01425208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2015-10-01 13:42 - 2015-09-17 07:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 13:42 - 2015-09-17 06:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 13:41 - 2015-09-17 06:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 13:41 - 2015-09-17 06:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 13:42 - 2015-09-17 06:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 11:59 - 2015-07-10 13:55 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-08-07 12:42 - 2015-07-06 20:25 - 00973824 _____ () C:\Program Files (x86)\SVP\SVPMgr.exe
2015-08-20 01:00 - 2015-08-20 01:00 - 07922176 _____ () D:\Programs\cpkeeper\CPKeeper.exe
2015-04-11 13:18 - 2014-07-06 00:42 - 00336384 _____ () D:\Program Files (x86)\Func\MS-3\MS-3_Core.exe
2015-04-11 13:18 - 2014-07-06 00:42 - 00303616 _____ () D:\Program Files (x86)\Func\MS-3\MS-3_Tray.exe
2015-10-01 13:42 - 2015-09-17 06:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 11:58 - 2015-07-10 11:58 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-07-29 18:29 - 2015-11-03 14:55 - 00027648 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-07-29 18:29 - 2013-07-04 11:32 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2013-04-12 18:23 - 2013-04-12 18:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2012-11-01 01:34 - 2012-11-01 01:34 - 01260184 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-06-29 03:28 - 2013-08-13 19:55 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-06-29 03:28 - 2013-08-13 19:55 - 00825344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-06-29 03:28 - 2013-08-13 19:55 - 00765952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-06-29 03:28 - 2013-08-13 19:55 - 00776704 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-06-29 03:28 - 2013-07-31 19:05 - 05773588 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-06-29 03:28 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2014-06-29 03:28 - 2013-08-07 18:11 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-06-29 03:28 - 2013-08-13 19:46 - 02745344 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-06-29 03:28 - 2013-08-08 09:44 - 01139200 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-06-29 03:28 - 2013-06-24 14:59 - 01173504 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\Network iControl.dll
2014-06-29 03:27 - 2013-06-04 16:41 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-06-29 03:28 - 2013-08-07 18:11 - 00053248 _____ () C:\Program Files (x86)\ASUS\AI Suite III\cpuutil.dll
2015-04-11 13:18 - 2014-07-06 00:42 - 00061952 _____ () D:\Program Files (x86)\Func\MS-3\HidDevice.dll
2015-04-11 13:18 - 2014-07-06 00:42 - 00249856 _____ () D:\Program Files (x86)\Func\MS-3\language.dll
2014-06-29 08:51 - 2013-09-16 20:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\sony.com -> sony.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1789035615-2181655339-79741492-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Martijn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.2.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\StartupApproved\Run: => "BingWallpaperDownloader"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C8D6189A-D29C-4081-99AD-A70A3579A19D}] => (Allow) D:\SteamLibrary\SteamApps\common\SEGA Bass Fishing\AppLauncher.exe
FirewallRules: [{33FCA1CA-0413-45C4-8A17-27071A1C7D5B}] => (Allow) D:\SteamLibrary\SteamApps\common\SEGA Bass Fishing\AppLauncher.exe
FirewallRules: [{A3D3D0FE-A2C4-4BCA-B004-08B583EFC1A5}] => (Allow) D:\SteamLibrary\SteamApps\common\SuperSplatters\Splatters.exe
FirewallRules: [{4952E61D-93D2-46D1-8A53-49710080CA15}] => (Allow) D:\SteamLibrary\SteamApps\common\SuperSplatters\Splatters.exe
FirewallRules: [{9CA893AD-813B-4C80-90F4-74685E6C3BA1}] => (Allow) D:\SteamLibrary\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{AC8FDEE4-2517-4D79-888A-76783EDE6196}] => (Allow) D:\SteamLibrary\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{8D50A5C2-9693-499B-A798-7D44EE3B900D}] => (Allow) D:\SteamLibrary\SteamApps\common\Pix the Cat\PixTheCat.exe
FirewallRules: [{8F9FB139-BEA0-48A7-A606-54558DB8A83E}] => (Allow) D:\SteamLibrary\SteamApps\common\Pix the Cat\PixTheCat.exe
FirewallRules: [{911863D1-9536-4932-B9C5-F2376B4B9335}] => (Allow) D:\SteamLibrary\SteamApps\common\Aqua Kitty\aqua_kitty.exe
FirewallRules: [{24DB32A6-202C-4328-9865-690AB98AEC46}] => (Allow) D:\SteamLibrary\SteamApps\common\Aqua Kitty\aqua_kitty.exe
FirewallRules: [UDP Query User{C0C23622-8E4E-40A6-B5E5-801DEC8FF9E5}D:\games\super time force ultra\super.time.force.ultra.v1.01-tptb\super time force ultra\stf_win32.exe] => (Block) D:\games\super time force ultra\super.time.force.ultra.v1.01-tptb\super time force ultra\stf_win32.exe
FirewallRules: [TCP Query User{0AE55C6D-B0E3-4B85-A527-3CD4B975C5A7}D:\games\super time force ultra\super.time.force.ultra.v1.01-tptb\super time force ultra\stf_win32.exe] => (Block) D:\games\super time force ultra\super.time.force.ultra.v1.01-tptb\super time force ultra\stf_win32.exe
FirewallRules: [UDP Query User{9379ED73-1394-42FD-934E-2A71CA37B7C5}C:\games\gta v\gta5.exe] => (Block) C:\games\gta v\gta5.exe
FirewallRules: [TCP Query User{79C7A16A-7B90-4207-B2B3-B817CC51E667}C:\games\gta v\gta5.exe] => (Block) C:\games\gta v\gta5.exe
FirewallRules: [UDP Query User{36187E41-6196-46A0-8E45-D716937FCBF8}D:\games\gta v\gta v\gta5.exe] => (Block) D:\games\gta v\gta v\gta5.exe
FirewallRules: [TCP Query User{AAFEB19E-ED74-4CFB-8D0D-24FDFDB5FF9E}D:\games\gta v\gta v\gta5.exe] => (Block) D:\games\gta v\gta v\gta5.exe
FirewallRules: [{1966AD3F-4057-4112-A2C1-2411BE9E7593}] => (Allow) D:\SteamLibrary\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{3A867CF2-1CC9-4FE2-9010-C292739F4F0F}] => (Allow) D:\SteamLibrary\SteamApps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{DA9F0D45-BEB0-4F56-BF89-E47C317DF3D0}] => (Allow) D:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{2C8AB0C9-8106-4020-BAB7-55DF03A46564}] => (Allow) D:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{868818D7-A0BB-4FFB-97FD-8C43CF103250}] => (Allow) D:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{BCC9A25D-F509-411A-A048-177177C237DF}] => (Allow) D:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{DDB6B001-FEBA-40A7-9E10-11E2746C409A}] => (Allow) D:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{0621E6F3-3063-4ED0-954D-417F765FC6DD}] => (Allow) D:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{B33A242A-1DD3-4B85-8CAA-A2200BB7B7C1}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{2BBCE3D3-FA4C-4694-A075-BC9268785D7F}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{115E5626-D07D-4D7F-8C30-8C7ED74C09C1}] => (Allow) D:\SteamLibrary\SteamApps\common\DefendersQuest\DefendersQuest.exe
FirewallRules: [{AC8385A6-ACA3-4397-A7B4-AB720EF0B110}] => (Allow) D:\SteamLibrary\SteamApps\common\DefendersQuest\DefendersQuest.exe
FirewallRules: [{2A0A87D2-31BE-4745-8DE4-980322B1155A}] => (Allow) D:\SteamLibrary\SteamApps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{EAE622A9-12B0-426A-80A1-24AB46E04F56}] => (Allow) D:\SteamLibrary\SteamApps\common\Pixel Piracy\PixelPiracy.exe
FirewallRules: [{60DC7386-8040-4371-9D3E-86BF558854CE}] => (Allow) D:\SteamLibrary\SteamApps\common\Unepic\unepic.exe
FirewallRules: [{9A5E7419-6DEA-420A-81A8-53FACCA6805C}] => (Allow) D:\SteamLibrary\SteamApps\common\Unepic\unepic.exe
FirewallRules: [{57BD524A-61F4-4081-96AA-ABAD45DEEE97}] => (Block) C:\users\martijn\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{BD78E151-1AAE-4F9D-82B5-547490ADD301}] => (Block) C:\users\martijn\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [UDP Query User{F01C17F2-D44F-4FC5-9304-8A10F9081F67}C:\users\martijn\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\martijn\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [TCP Query User{424FE27A-AFC9-4A51-B756-7B145C2E0741}C:\users\martijn\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\martijn\appdata\local\popcorn time\node-webkit\popcorn time.exe
FirewallRules: [{68CE01E9-CFD1-4FE3-A804-C2330A7BDF4D}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{ADC2E855-96C6-4769-8F45-BAAB7E7EC729}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{C5D49C62-1DFA-4B88-914F-2AC6D70D3D44}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{F5C4C93C-98AA-4196-AFB9-15A261E4695B}] => (Allow) D:\SteamLibrary\SteamApps\common\Half-Life 2\hl2.exe
FirewallRules: [{CCBFD9CF-3FD4-4054-8F08-6C7F65BDC829}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{C21A4D58-2AA3-43C4-B7B3-40F4EBC9FB88}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Divinity - Original Sin\Shipping\EoCApp.exe
FirewallRules: [{6CBB9B39-0841-44FD-B7A5-10FD15F3ACC6}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{79226374-7026-4A0A-9771-D99ABFF0E50A}] => (Allow) D:\SteamLibrary\SteamApps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{12299E22-2BA8-4A80-B41B-08662AE5FE1A}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{A0B50FC6-14CE-4B12-B586-96511BBA9F4E}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{25DD9EBD-D24D-4112-94C3-DC1AA9116A6D}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{F7460B9B-D1F7-4D32-ADF3-BA4C70EC84DF}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{0E534396-4D2C-4099-837B-396CAB4CB100}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{6A4C090A-65C0-46E7-9C8D-61FED062058B}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{673135E3-1396-457A-8DCD-20FA5CC4B420}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\RemoteCrashSender.exe
FirewallRules: [{5182027D-7992-4559-9CC8-FA5E89A00AB8}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Tools\Launcher.exe
FirewallRules: [{2A2016E3-D8E2-4BED-9CC8-F3032FBBD60C}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{36706B17-ABCB-45F8-9D55-44EC40B162FA}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{A0432694-19DA-4DB7-A3CE-13204B9005B9}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.x64.exe
FirewallRules: [{B7CCB9EA-A5BB-466C-A19A-5D2BB56264BE}] => (Allow) D:\SteamLibrary\steamapps\common\Warframe\Warframe.exe
FirewallRules: [{6DEF0629-7E85-4608-9069-0628F27368AD}] => (Allow) D:\SteamLibrary\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{5D7C91B5-4F65-40FD-ABC6-148E58CA2D71}] => (Allow) D:\SteamLibrary\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{7E8E7FDD-891E-420B-B9FE-E917DA1C8285}] => (Allow) D:\SteamLibrary\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{2E62F40F-E216-4037-9B85-832688A8688B}] => (Allow) D:\SteamLibrary\SteamApps\common\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe
FirewallRules: [{7075085C-1551-471A-A746-8400BFA156D8}] => (Allow) D:\SteamLibrary\SteamApps\common\Cherry Tree High Comedy Club\Game.exe
FirewallRules: [{83823747-1A05-47BD-8578-121297A1D469}] => (Allow) D:\SteamLibrary\SteamApps\common\Cherry Tree High Comedy Club\Game.exe
FirewallRules: [{46F75EC1-DBB5-451F-8C69-4FD2908F1169}] => (Allow) D:\SteamLibrary\SteamApps\common\Cherry Tree High Comedy Club\CTHCC.exe
FirewallRules: [{F8F404FC-7C6B-485C-9D9B-3F4683D8CE5A}] => (Allow) D:\SteamLibrary\SteamApps\common\Cherry Tree High Comedy Club\CTHCC.exe
FirewallRules: [UDP Query User{71EFAB9E-4739-42E5-8616-EAEEA714A5AE}D:\program files (x86)\defense grid 2\defensegrid2_release.exe] => (Block) D:\program files (x86)\defense grid 2\defensegrid2_release.exe
FirewallRules: [TCP Query User{09D22991-DB9D-4C82-A46D-1AF9A27CC02E}D:\program files (x86)\defense grid 2\defensegrid2_release.exe] => (Block) D:\program files (x86)\defense grid 2\defensegrid2_release.exe
FirewallRules: [{E7B73BBF-0588-4ADA-B542-162FA62781F3}] => (Allow) D:\Installed Games\Hearthstone\Hearthstone.exe
FirewallRules: [{22CBF835-DAE5-4E59-B969-2B4D5FE54510}] => (Allow) D:\Installed Games\Hearthstone\Hearthstone.exe
FirewallRules: [{6B775126-420C-4871-8A89-22FB91428B34}] => (Allow) D:\SteamLibrary\SteamApps\common\Influent\Influent.exe
FirewallRules: [{C512F430-BCB9-4201-AE73-D51B6ABC6A2E}] => (Allow) D:\SteamLibrary\SteamApps\common\Influent\Influent.exe
FirewallRules: [{99A9A052-AA05-4E52-B680-E6FB8A21D59C}] => (Allow) D:\SteamLibrary\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{221CF5F6-75D8-4F89-9485-CE1D0A953F97}] => (Allow) D:\SteamLibrary\SteamApps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{3584776E-7538-4C1B-A076-BB3FD2E615DA}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8BC8BD8B-DCFF-4133-A08B-E3AFD7AFBA92}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{03E35033-8AA5-46A9-8117-FC5F47AAABFC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{813DA9AC-4DBD-43F6-9F6C-A4986EE18E32}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [UDP Query User{7FC5BA85-CD51-4B2E-9DB2-9B235FD17AC4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{ED302982-BF8F-42AC-B08A-A29475962DA3}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{6A49F86B-4BEF-4006-91DF-2DFC558EE292}] => (Allow) D:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{67C3937E-E2A1-45C3-9AFB-46DDA50C75F5}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [{0A52D868-BFD5-435D-8734-2997639E522C}] => (Allow) D:\Program Files (x86)\Origin Games\Theme Hospital\data\Game\DOSBox\LAUNCHER.exe
FirewallRules: [UDP Query User{E849F6FA-B5F3-47AD-BFBA-A6170E02F15F}D:\program files (x86)\dying light\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{FA1A499A-438F-4451-ACCA-59A61061F06F}D:\program files (x86)\dying light\dyinglightgame.exe] => (Block) D:\program files (x86)\dying light\dyinglightgame.exe
FirewallRules: [{D0E13E00-027F-4C9B-AAEB-199C79770818}] => (Allow) D:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{73808B48-3957-4426-940A-2DF1F2613145}] => (Allow) D:\SteamLibrary\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [UDP Query User{D3C9BF67-40C1-4781-B1D2-5C85E9ABF22A}D:\r.g. catalyst\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) D:\r.g. catalyst\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [TCP Query User{574E6B6B-61C9-4504-A84B-09A5859628C4}D:\r.g. catalyst\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) D:\r.g. catalyst\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [{A1A18FFC-AB92-46BF-A389-681E85DE96E2}] => (Allow) D:\SteamLibrary\SteamApps\common\Talisman\Talisman.exe
FirewallRules: [{CA9E76DB-3A7E-418D-8814-374C46081E55}] => (Allow) D:\SteamLibrary\SteamApps\common\Talisman\Talisman.exe
FirewallRules: [{88F9CC96-4741-41AF-ACC5-C6D0B0C9D504}] => (Allow) D:\SteamLibrary\SteamApps\common\SolForge\SolForge.exe
FirewallRules: [{372E4229-2C2D-4A52-99BB-CBCE6E428747}] => (Allow) D:\SteamLibrary\SteamApps\common\SolForge\SolForge.exe
FirewallRules: [UDP Query User{59F69BE6-1ECE-4DFA-B599-6D73B72C800A}D:\program files (x86)\max payne 3\maxpayne3.exe] => (Block) D:\program files (x86)\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{6DCE0C2F-8B89-4C15-A932-A46B2BF439C0}D:\program files (x86)\max payne 3\maxpayne3.exe] => (Block) D:\program files (x86)\max payne 3\maxpayne3.exe
FirewallRules: [{A021EFDA-8DB1-4652-9629-4B26F9EEFB41}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC5D5280-DFE5-41BF-8E93-A3EBAB49C7DB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EEA9E6AB-B7B1-4A9C-9950-08BD538CB512}] => (Allow) D:\SteamLibrary\SteamApps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{AA010DD8-2A26-4992-A348-4A67B38F9629}] => (Allow) D:\SteamLibrary\SteamApps\common\Pinball FX2\Pinball FX2.exe
FirewallRules: [{E97E2A05-D4EC-4D38-AA10-E56F77304981}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic Adventure DX\AppLauncher.exe
FirewallRules: [{8F6F70DA-659C-461A-9AA3-0571F0D4E2A0}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic Adventure DX\AppLauncher.exe
FirewallRules: [{D12D029F-7E68-4B3D-862C-0F90096AA170}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{DA11F579-64B2-46E0-8DB5-0FA041F7A4E9}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic & All-Stars Racing Transformed\Launcher.exe
FirewallRules: [{7698B704-2AA0-472B-AA1C-1901B6496012}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{81906702-FA89-4405-B319-71D63D6B3661}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic & All-Stars Racing Transformed\ASN_App_PcDx9_Final.exe
FirewallRules: [{0CAF987D-CE21-4D9D-8021-70A3FADFBE6B}] => (Allow) D:\SteamLibrary\SteamApps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [{7D99CA96-F907-49D1-BEB9-30BF50EF9705}] => (Allow) D:\SteamLibrary\SteamApps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [{A6854328-A8AB-4EE0-950F-0A6D0DD1D834}] => (Allow) D:\SteamLibrary\SteamApps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{E0394641-B096-4DDB-846C-665D22714EAA}] => (Allow) D:\SteamLibrary\SteamApps\common\ProjectZomboid\ProjectZomboid32.exe
FirewallRules: [{CF00465D-5833-4D77-9776-325F839CD1F8}] => (Block) D:\program files\factorio\bin\x64\factorio.exe
FirewallRules: [{8BA1EE9A-623A-4375-93FA-62F1B19AD648}] => (Block) D:\program files\factorio\bin\x64\factorio.exe
FirewallRules: [UDP Query User{7CF4E54A-A0DC-4A6A-A29E-E36631521F67}D:\program files\factorio\bin\x64\factorio.exe] => (Allow) D:\program files\factorio\bin\x64\factorio.exe
FirewallRules: [TCP Query User{5295560D-17A6-4A0E-BF2D-5C827E073A40}D:\program files\factorio\bin\x64\factorio.exe] => (Allow) D:\program files\factorio\bin\x64\factorio.exe
FirewallRules: [{7BBA7B14-D99E-47F0-8FA0-188F1E9E709B}] => (Allow) D:\SteamLibrary\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
FirewallRules: [{9ECF1633-D028-45B6-B473-3924F58ED671}] => (Allow) D:\SteamLibrary\SteamApps\common\Marvel Heroes\UnrealEngine3\Binaries\Win32\MarvelHeroes2015.exe
FirewallRules: [{FF2523AE-EC0A-4FDF-9F12-63E71726DEB9}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic Generations\ConfigurationTool.exe
FirewallRules: [{C98B45BD-30FE-47B5-B339-602533F119F9}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic Generations\ConfigurationTool.exe
FirewallRules: [{E9742605-A36A-40BA-A4BE-6F989A253BE9}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic Generations\SonicGenerations.exe
FirewallRules: [{BA91963F-3B81-49E0-AF71-CEC3FA6D1F18}] => (Allow) D:\SteamLibrary\SteamApps\common\Sonic Generations\SonicGenerations.exe
FirewallRules: [{68578E75-415B-43FC-BF41-C398788E55B8}] => (Allow) D:\SteamLibrary\SteamApps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{B062D309-5A9F-462C-9C23-1C33C8DEF133}] => (Allow) D:\SteamLibrary\SteamApps\common\ProjectZomboid\ProjectZomboid64.exe
FirewallRules: [{036E876B-597C-46E7-ABED-E54646FDA1A1}] => (Allow) D:\SteamLibrary\SteamApps\common\Defcon\defcon.exe
FirewallRules: [{5BBF2323-DCFA-4492-9709-726E27836ABF}] => (Allow) D:\SteamLibrary\SteamApps\common\Defcon\defcon.exe
FirewallRules: [{B1CA64BF-E74F-4953-9F10-63337924F23C}] => (Allow) D:\SteamLibrary\SteamApps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{478F15BF-70A4-44CA-81E5-83E6ED06021C}] => (Allow) D:\SteamLibrary\SteamApps\common\Grim Dawn\Grim Dawn.exe
FirewallRules: [{1908045A-DDA9-4F49-B651-7767F1DF19FE}] => (Allow) D:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{1A847D62-F4B0-448F-AC79-39A013946486}] => (Allow) D:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{02FA7CE7-157C-4012-9BE3-D9107DFCB9CA}] => (Allow) D:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{F17CB5EB-401D-47DD-A0A1-96FF02250847}] => (Allow) D:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{31B421AC-14E4-4B16-9A0E-81F39899BF49}] => (Allow) D:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{F71BC6CE-1228-4295-976B-485622B3964D}] => (Allow) D:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{FC999D37-5160-47ED-98D5-D9550B5533AD}] => (Allow) D:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{93DA9014-6773-4E33-8143-AF1685FD247C}] => (Allow) D:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C22DFDA8-6E0F-4409-AA65-EFF7C579E500}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [{9150CD20-B4EB-4BF9-9B42-C3FE00071032}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3507\Agent.exe
FirewallRules: [UDP Query User{5CF2AD85-7823-4319-A826-C689C03DE3E0}D:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [TCP Query User{5D2F3F0A-B94A-484C-9F41-7E8E9D6596D8}D:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\program files (x86)\r.g. mechanics\borderlands - the pre-sequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{B338F6D5-6331-46C3-AED1-F82806B5FCC5}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B61B7341-A767-44D1-B712-90A6DA913F04}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B0754E0C-2392-452C-A140-88F21E353C8B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F52D7AE8-79D4-4C9A-8B31-67F3017AD6BC}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [UDP Query User{705FB1EF-322E-4533-8DEA-FAA1A389CFD1}D:\program files (x86)\alien isolation\ai.exe] => (Block) D:\program files (x86)\alien isolation\ai.exe
FirewallRules: [TCP Query User{FAF4F238-3D2D-45CF-A223-A172B6646758}D:\program files (x86)\alien isolation\ai.exe] => (Block) D:\program files (x86)\alien isolation\ai.exe
FirewallRules: [{F890A9E3-79FA-4E94-84BD-816ADD4B4C39}] => (Allow) D:\SteamLibrary\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{7F060447-E346-4C6F-A89B-3944A8D3D67D}] => (Allow) D:\SteamLibrary\SteamApps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{54F6DC81-5721-4ECF-A99B-0270880B32E0}] => (Allow) D:\SteamLibrary\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{404AEBC3-3576-4F39-864F-E521ACF5BB14}] => (Allow) D:\SteamLibrary\SteamApps\common\Hammerwatch\Hammerwatch.exe
FirewallRules: [{A5ADF6D1-8BB0-4866-BBB2-B2484835932F}] => (Allow) D:\SteamLibrary\SteamApps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{A2EF01B2-AA62-49F0-8D85-B1D9F6DDAC23}] => (Allow) D:\SteamLibrary\SteamApps\common\SteamWorld Dig\SteamWorldDig.exe
FirewallRules: [{220D8D1B-0E58-433D-A079-B534E7D1C72D}] => (Allow) D:\SteamLibrary\SteamApps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{D89957E6-00AA-499C-8E38-02036BA62DCD}] => (Allow) D:\SteamLibrary\SteamApps\common\World of Goo\WorldOfGoo.exe
FirewallRules: [{455E9E33-DE08-4750-8635-6AB715210C1C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{ECFBB1A9-E31D-400E-B57C-1180BF7AC723}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3346\Agent.exe
FirewallRules: [{3634DAD9-248D-4430-B490-1E734895871A}] => (Allow) D:\SteamLibrary\SteamApps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
FirewallRules: [{4456DAEF-7401-4A67-BA32-D0CDDD82DD67}] => (Allow) D:\SteamLibrary\SteamApps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
FirewallRules: [{283684A4-52C8-4E43-9A1F-E4164A3DDE1F}] => (Allow) D:\Installed Games\Diablo III\Diablo III.exe
FirewallRules: [{9BAD2F54-0906-45A8-979E-EC46D76DD14C}] => (Allow) D:\Installed Games\Diablo III\Diablo III.exe
FirewallRules: [{67D4EAB8-39C3-4628-BF58-75A773897BFB}] => (Allow) D:\SteamLibrary\SteamApps\common\SanctumTD\SuperSanctumTD.exe
FirewallRules: [{EC3C952E-EA15-4B08-8DA3-341093131C12}] => (Allow) D:\SteamLibrary\SteamApps\common\SanctumTD\SuperSanctumTD.exe
FirewallRules: [{506AAC3E-3566-4857-81CA-6B5BB5AE59E2}] => (Allow) D:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{30797CC3-432D-4DED-800A-CC06A0B5246B}] => (Allow) D:\Program Files\Battle.net\Battle.net.exe
FirewallRules: [{52E9200C-0CEB-4CFB-A9A6-B5134AF7569F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4A3B7131-A1CC-4591-8F62-E21749FD87BF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [UDP Query User{1DFAC1A7-0EED-4313-9920-0B62675E05CD}D:\program files (x86)\wolfenstein. the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein. the new order\wolfneworder_x64.exe
FirewallRules: [TCP Query User{C061DFAD-326F-4E81-91FD-AE8095467CC6}D:\program files (x86)\wolfenstein. the new order\wolfneworder_x64.exe] => (Block) D:\program files (x86)\wolfenstein. the new order\wolfneworder_x64.exe
FirewallRules: [{47505E50-0D29-47BD-AFDE-AE3138FF706D}] => (Block) D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{1D9AD234-FC8E-4D4D-9C03-0752A296903C}] => (Block) D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [UDP Query User{85E14330-2005-454B-A84D-79EE6D5E3F27}D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [TCP Query User{81FAC328-278C-4CD7-80F0-11D87C85CEC3}D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe] => (Allow) D:\steamlibrary\steamapps\common\planetside 2\planetside2_x64.exe
FirewallRules: [{D0400CF9-5510-438D-A4F4-35948B7E536F}] => (Block) D:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{B63D3FF0-C49F-476D-BE75-6AFD301E9A3B}] => (Block) D:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [UDP Query User{BF512137-6567-4AEF-8AD7-7880B401A3A2}D:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) D:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [TCP Query User{6FB29A72-D322-4635-BA21-232ED6BCBD0A}D:\program files (x86)\musicbrainz picard\picard.exe] => (Allow) D:\program files (x86)\musicbrainz picard\picard.exe
FirewallRules: [{3CFA74C9-3CD0-4AF8-B5B9-ED658B763BA2}] => (Allow) C:\Users\Martijn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{849C3B23-FDF6-41D5-891E-6C5CA1D2402F}] => (Allow) C:\Users\Martijn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5E44B6A-1818-48CF-8549-9DE874E448D5}] => (Block) C:\users\martijn\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{56A38AFF-DEE1-4985-8D62-9A0FC4D2EF1E}] => (Block) C:\users\martijn\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{6DEAECAD-0B23-4446-B2D5-2EF027A3F9F1}C:\users\martijn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martijn\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{C8B2C99D-A898-4DFC-AB59-5B609C744116}C:\users\martijn\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\martijn\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{C3F0EBD1-31AE-41AC-B375-16BC967251D2}] => (Allow) D:\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{90290B5D-689B-4A6B-BCFF-0EFF018D34F4}] => (Allow) D:\SteamLibrary\SteamApps\common\PlanetSide 2\LaunchPad.exe
FirewallRules: [{3FBC943D-C48C-4EF1-B52E-A140ACDA3C1E}] => (Allow) D:\SteamLibrary\SteamApps\common\The Last Federation\LastFederation.exe
FirewallRules: [{2507B2BB-AEA9-40A0-8F7B-B985EE71C093}] => (Allow) D:\SteamLibrary\SteamApps\common\The Last Federation\LastFederation.exe
FirewallRules: [{CBB2D698-6CE9-488F-87B3-419E4E0D4D48}] => (Allow) D:\SteamLibrary\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{6EBF23E0-A126-4144-BBCA-B93B36E0AFB3}] => (Allow) D:\SteamLibrary\SteamApps\common\Darkness II\DarknessII.exe
FirewallRules: [{9E9767D7-1FFA-44F7-BE63-EA9AC90D7314}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{D8BCECED-41BF-4911-8053-0006694A81D4}] => (Block) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [UDP Query User{F20A27AA-79D1-43B5-9CF6-AE9D2FD26768}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [TCP Query User{6CFBDB77-A8B0-4530-8B6D-637EA83B4297}C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\aces.exe
FirewallRules: [{030290DC-2958-42C4-B90D-B87B13A1C3BF}] => (Allow) D:\SteamLibrary\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{8D0C8DA3-ABDA-4B57-8EBA-F6E4143B5E35}] => (Allow) D:\SteamLibrary\SteamApps\common\Prison Architect\Prison Architect.exe
FirewallRules: [UDP Query User{03447EE6-8C9A-460B-B617-0B0D3E0C0406}D:\games\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) D:\games\xcom enemy within\xew\binaries\win32\xcomew.exe
FirewallRules: [TCP Query User{A2D228E1-7F03-4EEE-AF5E-1500378D2E11}D:\games\xcom enemy within\xew\binaries\win32\xcomew.exe] => (Block) D:\games\xcom enemy within\xew\binaries\win32\xcomew.exe
FirewallRules: [{AAC01AB4-7908-4407-BAEF-F0F0CF2D40AE}] => (Allow) D:\Program Files (x86)\R.G. Mechanics\SimCity\SimCity\SimCity.exe
FirewallRules: [{095B519A-DA72-468D-9E17-45060D3217F1}] => (Allow) D:\Program Files (x86)\R.G. Mechanics\SimCity\SimCity\SimCity.exe
FirewallRules: [UDP Query User{1F966785-2A1C-4E8C-AE8C-6E490F660E73}D:\program files (x86)\space run\ospacegame.exe] => (Block) D:\program files (x86)\space run\ospacegame.exe
FirewallRules: [TCP Query User{1D886697-1753-431A-9EB5-B2AFBAA0C693}D:\program files (x86)\space run\ospacegame.exe] => (Block) D:\program files (x86)\space run\ospacegame.exe
FirewallRules: [{CDBAA279-E586-47F8-9C74-7A4DEA47A2DA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{07DA50B6-8DDD-413E-AE54-7F03DC239419}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{612B0C14-16D3-42D8-AB0B-AFAF7F687B0D}] => (Block) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{31631E44-EB14-4E0F-B604-77A885008198}] => (Block) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{30010CB9-FAB3-47E0-9F4E-C052DBA56838}D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [TCP Query User{93AC0B7B-0BD4-4317-B99D-CA946F74D945}D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) D:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{B053ECEE-BE19-4E49-8782-A6DB17EACA04}] => (Allow) LPort=8888
FirewallRules: [{589625CA-6847-425F-9BD5-656E959B46EA}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{985D345A-BC8F-4066-BEFF-A3DC01D106AA}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{7842EA71-4933-4E7F-97E8-4EC5645D81A9}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{4333E47D-B1B7-46C0-AA84-913A9C6D68B1}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{05AAD5DA-E406-49BA-8C05-F159A6DAB459}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{61708EB8-A0C3-4DBB-B349-8E3E627680BA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{915DCB08-127E-4C82-8F63-C2CBC19B459E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{E032268E-72CE-4DF8-BACD-6FA8FB6F39A7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AC840DCC-9644-42DC-A5AE-6E06B616779B}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{FA0E06EB-2B3B-4CDD-9C0A-3B15D398198A}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{D228889E-6CCE-4057-B1FE-DD17BEF94DD4}] => (Allow) D:\SteamLibrary\SteamApps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [{726FE555-6D8F-4E33-A3D0-D0D654DBD105}] => (Allow) D:\SteamLibrary\SteamApps\common\Shadowrun Dragonfall Director's Cut\Dragonfall.exe
FirewallRules: [TCP Query User{5D58C83C-A964-4865-9009-D19BD2220F92}C:\users\martijn\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\martijn\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{FE217C20-406B-4968-8C85-F9B5328F9ECA}C:\users\martijn\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\martijn\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{CCFD1A4D-C32D-45CF-9448-AC95457296CE}D:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) D:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [UDP Query User{CF6C5CCE-913D-4766-8C93-1D275DD82001}D:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe] => (Allow) D:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [{A69D9263-D731-4304-9CC0-173074ECAD5C}] => (Block) D:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [{BFED8E1A-8789-4998-8A2F-45D4FA941E51}] => (Block) D:\program files (x86)\turbine\dungeons & dragons online\dndclient.exe
FirewallRules: [{C0D6C679-D8FD-40B4-8BBB-BF28F9622E44}] => (Allow) D:\SteamLibrary\SteamApps\common\Crimsonland\Crimsonland.exe
FirewallRules: [{22B8EFAF-36E4-4720-A549-95772042145D}] => (Allow) D:\SteamLibrary\SteamApps\common\Crimsonland\Crimsonland.exe
FirewallRules: [TCP Query User{FB0E86FE-1B98-4633-A57E-C2832F86B31D}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [UDP Query User{7365D5AD-CC90-4095-B016-5BA8CF59A081}D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe] => (Block) D:\program files (x86)\galactic cafe\the stanley parable\thestanleyparable.exe
FirewallRules: [{75F81349-1A5B-48F7-B93D-E145D4C82FA8}] => (Allow) D:\SteamLibrary\SteamApps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{2CC9D994-30B0-447D-8801-6565BA2BEE94}] => (Allow) D:\SteamLibrary\SteamApps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{2AD1CECE-3726-4CAD-858B-04C57F069881}] => (Allow) D:\SteamLibrary\SteamApps\common\Beatbuddy\Beatbuddy.exe
FirewallRules: [{FF674F8A-9080-4D80-A327-8D157E358195}] => (Allow) D:\SteamLibrary\SteamApps\common\Beatbuddy\Beatbuddy.exe
FirewallRules: [TCP Query User{07C8AB28-0100-4317-91D2-DEE805BC9BFE}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{2DB3E838-47AC-4730-9D72-CB54E5E1F22F}C:\program files (x86)\dishonored\binaries\win32\dishonored.exe] => (Block) C:\program files (x86)\dishonored\binaries\win32\dishonored.exe
FirewallRules: [{14411073-D29D-44AE-A2DD-DE152E75708A}] => (Allow) D:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{0CEB1A9E-B129-454D-AFE8-780F37375123}] => (Allow) D:\SteamLibrary\SteamApps\common\PinballArcade\PinballArcade.exe
FirewallRules: [{31A5829C-4DF6-44CA-97BE-B9CC77F411B6}] => (Allow) D:\SteamLibrary\SteamApps\common\PinballArcade\PinballArcade.exe
FirewallRules: [{848FD8B8-FB9E-432B-A1F3-C718AFEFFA14}] => (Allow) D:\SteamLibrary\SteamApps\common\PinballArcade\PinballArcade11.exe
FirewallRules: [{C8CEA549-9FA0-4728-96CE-D204E9282BE5}] => (Allow) D:\SteamLibrary\SteamApps\common\PinballArcade\PinballArcade11.exe
FirewallRules: [{EE406146-E6F2-48DB-B07F-C47B0234EB61}] => (Allow) D:\SteamLibrary\SteamApps\common\PinballArcade\PBAConfig.exe
FirewallRules: [{A845DCAE-36F1-4782-8C55-B16E6A36C22C}] => (Allow) D:\SteamLibrary\SteamApps\common\PinballArcade\PBAConfig.exe
FirewallRules: [{00FB94ED-D782-4746-AC69-1BA351BBF437}] => (Allow) D:\SteamLibrary\SteamApps\common\LYNE\LYNE.exe
FirewallRules: [{EF99E767-B489-4512-9048-9E5F0914C2EC}] => (Allow) D:\SteamLibrary\SteamApps\common\LYNE\LYNE.exe
FirewallRules: [{7F36D9EC-ACCF-4579-A070-F63CF5CA413F}] => (Allow) D:\SteamLibrary\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{760B7E1C-DD60-4906-9C8B-F95307889955}] => (Allow) D:\SteamLibrary\SteamApps\common\Clicker Heroes\Clicker Heroes.exe
FirewallRules: [{A49F6BE0-B981-42C4-879B-9868FE7BFECB}] => (Allow) D:\SteamLibrary\SteamApps\common\Gotham City Impostors F2P\Engine.exe
FirewallRules: [{163596CD-DB45-4682-AE41-6CB4C716ECC5}] => (Allow) D:\SteamLibrary\SteamApps\common\Gotham City Impostors F2P\Engine.exe
FirewallRules: [TCP Query User{67826287-AE4E-42AE-9471-ACF35052D813}D:\steamlibrary\steamapps\common\marchofwar\marchofwar.exe] => (Allow) D:\steamlibrary\steamapps\common\marchofwar\marchofwar.exe
FirewallRules: [UDP Query User{418DF349-C746-4BEF-A5B1-8293B96ECFDC}D:\steamlibrary\steamapps\common\marchofwar\marchofwar.exe] => (Allow) D:\steamlibrary\steamapps\common\marchofwar\marchofwar.exe
FirewallRules: [{6AA8E591-5766-4FF9-A55D-4E382D16405A}] => (Allow) D:\SteamLibrary\SteamApps\common\RingRunner\RingRunner.exe
FirewallRules: [{42999C3C-BC5D-4E02-94AB-ED31EF9456AE}] => (Allow) D:\SteamLibrary\SteamApps\common\RingRunner\RingRunner.exe
FirewallRules: [{5D22B2E4-D0E7-4429-80CD-9E21D818AAD3}] => (Allow) D:\SteamLibrary\SteamApps\common\KAMI\KAMI.exe
FirewallRules: [{3E69DDD3-A2F3-4527-9A84-4A582026ECB3}] => (Allow) D:\SteamLibrary\SteamApps\common\KAMI\KAMI.exe
FirewallRules: [{57A2BBA6-1B73-4453-93E7-18059133B85C}] => (Allow) D:\SteamLibrary\SteamApps\common\Gunpoint\Gunpoint.exe
FirewallRules: [{2CE905A8-86E2-4280-ABE2-17981602241D}] => (Allow) D:\SteamLibrary\SteamApps\common\Gunpoint\Gunpoint.exe
FirewallRules: [TCP Query User{083987AE-EC44-475D-BB01-27E8A7965D34}D:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) D:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [UDP Query User{4FF01E10-90D0-47FF-80C0-594DF75D3072}D:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) D:\program files (x86)\soulseekqt\soulseekqt.exe
FirewallRules: [TCP Query User{88724300-F668-440D-B4B7-6D43A095F7FF}D:\program files (x86)\awaremote server\awaremote server.exe] => (Allow) D:\program files (x86)\awaremote server\awaremote server.exe
FirewallRules: [UDP Query User{5DC631E2-FE7B-49A6-B51F-2D7DF726F42E}D:\program files (x86)\awaremote server\awaremote server.exe] => (Allow) D:\program files (x86)\awaremote server\awaremote server.exe
FirewallRules: [TCP Query User{9368DF65-77E9-47C8-888F-71BF743E25E3}D:\program files (x86)\r.g. gamblers\age of wonders 3\aow3.exe] => (Block) D:\program files (x86)\r.g. gamblers\age of wonders 3\aow3.exe
FirewallRules: [UDP Query User{A715356D-A618-4007-A53B-F675BB1B61E4}D:\program files (x86)\r.g. gamblers\age of wonders 3\aow3.exe] => (Block) D:\program files (x86)\r.g. gamblers\age of wonders 3\aow3.exe
FirewallRules: [TCP Query User{54E1034A-B1C4-4DA0-8964-519D0BD900EC}D:\program files (x86)\bdwm\clipsync server\clipsync server.exe] => (Allow) D:\program files (x86)\bdwm\clipsync server\clipsync server.exe
FirewallRules: [UDP Query User{48589E4E-73DC-40FB-B814-BC08FE919607}D:\program files (x86)\bdwm\clipsync server\clipsync server.exe] => (Allow) D:\program files (x86)\bdwm\clipsync server\clipsync server.exe
FirewallRules: [{9A2099C2-BC39-4B55-B439-C125E595B8FC}] => (Allow) D:\SteamLibrary\SteamApps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{F18ABBB6-9BED-403A-B332-358032296F86}] => (Allow) D:\SteamLibrary\SteamApps\common\Mitos.is The Game\Mitosis.exe
FirewallRules: [{24C2FC9C-2134-443A-84CA-11F45BF3AC0C}] => (Allow) D:\SteamLibrary\SteamApps\common\Xenonauts\Xenonauts.exe
FirewallRules: [{1EE7F4F5-3D90-4879-9699-58798730843F}] => (Allow) D:\SteamLibrary\SteamApps\common\Xenonauts\Xenonauts.exe
FirewallRules: [{A2116251-A81F-4EEF-AAF2-831568AECE27}] => (Allow) D:\SteamLibrary\SteamApps\common\FE Legendary Heroes\LegendaryHeroes.exe
FirewallRules: [{932F19CF-DA55-4D33-8CF9-F078B7273CD8}] => (Allow) D:\SteamLibrary\SteamApps\common\FE Legendary Heroes\LegendaryHeroes.exe
FirewallRules: [{36E0897B-8D19-4CE2-9FB2-1281D2C061C8}] => (Allow) D:\SteamLibrary\SteamApps\common\Legend of Grimrock\grimrock.exe
FirewallRules: [{63934B26-F9CB-4821-991C-7A3D16133B40}] => (Allow) D:\SteamLibrary\SteamApps\common\Legend of Grimrock\grimrock.exe
FirewallRules: [TCP Query User{8A5F90D5-7387-4958-9907-0E35603BD1C0}D:\installed games\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe] => (Allow) D:\installed games\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{642ED14D-3CAD-48F9-8DF5-9EE6F0E37FDD}D:\installed games\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe] => (Allow) D:\installed games\heroes of the storm\versions\base38236\heroesofthestorm_x64.exe
FirewallRules: [{07429B10-027A-4099-B8C9-44D2BADF431C}] => (Allow) D:\Installed Games\Heroes of the Storm\Versions\Base38236\HeroesOfTheStorm_x64.exe
FirewallRules: [TCP Query User{82FA6B29-1DFE-4E4F-809B-008874B7BC20}D:\installed games\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe] => (Allow) D:\installed games\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{760DCF6B-2F3F-4E65-B53D-CE60955E53E2}D:\installed games\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe] => (Allow) D:\installed games\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe
FirewallRules: [{AD3DA3A3-7267-47FB-821D-74614ED33BB3}] => (Block) D:\installed games\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe
FirewallRules: [{2EAA9761-DC69-4C7A-9217-B05019FED99D}] => (Block) D:\installed games\heroes of the storm\versions\base38500\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B4698F54-D10C-430A-BF3E-FDD17A0E0C0F}D:\installed games\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\installed games\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AFB07D86-AE3A-4979-8359-C80B0D481280}D:\installed games\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe] => (Allow) D:\installed games\heroes of the storm\versions\base38593\heroesofthestorm_x64.exe
FirewallRules: [{DECCEBEC-10D8-473C-B18C-AF1E02F22395}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{20577E2D-73CF-484C-994F-5E4D293A1987}D:\gog games\shadowrun - hong kong\srhk.exe] => (Block) D:\gog games\shadowrun - hong kong\srhk.exe
FirewallRules: [UDP Query User{DC9D8F02-5F9D-4B66-A4C7-C7874D1A73E2}D:\gog games\shadowrun - hong kong\srhk.exe] => (Block) D:\gog games\shadowrun - hong kong\srhk.exe
FirewallRules: [{53E4071E-07AF-4604-A8E5-7F140B8E968F}] => (Allow) D:\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{F824DCBB-465B-4E1B-A317-D91A09CAE920}] => (Allow) D:\SteamLibrary\SteamApps\common\Divinity Original Sin Enhanced Edition\Shipping\EoCApp.exe
FirewallRules: [{3119F02C-0999-4774-A7A9-E6E3F10D2D95}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{88E9E0F5-B024-4B23-A665-74915C77CCFD}] => (Allow) D:\Program Files (x86)\qBittorrent\qbittorrent.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2015 02:59:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xc0000409
Fault offset: 0x000b3e28
Faulting process id: 0x1118
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5

Error: (11/03/2015 02:52:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.10240.16515 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: c08

Start Time: 01d1163eb765183d

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: 1204c10c-8232-11e5-9e02-e03f49115a4c

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Error: (11/03/2015 02:52:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Martyboy)
Description: App Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy+App did not launch within its allotted time.

Error: (11/03/2015 02:50:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Martyboy)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (11/03/2015 02:48:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xc0000409
Fault offset: 0x000b3e28
Faulting process id: 0x1044
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5

Error: (11/03/2015 02:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xc0000409
Fault offset: 0x000b3e28
Faulting process id: 0xe38
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5

Error: (11/03/2015 03:58:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winamp.exe, version: 5.5.8.2985, time stamp: 0x4c3b43ea
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c599e1
Exception code: 0xc000000d
Fault offset: 0x000e914c
Faulting process id: 0x4e0
Faulting application start time: 0xwinamp.exe0
Faulting application path: winamp.exe1
Faulting module path: winamp.exe2
Report Id: winamp.exe3
Faulting package full name: winamp.exe4
Faulting package-relative application ID: winamp.exe5

Error: (11/02/2015 08:43:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (11/02/2015 08:28:02 PM) (Source: MsiInstaller) (EventID: 1024) (User: Martyboy)
Description: Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6D00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Error: (11/02/2015 01:33:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PSUAMain.exe, version: 4.0.0.644, time stamp: 0x54efac0e
Faulting module name: CC3290MT.DLL, version: 9.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0005d522
Faulting process id: 0xe2c
Faulting application start time: 0xPSUAMain.exe0
Faulting application path: PSUAMain.exe1
Faulting module path: PSUAMain.exe2
Report Id: PSUAMain.exe3
Faulting package full name: PSUAMain.exe4
Faulting package-relative application ID: PSUAMain.exe5


System errors:
=============
Error: (11/03/2015 03:11:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:11:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:11:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:11:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:11:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:11:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:11:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:11:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:11:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/03/2015 03:11:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


==================== Memory info ===========================

Processor: Intel® Core™ i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 31%
Total physical RAM: 16322.11 MB
Available physical RAM: 11103.79 MB
Total Virtual: 16338.11 MB
Available Virtual: 13080.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:237.69 GB) (Free:62.58 GB) NTFS
Drive d: (Internal HDD) (Fixed) (Total:2794.39 GB) (Free:55.04 GB) NTFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:71.07 GB) NTFS
Drive i: (Seagate Backup Plus Drive) (Fixed) (Total:3726.01 GB) (Free:143.02 GB) NTFS
Drive j: (Expansion Drive 2) (Fixed) (Total:1863.01 GB) (Free:81.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 6FBBF9CE)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 2.

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 8A0DB4DB)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 09 November 2015 - 11:07 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:17 AM

Posted 08 November 2015 - 09:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/595224 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Black_ice

Black_ice
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 08 November 2015 - 11:48 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Martijn (administrator) on MARTYBOY (08-11-2015 17:45:57)
Running from D:\Programs
Loaded Profiles: Martijn (Available Profiles: Martijn & Administrator)
Platform: Windows 10 Pro N (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Waterfox\waterfox.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
() C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Seagate Technology LLC) D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Seagate Technology LLC) D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(hxxp://winaero.com) D:\Programs\x64\OpaqueTaskbar.exe
(Seagate Technology LLC) D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Pushbullet Inc) C:\Users\Martijn\AppData\Local\Pushbullet\bin\pushbullet_client.exe
(Google Inc.) C:\Users\Martijn\AppData\Local\Google\Update\GoogleUpdate.exe
(Pushbullet Inc) C:\Users\Martijn\AppData\Local\Temp\pushbullet_watchdog.exe
() C:\Program Files (x86)\SVP\SVPMgr.exe
() D:\Programs\cpkeeper\CPKeeper.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
() D:\Program Files (x86)\Func\MS-3\MS-3_Core.exe
() D:\Program Files (x86)\Func\MS-3\MS-3_Tray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Waterfox) C:\Program Files\Waterfox\waterfox.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) C:\Program Files\Waterfox\plugin-container.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Last.fm) C:\Program Files (x86)\Last.fm\Last.fm Scrobbler.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2010-07-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104088 2012-11-01] (VMware, Inc.)
HKLM-x32\...\Run: [DBAgent] => D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [40184 2015-02-27] (Panda Security, S.L.)
HKLM-x32\...\Run: [Func Ms3] => D:\Program Files (x86)\Func\MS-3\MS-3_Core
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [OpaqueTaskbar] => D:\Programs\x64\OpaqueTaskbar.exe [62464 2013-04-22] (hxxp://winaero.com)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Uploader] => D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-04-30] (Seagate Technology LLC)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Pushbullet] => D:\Program Files (x86)\Pushbullet\pushbullet.exe [64000 2014-12-21] (Pushbullet inc)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Google Update] => C:\Users\Martijn\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-04-18] (Google Inc.)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [SVPMgr] => C:\Program Files (x86)\SVP\SVPMgr.exe [973824 2015-07-06] ()
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Martijn\AppData\Local\Akamai\netsession_win.exe [4691384 2015-07-23] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Run: [Color Profile Keeper] => D:\Programs\cpkeeper\CPKeeper.exe [7922176 2015-08-20] ()
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\MountPoints2: {6eae3e37-ff65-11e3-9bfb-e03f49115a4c} - "K:\setup.exe"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\MountPoints2: {75f8ebcf-4675-11e5-9d95-e03f49115a4c} - "G:\autorun.exe"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\MountPoints2: {a05884e0-6ae3-11e5-9de1-806e6f6e6963} - "G:\autorun.exe"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\MountPoints2: {be3cfdd7-6051-11e5-9dcd-e03f49115a4c} - "G:\autorun.exe"
HKU\S-1-5-21-1789035615-2181655339-79741492-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\sshtml.scr [227840 2015-03-14] (djmclean)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.254
Tcpip\..\Interfaces\{352C92E7-E8EF-4E62-9785-25263D66ADE1}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{87c21c88-5e67-4f75-920f-d9624993afc3}: [DhcpNameServer] 10.211.254.254 8.8.8.8
Tcpip\..\Interfaces\{98dcc31a-1725-471d-b98a-45334c16c0a0}: [DhcpNameServer] 192.168.2.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO: AlxHelper Class -> {F443A627-5009-4323-9C1D-7FD598D0D712} -> C:\Program Files\Alexa Toolbar\AlexaToolbar.11.0.dll [2013-10-18] (Alexa.com)
BHO-x32: Microsoft.Search.HRSToolBar.InitToolbarBHO -> {1d970ed5-3eda-438d-bffd-715931e2775d} -> C:\WINDOWS\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-06-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-06-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: No Name -> {F443A627-5009-4323-9C1D-7FD598D0D712} -> No File
Toolbar: HKLM - Alexa Toolbar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Alexa Toolbar\AlexaToolbar.11.0.dll [2013-10-18] (Alexa.com)
Toolbar: HKLM-x32 - No Name - {EA582743-9076-4178-9AA6-7393FDF4D5CE} -  No File
Toolbar: HKLM-x32 - Bing HRS Toolbar - {c9a6357b-25cc-4bcf-96c1-78736985d414} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-07-10] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-04-01] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default
FF DefaultSearchEngine: StartPage
FF Homepage: hxxp://www.netvibes.com/privatepage/1#Algemeen
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*'))%20%7B%20return%20'PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [2014-08-27] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll [2014-12-11] (Adobe Systems, Inc.)
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [2014-08-27] (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-22] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1789035615-2181655339-79741492-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-1789035615-2181655339-79741492-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-04-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010-07-12] (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\searchplugins\lastfm.xml [2015-03-20]
FF SearchPlugin: C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\searchplugins\path-of-exile-wiki-en.xml [2015-07-11]
FF SearchPlugin: C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\searchplugins\youtube-video-search.xml [2015-01-20]
FF Extension: Avira Browser Safety - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\abs@avira.com [2015-10-24] [not signed]
FF Extension: CyberSearch - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\cybersearch@cybernetnews.com [2015-05-29]
FF Extension: FoxyProxy Standard - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: Woordenboek Nederlands - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\nl-NL@dictionaries.addons.mozilla.org [2015-05-12] [not signed]
FF Extension: FT DeepDark - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [2015-09-15]
FF Extension: Block site - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-08-27]
FF Extension: Metal Lion Australis Theme - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{F2C70981-7CDC-4c46-ACF3-41F18693E79E} [2015-11-08]
FF Extension: Right Inbox for Gmail - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\firefox@rightinbox.com.xpi [2015-09-03]
FF Extension: BetterTTV - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\jid0-OeCFXKAPh2tC0bN3Li9ajRAZx6c@jetpack.xpi [2014-08-28] [not signed]
FF Extension: Privacy Badger - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\jid1-MnnxcxisBPnSXQ-eff@jetpack.xpi [2015-10-20]
FF Extension: ProxMate - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2015-05-29]
FF Extension: mx4 - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\mx4@dkgo.com.xpi [2015-08-28]
FF Extension: NoSquint - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\nosquint@urandom.ca.xpi [2015-05-29]
FF Extension: Scrollbar Search Highlighter - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\scrollbar.search.highlighter@rob.iverson.com.xpi [2015-05-29]
FF Extension: Social Fixer - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\socialfixer@mattkruse.com.xpi [2014-12-13] [not signed]
FF Extension: Test Pilot - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\testpilot@labs.mozilla.com.xpi [2015-04-25]
FF Extension: Facebook Phishing Protector - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2015-04-25]
FF Extension: FlashGot - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2015-04-25]
FF Extension: ProxTube - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2015-04-08] [not signed]
FF Extension: uBlock - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-11-01]
FF Extension: Stylish - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2015-05-29]
FF Extension: YouTube High Definition - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2015-11-08]
FF Extension: ReloadEvery - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2015-05-29]
FF Extension: Soundcloud SUPER +2: Downloader and Recommender - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{988da70d-b78d-44a1-a9c7-ed11832a9e2e}.xpi [2015-05-29]
FF Extension: Tamper Data - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi [2015-05-29]
FF Extension: Modify Headers - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2015-05-29]
FF Extension: RightToClick - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2015-05-29]
FF Extension: Adblock Plus - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF Extension: Download Statusbar - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2015-05-29]
FF Extension: Greasemonkey - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-10-25]
FF Extension: User Agent Switcher - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2015-05-29]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found

Chrome:
=======
CHR Profile: C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-23]
CHR Extension: (Google Search) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-07-13]
CHR Extension: (Dark Vibe) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2015-07-29]
CHR Extension: (Avira Browser Safety) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-07]
CHR Extension: (CrowdFlower) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\moncgiclmgkdhmkagcincfkkikpaggcd [2015-10-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2015-06-22] (Advanced Micro Devices) [File not signed]
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-07-04] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-08-01] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2013-08-13] (ASUSTeK Computer Inc.) [File not signed]
R2 HiSuiteOuc64.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc64.exe [138544 2015-05-19] ()
R2 HuaweiHiSuiteService64.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService64.exe [192304 2015-05-19] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142584 2015-02-27] (Panda Security, S.L.)
S3 OpenVPNService; D:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-19] (The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-04] (Electronic Arts)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2014-07-11] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-02-07] ()
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-02-27] (Panda Security, S.L.)
R2 Seagate Dashboard Services; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; D:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
S2 SkypeUpdate; D:\Program Files (x86)\Skype\Updater\Updater.exe [315488 2015-01-02] (Skype Technologies)
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2012-10-31] (VMware, Inc.) [File not signed]
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13234176 2012-11-01] () [File not signed]
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; D:\EEK\bin\a2ddax64.sys [26176 2015-03-11] (Emsisoft GmbH)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 cleanhlp; D:\EEK\bin\cleanhlp64.sys [57024 2015-03-11] (Emsisoft GmbH)
S3 dc1-controller; C:\Windows\System32\drivers\dc1-controller.sys [50688 2015-07-10] (Microsoft Corp.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-29] (Disc Soft Ltd)
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Windows ® Codename Longhorn DDK provider)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 Neo_VPN; C:\Windows\system32\DRIVERS\Neo_VPN.sys [28640 2015-04-13] (SoftEther VPN Project at University of Tsukuba, Japan.)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [93968 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [202000 2015-02-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110864 2015-02-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [116496 2015-02-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\system32\DRIVERS\NNSNAHSL.sys [49936 2014-12-31] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [99600 2015-02-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69904 2015-02-09] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124176 2015-02-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [299792 2015-02-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [166160 2015-02-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113424 2015-02-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257296 2015-02-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106256 2015-02-09] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2015-02-25] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2015-02-25] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197392 2015-02-25] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124176 2015-02-25] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [133904 2015-02-25] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2015-02-25] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-01-29] (Panda Security, S.L.)
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [38368 2015-04-13] (SoftEther VPN Project at University of Tsukuba, Japan.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
S3 SnakeEyes; C:\Windows\system32\drivers\SnakeEyes.sys [25600 2012-09-05] ( ) [File not signed]
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WinRing0_1_2_0; D:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [34016 2014-05-28] (Microsoft Corporation)
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-08 17:11 - 2015-11-08 17:11 - 00016148 _____ C:\WINDOWS\system32\MARTYBOY_Martijn_HistoryPrediction.bin
2015-11-03 15:16 - 2015-11-08 17:45 - 00000000 ____D C:\FRST
2015-11-03 15:08 - 2015-11-03 15:09 - 00000000 ____D C:\rsit
2015-11-03 15:08 - 2015-11-03 15:08 - 00000000 ____D C:\Program Files (x86)\trend micro
2015-11-02 13:38 - 2015-10-28 00:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-02 13:38 - 2015-10-28 00:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-02 13:38 - 2015-10-21 13:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-02 13:38 - 2015-10-21 06:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-02 13:37 - 2015-10-21 13:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-02 13:37 - 2015-10-21 13:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-02 13:37 - 2015-10-21 13:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-02 13:37 - 2015-10-21 13:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-02 13:37 - 2015-10-21 13:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-02 13:37 - 2015-10-21 12:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-02 13:37 - 2015-10-21 12:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-02 13:37 - 2015-10-21 12:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-02 13:37 - 2015-10-21 12:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-02 13:37 - 2015-10-21 12:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-02 13:37 - 2015-10-21 12:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-02 13:37 - 2015-10-21 12:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-02 13:37 - 2015-10-21 12:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-02 13:37 - 2015-10-21 12:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-02 13:37 - 2015-10-21 12:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-02 13:37 - 2015-10-21 12:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-02 13:37 - 2015-10-21 12:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-02 13:37 - 2015-10-21 12:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-02 13:37 - 2015-10-21 12:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-02 13:37 - 2015-10-21 12:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-02 13:37 - 2015-10-21 06:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-02 13:37 - 2015-10-21 06:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-02 13:37 - 2015-10-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-02 13:37 - 2015-10-21 06:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-02 13:37 - 2015-10-21 06:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-02 13:37 - 2015-10-21 06:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-02 13:37 - 2015-10-21 06:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-02 13:37 - 2015-10-21 05:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-02 13:37 - 2015-10-21 05:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-01 14:48 - 2015-11-01 14:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2015-10-30 17:35 - 2015-11-02 20:28 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-10-30 17:35 - 2015-10-30 17:35 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-10-30 17:35 - 2015-10-30 17:35 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-10-26 19:46 - 2015-10-26 19:46 - 00000000 ____D C:\Users\Martijn\Documents\Shadowrun Hong Kong
2015-10-26 13:39 - 2015-10-26 13:39 - 00000000 ____D C:\Users\Martijn\Documents\AbbeyCore
2015-10-26 01:15 - 2015-11-08 16:44 - 00005212 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Martyboy-Martijn Martyboy
2015-10-21 23:47 - 2015-10-21 23:47 - 00000000 ____D C:\Users\Martijn\AppData\LocalLow\Temp
2015-10-20 16:20 - 2015-10-20 16:20 - 00000988 _____ C:\Users\Martijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mgsvtpp.lnk
2015-10-15 15:13 - 2015-10-15 15:13 - 00000000 ____D C:\Users\Martijn\AppData\Roaming\sp6_log
2015-10-15 14:30 - 2015-10-15 14:30 - 00000756 _____ C:\WINDOWS\LkmdfCoInst.log
2015-10-14 16:17 - 2015-10-17 14:12 - 00000000 ____D C:\Users\Martijn\Documents\Heroes of the Storm
2015-10-14 15:56 - 2015-10-14 15:56 - 00000909 _____ C:\Users\Public\Desktop\Heroes of the Storm.lnk
2015-10-14 15:56 - 2015-10-14 15:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-10-14 14:03 - 2015-10-10 08:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 14:03 - 2015-10-06 04:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 14:03 - 2015-10-06 03:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 14:03 - 2015-10-01 05:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 14:03 - 2015-10-01 05:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 14:03 - 2015-10-01 05:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 14:03 - 2015-10-01 05:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 14:03 - 2015-10-01 05:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 14:03 - 2015-10-01 04:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 14:03 - 2015-09-25 05:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 14:03 - 2015-09-25 05:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 14:03 - 2015-09-25 04:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 14:03 - 2015-09-25 04:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 14:03 - 2015-09-25 04:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 14:03 - 2015-09-25 04:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 14:03 - 2015-09-25 04:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 14:03 - 2015-09-25 04:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 14:03 - 2015-09-25 04:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 14:03 - 2015-09-25 04:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 14:03 - 2015-09-25 04:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 14:03 - 2015-09-25 04:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 14:03 - 2015-09-25 04:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 14:03 - 2015-09-25 04:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 14:03 - 2015-09-25 04:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 14:03 - 2015-09-25 04:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-14 14:03 - 2015-09-25 04:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 14:03 - 2015-09-25 04:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 14:03 - 2015-09-25 04:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-14 14:03 - 2015-09-25 04:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 14:03 - 2015-09-25 04:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-14 14:03 - 2015-09-25 04:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 14:03 - 2015-09-25 04:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 14:03 - 2015-09-25 03:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 14:03 - 2015-09-25 03:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 14:03 - 2015-09-25 03:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 14:03 - 2015-09-25 03:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 14:03 - 2015-09-25 03:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 14:03 - 2015-09-25 03:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 14:03 - 2015-09-25 03:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 14:03 - 2015-09-25 03:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 14:03 - 2015-09-25 03:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-14 14:03 - 2015-09-25 03:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 14:03 - 2015-09-25 03:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 14:03 - 2015-09-25 03:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 14:03 - 2015-09-25 03:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 14:03 - 2015-09-25 03:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 14:03 - 2015-09-25 03:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 14:03 - 2015-09-25 03:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 14:03 - 2015-09-25 03:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-08 17:34 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-08 17:17 - 2015-04-18 14:48 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001UA.job
2015-11-08 17:15 - 2014-06-29 02:31 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-08 16:14 - 2015-01-28 16:17 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-08 15:34 - 2014-06-29 21:38 - 00000000 ____D C:\Program Files (x86)\Steam
2015-11-08 14:43 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-11-08 14:33 - 2015-03-28 16:07 - 00000000 ____D C:\Users\Martijn\AppData\Local\Pushbullet
2015-11-08 14:32 - 2014-06-29 02:31 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-08 01:17 - 2015-07-30 04:23 - 00857266 _____ C:\WINDOWS\system32\perfh013.dat
2015-11-08 01:17 - 2015-07-30 04:23 - 00177630 _____ C:\WINDOWS\system32\perfc013.dat
2015-11-08 01:17 - 2015-07-29 18:37 - 01959566 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-08 01:11 - 2015-07-29 18:27 - 00037184 _____ C:\WINDOWS\PFRO.log
2015-11-08 01:11 - 2015-07-10 13:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-08 01:11 - 2015-04-18 14:48 - 00001040 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001Core.job
2015-11-07 19:36 - 2014-06-28 19:38 - 00000000 ____D C:\Users\Martijn\AppData\Local\Last.fm
2015-11-07 18:55 - 2014-06-29 20:52 - 00000000 ____D C:\Games
2015-11-07 14:42 - 2015-03-04 14:40 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-06 23:50 - 2014-06-28 20:37 - 00215040 _____ C:\Users\Martijn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-06 12:57 - 2015-07-10 13:23 - 00315128 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-06 04:18 - 2015-04-07 20:00 - 00000000 ____D C:\Users\Martijn\AppData\Roaming\qBittorrent
2015-11-06 01:29 - 2014-06-30 19:51 - 00000000 ____D C:\Users\Martijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-11-06 00:32 - 2015-02-07 19:03 - 00166392 _____ C:\WINDOWS\DirectX.log
2015-11-05 20:28 - 2014-07-07 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2015-11-05 17:19 - 2014-08-27 11:53 - 00000000 ____D C:\Users\Martijn\AppData\Local\Battle.net
2015-11-05 10:51 - 2015-07-10 12:02 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-05 10:48 - 2014-08-17 20:42 - 00000000 ____D C:\Users\Martijn\AppData\Local\Black_Tree_Gaming
2015-11-05 10:44 - 2015-07-29 18:29 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-05 10:44 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-04 04:55 - 2015-07-29 18:30 - 00000000 ____D C:\Users\Martijn
2015-11-03 16:27 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\rescache
2015-11-03 15:31 - 2015-09-01 15:12 - 00000000 ____D C:\Users\Martijn\AppData\Local\Deployment
2015-11-03 15:29 - 2014-12-17 01:34 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-11-03 14:38 - 2015-07-10 12:02 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-02 20:44 - 2015-07-10 11:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-30 20:49 - 2014-08-18 15:13 - 00000000 ____D C:\Users\Martijn\AppData\Local\Adobe
2015-10-30 17:40 - 2015-08-30 15:20 - 00000000 ____D C:\Users\Martijn\Documents\Visual Studio 2015
2015-10-30 17:35 - 2014-12-25 13:08 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-30 17:35 - 2014-07-21 20:22 - 00000000 ____D C:\ProgramData\Adobe
2015-10-28 14:12 - 2014-06-29 08:38 - 00000000 ____D C:\Users\Martijn\AppData\Local\Packages
2015-10-27 20:40 - 2014-06-30 20:38 - 00000000 ____D C:\Users\Martijn\Documents\Larian Studios
2015-10-26 19:46 - 2014-07-07 21:03 - 00000000 ____D C:\Users\Martijn\AppData\LocalLow\Harebrained Schemes
2015-10-26 19:44 - 2014-07-07 20:57 - 00000000 ____D C:\Users\Martijn\AppData\Local\Harebrained Schemes
2015-10-26 01:03 - 2014-06-11 13:39 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-10-26 00:57 - 2015-03-04 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-26 00:57 - 2015-03-04 14:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-26 00:53 - 2015-07-29 18:29 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-21 19:57 - 2015-08-29 02:45 - 00000000 ____D C:\Users\Martijn\.oracle_jre_usage
2015-10-21 19:57 - 2014-11-25 18:48 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 19:57 - 2014-11-25 18:47 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-10-21 19:57 - 2014-11-25 18:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 19:57 - 2014-11-25 18:47 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-20 22:28 - 2014-06-28 22:53 - 00000000 ____D C:\Users\Martijn\Documents\My Games
2015-10-16 11:59 - 2015-07-10 13:23 - 00033067 _____ C:\WINDOWS\setupact.log
2015-10-16 04:10 - 2015-10-02 11:46 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 04:10 - 2015-10-02 11:46 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 15:13 - 2015-04-01 19:48 - 00018095 _____ C:\WINDOWS\LDPINST.LOG
2015-10-15 15:13 - 2014-06-28 18:41 - 00000000 ____D C:\ProgramData\Logishrd
2015-10-15 14:30 - 2014-06-28 18:41 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2015-10-15 12:32 - 2015-09-13 11:23 - 00000000 ____D C:\WINDOWS\Minidump
2015-10-15 12:32 - 2014-06-29 08:35 - 00162859 ____N C:\WINDOWS\Minidump\101515-6828-01.dmp
2015-10-14 16:17 - 2014-08-27 11:53 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-10-14 15:58 - 2014-06-29 16:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-14 15:54 - 2014-06-29 16:37 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-06-28 20:37 - 2015-11-06 23:50 - 0215040 _____ () C:\Users\Martijn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-12 18:51 - 2015-06-12 18:51 - 0000000 ___SH () C:\Users\Martijn\AppData\Local\LumaEmu
2015-07-29 18:29 - 2015-07-29 18:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Martijn\AppData\Local\Temp\dotNetFx40_Full_setup.exe
C:\Users\Martijn\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Martijn\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Martijn\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Martijn\AppData\Local\Temp\pushbullet_watchdog.exe
C:\Users\Martijn\AppData\Local\Temp\Skin.dll
C:\Users\Martijn\AppData\Local\Temp\tmp811.exe
C:\Users\Martijn\AppData\Local\Temp\tmpBE2F.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-07 16:47

==================== End of FRST.txt ============================


Edited by Black_ice, 08 November 2015 - 11:50 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 09 November 2015 - 10:59 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please remove these programs in bold using the Programs and Features in your control panel.

Alexa Toolbar (HKLM\...\Alexa Toolbar) (Version: 11.0.2013.1018 - Alexa.com)
Popcorn Time (HKU\S-1-5-21-1789035615-2181655339-79741492-1001\...\Popcorn Time) (Version: - Popcorn Official)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: AlxHelper Class -> {F443A627-5009-4323-9C1D-7FD598D0D712} -> C:\Program Files\Alexa Toolbar\AlexaToolbar.11.0.dll [2013-10-18] (Alexa.com)
BHO-x32: No Name -> {F443A627-5009-4323-9C1D-7FD598D0D712} -> No File
Toolbar: HKLM - Alexa Toolbar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Alexa Toolbar\AlexaToolbar.11.0.dll [2013-10-18] (Alexa.com)
Toolbar: HKLM-x32 - No Name - {EA582743-9076-4178-9AA6-7393FDF4D5CE} -  No File
FF Extension: Block site - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2015-08-27]
FF Extension: Right Inbox for Gmail - C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\Extensions\firefox@rightinbox.com.xpi [2015-09-03]
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-1789035615-2181655339-79741492-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Martijn\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
Task: {0231EEB5-03F6-496A-A7B0-62BAA224020B} - \GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001Core -> No File <==== ATTENTION
Task: {0B9DF9D5-8355-40DE-B9E5-3724AE664A7D} - \{F29DCFD4-FBF6-444E-9043-4D7B23D78CA3} -> No File <==== ATTENTION
Task: {0EB178F2-DFA8-45CA-B222-10AB17FC87CC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {14064B29-8B8A-4ED2-BF3D-9BA649A74ACF} - \{D39A295A-9389-4AA1-8A7B-C60FF3B68417} -> No File <==== ATTENTION
Task: {24094629-62D3-4AFB-91F8-F12FB7468625} - \Optimize Start Menu Cache Files-S-1-5-21-1789035615-2181655339-79741492-1001 -> No File <==== ATTENTION
Task: {2795C328-8AF4-4994-92A5-F564780672D1} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {337E2D87-6932-4269-8554-0ECF677BC2C9} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {38C3D831-2816-41FD-B7C0-0C586F18DC96} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4E6A8B59-2E7B-4B12-A1CC-8589D1EC2CA9} - \{E7B7984B-652F-4F95-9A90-2ED83F0369D8} -> No File <==== ATTENTION
Task: {524D9731-C50D-4800-ADD5-84EFE3CADF5F} - \Game_Booster_AutoUpdate -> No File <==== ATTENTION
Task: {617C5004-3F4E-48E9-8F1C-122E5E2BF125} - \Microsoft\Windows\Setup\gwx\runappraiser -> No File <==== ATTENTION
Task: {75843C60-6512-4076-B27D-B6A973BA9021} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {793A8603-2153-4610-A202-902BD178716C} - \{616D57D5-CE06-47BC-9699-6BE2CD94BC58} -> No File <==== ATTENTION
Task: {A6ACB70B-EFC1-4594-A110-E359623C09BE} - \{3D6622C0-7A0E-45CE-9305-AC7525EB69B1} -> No File <==== ATTENTION
Task: {A8029D45-9494-4E67-A870-173327A7651C} - \Optimize Start Menu Cache Files-S-1-5-21-1789035615-2181655339-79741492-500 -> No File <==== ATTENTION
Task: {C101EA79-4334-4047-AF99-7DE9237B5856} - \Seagate_Install_Launch -> No File <==== ATTENTION
Task: {CC5B637F-B13B-4256-BC8E-5D6CB3A77355} - \GoogleUpdateTaskUserS-1-5-21-1789035615-2181655339-79741492-1001UA -> No File <==== ATTENTION
Task: {E903DBA8-1F16-4407-B013-EEA3A8F11342} - \{F4B28102-3601-413F-AB84-80CAE11D768F} -> No File <==== ATTENTION
Task: {E941DF29-151A-46B4-A0F6-58318BC84109} - \Martijn DBAgent 2 0 -> No File <==== ATTENTION
Task: {E9870E59-861B-4F4E-AF10-3EDB0C6B73AE} - \AutoKMS -> No File <==== ATTENTION
Task: {EB213E30-BD2A-4F15-A402-F94A958D38D2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FDDC10BA-36BD-401A-A60C-7341CDE47CBA} - \{7E7528AE-CE89-49FE-9F42-D23728C474C9} -> No File <==== ATTENTION

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

I'm not familiar with Waterfox so if you know how please clear the Cache.

How is the computer running now?

#5 Black_ice

Black_ice
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 09 November 2015 - 11:51 AM

Hello nasdaq, thanks for the help.

 

I did everything but couldn't find Popcorn Time in the Programs & Features list. Panda still turns off after a few minutes. I can manually re-enable it and it appears to stay enabled until i restart the PC again (note that Panda starts enabled, it takes some time for it to turn off). Maybe there is something wrong with Panda and its not malware at all, i don't know.

Waterfox is a custom 64-bit C++ performance build of Firefox.

Here's the AdwCleaner log:
# AdwCleaner v5.019 - Logfile created 09/11/2015 at 17:38:40
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 10 Pro N  (x64)
# Username : Martijn - MARTYBOY
# Running from : D:\Programs\adwcleaner_5.019.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Hola
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delta
[-] Folder Deleted : C:\Users\Martijn\AppData\Local\StormFall
[-] Folder Deleted : C:\Users\Martijn\AppData\Roaming\mipony
[-] Folder Deleted : C:\Users\Martijn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delta

***** [ Files ] *****

[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\foxydeal.sqlite

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
[-] Key Deleted : HKCU\Software\Alexa Internet
[-] Key Deleted : [x64] HKLM\SOFTWARE\Hola
[-] Key Deleted : HKU\.DEFAULT\Software\Hola

***** [ Web browsers ] *****

[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 GMT+0100 (W. Europe Dayl[...]
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C%22app50611%22%3A%22app50[...]
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_geolocation.expiration", "Fri Sep 11 2015 03:18:38 GMT+0200 (W. Europe S[...]
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_geolocation.value", "%22NL%22");
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_metadata.expiration", "Sat Sep 05 2015 03:18:38 GMT+0200 (W. Europe Stan[...]
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A50611%2C%22appName%22%3A%22CrowdFlowe[...]
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.internaldb.Resources_meta.value", "%7B%22YT.png%22%3A%7B%22id%22%3A1014153%2C%22ver%22%3A57%2C%22s[...]
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.internaldb.Resources_resource_1014155.value", "%22%3C%21DOCTYPE%20html%3E%5Cr%5Cn%3Chtml%3E%5Cr%5C[...]
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.internaldb.Resources_resource_1014157.value", "%22//Global%20helpers%5Cnvar%20_YT%20%3D%20%7B%5Cn%[...]
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.internaldb.Resources_resource_1014161.value", "%22//%20The%20Impression%20plugin%20doesn%27t%20sho[...]
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.a518dcd9fae80409780aaa9dae0ad4d7b4dd9787b93a445e4b8286df475da9388com50611.50611.thankyou", "hxxp://crossrider.com/thank_you/50611");
[-] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Deleted : user_pref("extensions.crossrider.bic", "14f95ef0e3f5fe77bc47bd1d192ae98a");
[x] [C:\Users\Martijn\AppData\Roaming\Mozilla\Firefox\Profiles\r9pm05fz.default\prefs.js] [Preference] Not Deleted : user_pref("extensions.nosquint.sites", "last.fm=0,1446735614042,588,110,0,0,false,0,0,false wikipedia.org=0,1447075354180,725,100,0,0,false,0,0,false nos.nl=0,1443378269765,28,110,0,0,false,0,0,false [...]
[-] [C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Martijn\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7815 bytes] ##########
 


Edited by Black_ice, 09 November 2015 - 11:54 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 09 November 2015 - 02:17 PM

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

===

p.s.
Did you remove any Virus protection lately and installed Panda as a replacement?

You can always re install Panda if it's not the case.

#7 Black_ice

Black_ice
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 09 November 2015 - 02:26 PM

I have been using Panda for almost a year but this issue only for a month or less.

this is the checkup.txt:

 Results of screen317's Security Check version 1.012 --- 11/09/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Panda Free Antivirus   
Windows Defender       
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Microsoft VisualStudio JavaScript Project System
 Java 8 Update 65  
 Microsoft VisualStudio JavaScript Language Service
 Adobe Flash Player     19.0.0.226  
 Mozilla Firefox (38.0)
 Google Chrome (46.0.2490.71)
 Google Chrome (46.0.2490.80)
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 09 November 2015 - 02:30 PM

I would reinstall the application.

#9 Black_ice

Black_ice
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:17 PM

Posted 09 November 2015 - 03:01 PM

I reinstalled it and am now using the 2016 version instead of the 2015 one. The problem seems to have resolved itself by reinstalling, without infecting my computer. It doesn't turn off anymore (at least after one reboot).
Thanks a lot for your help!


Edited by Black_ice, 09 November 2015 - 03:02 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 10 November 2015 - 09:26 AM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:17 AM

Posted 16 November 2015 - 09:45 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users