Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Can't Access Websites

Started by jervis , Sep 20 2017 06:01 AM

Please log in to reply

#1
jervis

Posted 20 September 2017 - 06:01 AM

Member

Member
30 posts

I am using Windows 10, and recently I have been unable to access a handful of websites.
The sites are Amazon (in all countries), Vimeo, the ABC (which is the national broadcaster in Australia) and the BBC.

On Amazon and Vimeo the connection times out, while with the ABC and the BBC I get diverted to another website, simpletelly.com – which I have a subscription to. Possibly there are more, and I just haven't come across them yet.

This happens with both Chrome and Firefox.

I would be grateful for any help.
Cheers

#2
RKinner

Posted 20 September 2017 - 11:59 AM

Malware Expert

Expert
24,624 posts

Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC. If you don't know if you have a 32 or 64 bit system get them both. Only one will work and that's the right one.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

Check the Addition.txt box

Press Scan button.

It will produce a log called FRST.txt in the same directory the tool is run from.

Please copy and paste log back here.

It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

#3
jervis

Posted 20 September 2017 - 07:50 PM

Member

Topic Starter
Member
30 posts

Hi RKinner

Thanks for your reply.

Here are the scan results:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-09-2017
Ran by Martin (administrator) on DESKTOP-OTB3QSE (21-09-2017 11:08:47)
Running from C:\Users\Martin\Dropbox\Programs
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUS) C:\Program Files (x86)\ASUS\ROG MacroKey\MacroSrv.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
() C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(X-Rite Inc.) C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\ROG MacroKey\AsListen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(ASUSTek Computer Inc) C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2Svc32.exe
() C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2Svc64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Tonec Inc.) C:\Program Files (x86)\Internet Download Manager\IDMan.exe
(Spotify Ltd) C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\ASUSWSLoader.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2654512 2015-10-04] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SS2UILauncher] => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [970720 2015-08-15] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.9.564\ASUSWSLoader.exe [63968 2016-06-22] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-09-15] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1057408 2012-06-04] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [203264 2009-10-10] (ArcSoft Inc.)
HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [4027504 2017-08-05] (Tonec Inc.)
HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\Run: [Spotify Web Helper] => C:\Users\Martin\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-05-26] (Spotify Ltd)
HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\RunOnce: [Application Restart #4] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe [1049608 2017-07-03] (ASUSTek Computer Inc)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2016-08-30]
ShortcutTarget: Audible Download Manager.lnk -> C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\i1Profiler Tray.lnk [2016-08-27]
ShortcutTarget: i1Profiler Tray.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-08-03]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-08-03]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk [2017-01-04]
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (Western Digital Technologies, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XRGamma.lnk [2016-08-27]
ShortcutTarget: XRGamma.lnk -> C:\Program Files (x86)\X-Rite\i1Profiler\XRGamma.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-06-19]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{3e5a52b0-73e4-4ade-8e9b-1e582a88d787}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{91ad9b4b-f5fa-49f5-a875-0519e64ae4d3}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{b6ae90d3-ece5-4422-aa6f-6041af3ee85e}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{c4950e03-3c31-41ea-8681-36d2da44cebc}: [NameServer] 163.47.16.144,223.252.40.243
Tcpip\..\Interfaces\{c4950e03-3c31-41ea-8681-36d2da44cebc}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus15.msn.com/?pc=ASTE
HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-3624156614-4154489229-1379725982-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3624156614-4154489229-1379725982-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2017-07-12] (Internet Download Manager, Tonec Inc.)
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-03] (LastPass)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2017-07-12] (Internet Download Manager, Tonec Inc.)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-09-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-03] (LastPass)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-08-03] (LastPass)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-08-03] (LastPass)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-25] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\IEExt\ie_plugin.dll [2017-04-29] (AO Kaspersky Lab)

FireFox:
========
FF DefaultProfile: rpsdzag7.default
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\rpsdzag7.default [2017-09-21]
FF Extension: (YouTube™ Flash® Player) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\rpsdzag7.default\Extensions\[email protected] [2017-08-11]
FF Extension: (Search Site) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\rpsdzag7.default\Extensions\[email protected] [2017-08-17]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\rpsdzag7.default\Extensions\[email protected] [2017-09-13]
FF Extension: (CacheViewer) - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\rpsdzag7.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2016-10-16]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-25]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-01-12] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi
FF Extension: (No Name) - C:\Program Files (x86)\Internet Download Manager\idmmzcc3.xpi [2017-07-15]
FF HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Users\Martin\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Martin\AppData\Roaming\IDM\idmmzcc5 [2017-04-07] [not signed]
FF HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi
FF Extension: (IDM integration) - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2017-01-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_27_0_0_130.dll [2017-09-13] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-03] (LastPass)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_130.dll [2017-09-13] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-22] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-04-22] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-03] (LastPass)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-15] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-15] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Users\Martin\Dropbox\Programs\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Users\Martin\Dropbox\Programs\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-25] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3624156614-4154489229-1379725982-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Martin\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-08-21] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default [2017-09-21]
CHR Extension: (Google Slides) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-05-17]
CHR Extension: (Google Docs) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-05-17]
CHR Extension: (Google Drive) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-17]
CHR Extension: (YouTube) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-05-17]
CHR Extension: (Google Sheets) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-05-17]
CHR Extension: (Kaspersky Protection) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-07-02]
CHR Extension: (Google Docs Offline) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-23]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-09-15]
CHR Extension: (IDM Integration Module) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek [2017-07-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-23]
CHR Extension: (Gmail) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-05-17]
CHR Extension: (Chrome Media Router) - C:\Users\Martin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-10]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-08-06]
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2017-08-06]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [111416 2015-06-27] (ASUSTek Computer Inc.)
R2 ASUS Rog Macro Key; C:\Program Files (x86)\ASUS\ROG MacroKey\MacroSrv.exe [492344 2015-07-03] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.5.541\AsusWSWinService.exe [75264 2015-10-22] (ASUS Cloud Corporation) [File not signed]
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-19] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-09-15] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-17] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-15] (WildTangent)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155376 2015-10-04] (NVIDIA Corporation)
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4608320 2014-11-27] (SafeNet Inc.)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [135408 2015-07-02] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-19] (Intel Corporation)
S2 Kingsoft_WPS_UpdateService; C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdatesvr.exe [133480 2015-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-04-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872688 2015-10-04] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568816 2015-10-04] (NVIDIA Corporation)
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [76032 2015-08-13] (ASUSTeK COMPUTER INC.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1723048 2015-06-11] (Intel Corporation)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed]
R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 xrdd.exe; C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe [83312 2015-09-18] (X-Rite Inc.)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\XtuService.exe [19192 2015-08-13] (Intel® Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AsusSGDrv; C:\Windows\System32\Drivers\AsusSGDrv.sys [138744 2015-08-18] (ASUS Corporation)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-17] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-17] (Intel Corporation)
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [115704 2015-07-15] (GenesysLogic)
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [331608 2014-11-27] (SafeNet Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [732416 2016-10-15] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel® Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [30224 2015-08-13] (Intel Corporation)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197312 2017-07-25] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520152 2017-07-25] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1021624 2017-07-25] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-04-29] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-07-03] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-08-12] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-07-03] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-07-03] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-07-03] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-29] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199640 2017-07-25] (AO Kaspersky Lab)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [51904 2015-01-14] (Titan ARC Corp.)
S3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7918840 2016-12-19] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvamwu.inf_amd64_ac0d35d0e2641f4f\nvlddmkm.sys [14841784 2017-04-17] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19760 2015-10-04] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [887552 2015-07-15] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
R2 WinI2C-DDC; C:\WINDOWS\system32\drivers\DDCDrv.sys [20832 2011-06-22] (Nicomsoft Ltd.)
R2 WinI2C-DDC; C:\WINDOWS\SysWOW64\drivers\DDCDrv.sys [10240 2016-07-11] (Nicomsoft Ltd.) [File not signed]
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-08-13] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 11:08 - 2017-09-21 11:08 - 000000000 ____D C:\FRST
2017-09-21 11:04 - 2017-09-21 11:04 - 000000000 ___HD C:\OneDriveTemp
2017-09-21 11:03 - 2017-09-21 11:06 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-09-16 09:41 - 2017-09-16 09:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-15 07:11 - 2017-09-15 07:11 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-15 07:11 - 2017-09-15 07:11 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-15 07:11 - 2017-09-15 07:11 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-15 07:11 - 2017-09-15 07:11 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-13 21:12 - 2017-09-13 21:12 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-09-13 21:10 - 2017-09-05 15:01 - 001596592 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-13 21:10 - 2017-09-05 15:01 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-09-13 21:10 - 2017-09-05 15:01 - 001147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-13 21:10 - 2017-09-05 15:01 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-13 21:10 - 2017-09-05 15:01 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-13 21:10 - 2017-09-05 15:01 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-13 21:10 - 2017-09-05 15:01 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-13 21:10 - 2017-09-05 15:00 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-13 21:10 - 2017-09-05 14:57 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-13 21:10 - 2017-09-05 14:57 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-09-13 21:10 - 2017-09-05 14:56 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-13 21:10 - 2017-09-05 14:56 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-13 21:10 - 2017-09-05 14:55 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-13 21:10 - 2017-09-05 14:55 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-13 21:10 - 2017-09-05 14:54 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-13 21:10 - 2017-09-05 14:54 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-13 21:10 - 2017-09-05 14:53 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-13 21:10 - 2017-09-05 14:53 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-13 21:10 - 2017-09-05 14:51 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-13 21:10 - 2017-09-05 14:50 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-13 21:10 - 2017-09-05 14:49 - 004848960 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-13 21:10 - 2017-09-05 14:49 - 002443168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-13 21:10 - 2017-09-05 14:48 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-13 21:10 - 2017-09-05 14:48 - 005477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-13 21:10 - 2017-09-05 14:48 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-13 21:10 - 2017-09-05 14:48 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-13 21:10 - 2017-09-05 14:48 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-13 21:10 - 2017-09-05 14:48 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-13 21:10 - 2017-09-05 14:48 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-13 21:10 - 2017-09-05 14:48 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-13 21:10 - 2017-09-05 14:47 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-13 21:10 - 2017-09-05 14:46 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-13 21:10 - 2017-09-05 14:46 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-13 21:10 - 2017-09-05 14:46 - 000724200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-13 21:10 - 2017-09-05 14:46 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-13 21:10 - 2017-09-05 14:46 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-13 21:10 - 2017-09-05 14:46 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-13 21:10 - 2017-09-05 14:46 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-13 21:10 - 2017-09-05 14:46 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-13 21:10 - 2017-09-05 14:46 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-13 21:10 - 2017-09-05 14:45 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-13 21:10 - 2017-09-05 14:45 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-09-13 21:10 - 2017-09-05 14:45 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-13 21:10 - 2017-09-05 14:45 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-13 21:10 - 2017-09-05 14:45 - 000257440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-13 21:10 - 2017-09-05 14:44 - 021352656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-13 21:10 - 2017-09-05 14:44 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-13 21:10 - 2017-09-05 14:44 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-13 21:10 - 2017-09-05 14:44 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-13 21:10 - 2017-09-05 14:44 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-13 21:10 - 2017-09-05 14:44 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-13 21:10 - 2017-09-05 14:44 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-13 21:10 - 2017-09-05 14:43 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-13 21:10 - 2017-09-05 14:43 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-13 21:10 - 2017-09-05 14:42 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-13 21:10 - 2017-09-05 14:42 - 001292880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-09-13 21:10 - 2017-09-05 14:42 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-13 21:10 - 2017-09-05 14:42 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-13 21:10 - 2017-09-05 14:41 - 002675104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-13 21:10 - 2017-09-05 14:41 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-13 21:10 - 2017-09-05 14:41 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-13 21:10 - 2017-09-05 14:23 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-13 21:10 - 2017-09-05 14:23 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-13 21:10 - 2017-09-05 14:22 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-13 21:10 - 2017-09-05 14:20 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-13 21:10 - 2017-09-05 14:16 - 004471888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-13 21:10 - 2017-09-05 14:15 - 023679488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-13 21:10 - 2017-09-05 14:15 - 005821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-13 21:10 - 2017-09-05 14:15 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-13 21:10 - 2017-09-05 14:15 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-13 21:10 - 2017-09-05 14:15 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-13 21:10 - 2017-09-05 14:15 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-13 21:10 - 2017-09-05 14:14 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-13 21:10 - 2017-09-05 14:13 - 000611096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-13 21:10 - 2017-09-05 14:13 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-13 21:10 - 2017-09-05 14:13 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-13 21:10 - 2017-09-05 14:13 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-13 21:10 - 2017-09-05 14:13 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-13 21:10 - 2017-09-05 14:12 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-13 21:10 - 2017-09-05 14:12 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-09-13 21:10 - 2017-09-05 14:12 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-13 21:10 - 2017-09-05 14:12 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-13 21:10 - 2017-09-05 14:12 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-13 21:10 - 2017-09-05 14:11 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-13 21:10 - 2017-09-05 14:11 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-13 21:10 - 2017-09-05 14:11 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-13 21:10 - 2017-09-05 14:11 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-13 21:10 - 2017-09-05 14:11 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-13 21:10 - 2017-09-05 14:10 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-13 21:10 - 2017-09-05 14:07 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-13 21:10 - 2017-09-05 14:01 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-13 21:10 - 2017-09-05 14:00 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-13 21:10 - 2017-09-05 14:00 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-13 21:10 - 2017-09-05 14:00 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-13 21:10 - 2017-09-05 14:00 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-13 21:10 - 2017-09-05 14:00 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-13 21:10 - 2017-09-05 14:00 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-13 21:10 - 2017-09-05 14:00 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-13 21:10 - 2017-09-05 14:00 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-13 21:10 - 2017-09-05 14:00 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-13 21:10 - 2017-09-05 13:59 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-09-13 21:10 - 2017-09-05 13:58 - 017371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-13 21:10 - 2017-09-05 13:58 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-13 21:10 - 2017-09-05 13:58 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-13 21:10 - 2017-09-05 13:58 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-13 21:10 - 2017-09-05 13:57 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-13 21:10 - 2017-09-05 13:57 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-13 21:10 - 2017-09-05 13:57 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-13 21:10 - 2017-09-05 13:57 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-13 21:10 - 2017-09-05 13:57 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-13 21:10 - 2017-09-05 13:57 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-13 21:10 - 2017-09-05 13:57 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-13 21:10 - 2017-09-05 13:57 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-09-13 21:10 - 2017-09-05 13:57 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-13 21:10 - 2017-09-05 13:56 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-13 21:10 - 2017-09-05 13:56 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-13 21:10 - 2017-09-05 13:56 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-13 21:10 - 2017-09-05 13:56 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-13 21:10 - 2017-09-05 13:56 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-13 21:10 - 2017-09-05 13:56 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-13 21:10 - 2017-09-05 13:56 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-13 21:10 - 2017-09-05 13:56 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-13 21:10 - 2017-09-05 13:56 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-13 21:10 - 2017-09-05 13:56 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-13 21:10 - 2017-09-05 13:56 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-13 21:10 - 2017-09-05 13:56 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-13 21:10 - 2017-09-05 13:55 - 013844480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-13 21:10 - 2017-09-05 13:55 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-13 21:10 - 2017-09-05 13:55 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-13 21:10 - 2017-09-05 13:55 - 000527872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-13 21:10 - 2017-09-05 13:55 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-13 21:10 - 2017-09-05 13:55 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-13 21:10 - 2017-09-05 13:55 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-13 21:10 - 2017-09-05 13:55 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-13 21:10 - 2017-09-05 13:55 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-13 21:10 - 2017-09-05 13:54 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-13 21:10 - 2017-09-05 13:54 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-13 21:10 - 2017-09-05 13:54 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-13 21:10 - 2017-09-05 13:54 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-13 21:10 - 2017-09-05 13:54 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-13 21:10 - 2017-09-05 13:54 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-13 21:10 - 2017-09-05 13:54 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-13 21:10 - 2017-09-05 13:54 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-13 21:10 - 2017-09-05 13:54 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-13 21:10 - 2017-09-05 13:54 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-13 21:10 - 2017-09-05 13:53 - 020509184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-13 21:10 - 2017-09-05 13:53 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-13 21:10 - 2017-09-05 13:53 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-13 21:10 - 2017-09-05 13:53 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-13 21:10 - 2017-09-05 13:53 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-13 21:10 - 2017-09-05 13:53 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-13 21:10 - 2017-09-05 13:53 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-13 21:10 - 2017-09-05 13:53 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-13 21:10 - 2017-09-05 13:53 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-13 21:10 - 2017-09-05 13:53 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 023684608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-13 21:10 - 2017-09-05 13:52 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-13 21:10 - 2017-09-05 13:52 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 006728704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 000408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-13 21:10 - 2017-09-05 13:51 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-13 21:10 - 2017-09-05 13:50 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-13 21:10 - 2017-09-05 13:50 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-13 21:10 - 2017-09-05 13:50 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-13 21:10 - 2017-09-05 13:50 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-13 21:10 - 2017-09-05 13:50 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-13 21:10 - 2017-09-05 13:50 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-13 21:10 - 2017-09-05 13:50 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-13 21:10 - 2017-09-05 13:50 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-13 21:10 - 2017-09-05 13:50 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-13 21:10 - 2017-09-05 13:49 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-13 21:10 - 2017-09-05 13:49 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-13 21:10 - 2017-09-05 13:49 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 012801536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-13 21:10 - 2017-09-05 13:48 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-13 21:10 - 2017-09-05 13:48 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-13 21:10 - 2017-09-05 13:48 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-13 21:10 - 2017-09-05 13:47 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-13 21:10 - 2017-09-05 13:47 - 008207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-13 21:10 - 2017-09-05 13:47 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-13 21:10 - 2017-09-05 13:47 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-13 21:10 - 2017-09-05 13:47 - 001397760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-13 21:10 - 2017-09-05 13:47 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-13 21:10 - 2017-09-05 13:47 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-13 21:10 - 2017-09-05 13:47 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-13 21:10 - 2017-09-05 13:47 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-13 21:10 - 2017-09-05 13:47 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-13 21:10 - 2017-09-05 13:46 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-13 21:10 - 2017-09-05 13:45 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-13 21:10 - 2017-09-05 13:45 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-13 21:10 - 2017-09-05 13:45 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-13 21:10 - 2017-09-05 13:45 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 011887104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 002445824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-13 21:10 - 2017-09-05 13:44 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-09-13 21:10 - 2017-09-05 13:43 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-13 21:10 - 2017-09-05 13:43 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-13 21:10 - 2017-09-05 13:43 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-13 21:10 - 2017-09-05 13:43 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-13 21:10 - 2017-09-05 13:43 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-13 21:10 - 2017-09-05 13:42 - 006265856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-13 21:10 - 2017-09-05 13:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-13 21:10 - 2017-09-05 13:42 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-13 21:10 - 2017-09-05 13:42 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-13 21:10 - 2017-09-05 13:42 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-13 21:10 - 2017-09-05 13:41 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-13 21:10 - 2017-09-05 13:41 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-13 21:10 - 2017-09-05 13:41 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-13 21:10 - 2017-09-05 13:41 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-13 21:10 - 2017-09-05 13:41 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-13 21:10 - 2017-09-05 13:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-13 21:10 - 2017-09-05 13:41 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-13 21:10 - 2017-09-05 13:41 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-13 21:10 - 2017-09-05 13:40 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-13 21:10 - 2017-09-05 13:40 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-13 21:10 - 2017-09-05 13:40 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-13 21:10 - 2017-09-05 13:40 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-13 21:10 - 2017-09-05 13:39 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-13 21:10 - 2017-09-05 13:37 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-13 21:10 - 2017-09-05 13:37 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-13 21:10 - 2017-09-05 13:36 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-13 21:10 - 2017-09-05 13:36 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-13 21:10 - 2017-09-05 13:36 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-13 21:10 - 2017-09-05 13:34 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-13 21:10 - 2017-09-05 13:34 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-13 21:10 - 2017-09-01 15:25 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-13 15:15 - 2017-09-13 15:15 - 000000000 ____D C:\Users\Martin\AppData\Roaming\mm
2017-09-13 15:14 - 2017-09-13 15:14 - 000000222 _____ C:\Users\Martin\Desktop\Memoir '44 Online.url
2017-09-13 15:14 - 2017-09-13 15:14 - 000000000 ____D C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-13 14:50 - 2017-09-13 14:51 - 000000000 ____D C:\Users\Martin\AppData\Local\Steam
2017-09-13 14:47 - 2017-09-21 11:03 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-13 14:47 - 2017-09-13 14:47 - 000001038 _____ C:\Users\Public\Desktop\Steam.lnk
2017-09-13 14:47 - 2017-09-13 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-13 12:56 - 2017-09-13 12:56 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign6e3f8d015c22d0e5
2017-09-13 12:55 - 2017-09-13 12:55 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign6e8c28bc82c8119c
2017-09-13 12:55 - 2017-09-13 12:55 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign4eec80d53f464be7
2017-09-13 12:09 - 2017-09-13 12:09 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsignc3ac90c8665ec6d0
2017-09-13 12:03 - 2017-09-13 12:03 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsignc5cb63f9cfee292c
2017-09-13 12:03 - 2017-09-13 12:03 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign99db7ef96019ad03
2017-09-12 15:33 - 2017-09-12 15:33 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign65769bee8e1eda4e
2017-09-12 15:33 - 2017-09-12 15:33 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign43b37dd12b72a491
2017-09-12 14:25 - 2017-09-12 14:25 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign37d2b844480d25ef
2017-09-12 14:23 - 2017-09-12 14:23 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign87c3043db8452d0e
2017-09-12 14:23 - 2017-09-12 14:23 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign082d1254161211f6
2017-09-01 15:25 - 2017-09-01 15:25 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign6960f49a47b6ad4a
2017-09-01 15:13 - 2017-09-01 15:13 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign675cc285df1b4849
2017-09-01 15:13 - 2017-09-01 15:13 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign40aeacc185764908
2017-08-30 22:11 - 2017-08-30 22:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3624156614-4154489229-1379725982-1001
2017-08-29 22:10 - 2017-08-29 22:10 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign24ed10b0d6ab7d9a
2017-08-29 22:06 - 2017-08-29 22:06 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign5838cee0d25b0f33
2017-08-29 22:06 - 2017-08-29 22:06 - 000000000 ____D C:\Users\Martin\AppData\Local\Tempzxpsign28fec2717a6e4d4c
2017-08-25 13:45 - 2017-08-25 13:45 - 000595518 _____ C:\Users\Martin\Documents\Re_ Other_ doric17 sent a message about Blood & Roses Men of Iron Volume III war game 2013 GMT punched but unplayed #292221461636.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-21 11:07 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-21 11:06 - 2017-06-15 14:29 - 000004170 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{83C21779-9B49-4710-9972-0CF8D4F97507}
2017-09-21 11:06 - 2016-08-21 20:51 - 000000000 ____D C:\Users\Martin\AppData\Local\Adobe
2017-09-21 11:04 - 2016-06-15 15:23 - 000000000 ___RD C:\Users\Martin\OneDrive
2017-09-21 11:03 - 2016-06-19 10:18 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2017-09-21 11:03 - 2016-06-15 15:21 - 000000164 _____ C:\Users\Martin\AppData\Roaming\sp_data.sys
2017-09-20 23:01 - 2017-06-15 14:22 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-20 23:00 - 2016-09-09 13:47 - 000000000 ____D C:\Users\Martin\AppData\Roaming\DMCache
2017-09-20 22:39 - 2017-01-24 20:32 - 000000000 ____D C:\Users\Martin\Documents\Zoe's
2017-09-20 21:41 - 2017-06-15 14:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-20 12:00 - 2017-06-15 14:29 - 000003550 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update1
2017-09-20 12:00 - 2017-06-15 14:29 - 000003540 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update2
2017-09-19 15:39 - 2016-10-03 19:03 - 000000000 ____D C:\Users\Martin\AppData\Roaming\vlc
2017-09-19 14:28 - 2017-03-19 06:33 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-16 09:41 - 2015-11-25 15:02 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-15 23:24 - 2017-06-15 14:23 - 000000000 ____D C:\Users\Martin
2017-09-15 17:38 - 2017-07-20 15:40 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3624156614-4154489229-1379725982-1001
2017-09-15 17:38 - 2016-06-15 15:23 - 000002372 _____ C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-15 14:48 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\rescache
2017-09-14 10:28 - 2017-07-01 21:34 - 000000000 ____D C:\Program Files\Common Files\AV
2017-09-14 10:25 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-14 10:24 - 2017-03-19 06:31 - 000000000 ____D C:\WINDOWS\INF
2017-09-14 10:19 - 2015-12-25 15:16 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-14 10:17 - 2017-06-15 14:32 - 001108370 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-14 10:12 - 2017-06-15 14:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-14 10:12 - 2017-06-15 14:21 - 000393424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-13 22:51 - 2017-03-18 21:10 - 002883584 _____ C:\WINDOWS\system32\config\BBI
2017-09-13 22:49 - 2017-03-19 06:33 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-13 22:49 - 2017-03-19 06:33 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-13 22:49 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-13 22:49 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-13 22:49 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-13 22:49 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-13 22:49 - 2017-03-19 06:33 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-13 22:49 - 2017-03-19 06:33 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-13 21:16 - 2016-06-15 18:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-13 21:14 - 2017-03-19 06:21 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-13 21:14 - 2016-06-15 18:52 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-13 21:13 - 2015-10-30 16:54 - 000000199 _____ C:\WINDOWS\win.ini
2017-09-13 14:46 - 2016-06-19 12:47 - 000000000 ___RD C:\Users\Martin\Dropbox
2017-09-13 14:00 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-13 14:00 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-07 17:34 - 2017-06-21 19:20 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-09-07 17:34 - 2016-09-09 13:47 - 000000000 ____D C:\Program Files (x86)\Internet Download Manager
2017-09-07 17:34 - 2016-06-15 15:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-03 00:45 - 2017-03-19 06:36 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-03 00:45 - 2017-03-19 06:36 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-02 16:36 - 2017-01-17 07:00 - 000000000 ____D C:\KMPlayer
2017-08-30 10:11 - 2017-03-19 06:33 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-29 09:35 - 2017-05-17 10:45 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-29 09:35 - 2017-05-17 10:45 - 000002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk

==================== Files in the root of some directories =======

2016-06-19 10:51 - 2016-08-03 19:42 - 021874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2016-09-25 14:12 - 2016-09-25 14:12 - 000038412 _____ () C:\Users\Martin\AppData\Roaming\Comma Separated Values (Windows).ADR
2016-06-15 15:21 - 2017-09-21 11:03 - 000000164 _____ () C:\Users\Martin\AppData\Roaming\sp_data.sys
2016-09-01 23:03 - 2016-09-01 23:03 - 000000000 _____ () C:\Users\Martin\AppData\Local\{4DE834CF-A185-43F8-A115-00A0F032F008}
2017-06-15 14:22 - 2017-06-15 14:22 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}.job

Some files in TEMP:
====================
2017-09-13 15:16 - 2017-09-13 15:16 - 000113152 ____N () C:\Users\Martin\AppData\Local\Temp\bridj.dll5664104975926232326.dll
2017-08-12 11:18 - 2017-08-12 11:22 - 030950664 _____ () C:\Users\Martin\AppData\Local\Temp\vlc-2.2.6-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-17 20:17

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by Martin (21-09-2017 11:09:22)
Running from C:\Users\Martin\Dropbox\Programs
Windows 10 Home Version 1703 (X64) (2017-06-15 05:02:42)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3624156614-4154489229-1379725982-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3624156614-4154489229-1379725982-503 - Limited - Disabled)
Guest (S-1-5-21-3624156614-4154489229-1379725982-501 - Limited - Disabled)
Martin (S-1-5-21-3624156614-4154489229-1379725982-1001 - Administrator - Enabled) => C:\Users\Martin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Anti-Virus (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Anti-Virus (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (HKLM-x32\...\7-Zip) (Version: 15.14 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\{F9000000-0018-0000-0000-074957833700}) (Version: 9.00.631.5823 - ABBYY) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.00.631.5823 - ABBYY)
ACPI Driver Installer (HKLM-x32\...\553E35CD-0415-41bc-B39A-410375E88534) (Version: 2.1 - Intel Corporation)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0_1) (Version: 18.0.1 - Adobe Systems Incorporated)
Apowersoft Online Launcher version 1.4.5 (HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1) (Version: 1.4.5 - APOWERSOFT LIMITED)
Apple Application Support (32-bit) (HKLM-x32\...\{D2FE6376-E549-4F63-A2C5-CA24DA035DE4}) (Version: 5.6 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
ArcSoft MediaImpression 2 (HKLM-x32\...\{FB46F473-333E-4A06-A777-31C54188593E}) (Version: 2.0.14.672 - ArcSoft)
ArcSoft Scan-n-Stitch Deluxe (HKLM-x32\...\{FF8455A9-21E8-457D-AC64-510A705D53B3}) (Version: 1.1.2.35 - ArcSoft)
ASUS GIFTBOX (HKLM-x32\...\ASUS GIFTBOX) (Version: 7.5.24 - ASUSTek Computer Inc)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.4.3 - ASUS)
Asus Sonic Suite Plugins (HKLM-x32\...\{538766d1-8795-4e62-b3d3-cf65517bae51}) (Version: 2.0.7 - ASUSTeKcomputer.Inc)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.13.0004 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0041 - ASUS)
Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.19 - Audible, Inc.)
Audible Plugin for iTunes (HKLM-x32\...\{52076254-FA2B-4540-AD7E-CCD0BD74EBC6}) (Version: 1.0.0 - Audible)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CheckDevicesConfigurator (HKLM\...\{C3B3D79A-7BFB-48AF-9C41-B0FE3D5D071C}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
Chess Tutor Step 1 (HKLM-x32\...\{8A6FDA71-871C-4F35-9392-A27B7E9B7A54}_is1) (Version: - Cor van Wijgerden)
ClassicsOnline HD*LL (HKLM-x32\...\{B95398F2-A21C-4B74-B5C5-89BB63313769}) (Version: 0.3 - ClassicsOnlineHD)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Document Capture Pro (HKLM-x32\...\{B4A3C072-87AF-4937-880D-3D7997111C0D}) (Version: 1.01.0000 - Seiko Epson Corporation)
Dropbox (HKLM-x32\...\Dropbox) (Version: 34.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{148C8BF9-E1B4-445D-AC67-2CABAE63949A}) (Version: 3.01.0009 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
Epson User's Guide EPSON Perfection V370 Photo (HKLM-x32\...\EPSON Perfection V370 Photo Useg) (Version: - )
Evernote v. 5.9.1 (HKLM-x32\...\{5EA1DED0-5285-11E5-8AA1-0050569584E9}) (Version: 5.9.1.8742 - Evernote Corp.)
Foxit PhantomPDF (HKLM-x32\...\{E40149BB-552F-44C8-A10F-4188ADC5AD70}) (Version: 7.0.510.429 - Foxit Software Inc.)
GameFirst IV (HKLM-x32\...\{2B5BE4E7-3E40-4BC4-A534-5342E3078F89}) (Version: 1.5.12 - ASUS) Hidden
GameFirst IV (HKLM-x32\...\GameFirst IV 1.5.12) (Version: 1.5.12 - ASUS)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HandBrake 0.10.5 (HKLM-x32\...\HandBrake) (Version: 0.10.5 - )
i1Profiler (HKLM-x32\...\i1Profiler_is1) (Version: 1.6.6 - X-Rite)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{588DA478-D4FF-48E3-8290-49F8C4B21283}) (Version: 18.1.1527.1551 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{5853172b-5520-4089-9ef4-e26c594382b3}) (Version: 19.30.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version: - Intel Corporation)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\3FD0C489-0F02-481a-A3E1-9754CD396761) (Version: - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
iTunes (HKLM\...\{02F95875-9527-49CC-B32F-970ADAEBD1EF}) (Version: 12.6.2.20 - Apple Inc.)
Kaspersky Anti-Virus (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Anti-Virus (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.5.8 - PandoraTV)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LauncherSetup (HKLM\...\{FAF92126-24C9-4241-A922-FA6F2C896B4A}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
Memoir '44 Online (HKLM\...\Steam App 108210) (Version: - Days of Wonder)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
NahimicSettingsConfigurator (HKLM\...\{B1FF19B8-BC5F-49AC-B679-0A5DA36E8A43}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
NVIDIA 3D Vision Driver 354.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 354.35 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.15.46 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.15.46 - NVIDIA Corporation)
NVIDIA Graphics Driver 354.35 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 354.35 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Pantone Color Manager 1.0.0 (HKLM-x32\...\Pantone Color Manager_is1) (Version: - PANTONE)
ProductDaemonSetup (HKLM\...\{0F5183BD-29DA-48CC-93DB-3924DA7EA212}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
ROG Gaming Center (HKLM-x32\...\{CC182DBF-FC67-4F79-9930-6A2682E60BDD}) (Version: 1.0.1 - ASUS)
ROG MacroKey (HKLM-x32\...\{1101D2B9-7E8C-4361-88D5-AB0A2EB705EC}) (Version: 1.0.4 - ASUS)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 4.1.500 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.5.15.46 - NVIDIA Corporation) Hidden
SonicRadarSetup (HKLM\...\{490C61FF-D5A6-4335-A51E-0FC7DC65F591}) (Version: 1.0.0.0 - ASUSTeKcomputer.Inc) Hidden
SonicStudioSetup (HKLM\...\{34BCBD15-E877-4277-A4E1-A8C1E2DE0FE2}) (Version: 2.0.701 - ASUSTeKcomputer.Inc) Hidden
Spotify (HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\Spotify) (Version: 1.0.55.487.g256699aa - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SubtitleCreator (HKLM-x32\...\SubtitleCreator) (Version: V2.2 - Erik Vullings)
TCCalc (HKLM-x32\...\E17C2DEA-DD03-430A-8383-D5F3BFEF7401) (Version: 4.1 - Drastic Technologies ltd)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43835 - TeamViewer)
Thunderbolt™ Software (HKLM-x32\...\{E265C71F-14DA-462C-A06A-CBA776B695F1}) (Version: 15.2.32.250 - Intel Corporation)
Tixati (HKLM-x32\...\tixati) (Version: - )
UBot Studio 5 (HKLM-x32\...\{5466A53E-389D-4BF6-9A67-E39D735A70BB}) (Version: 5.0.0.0 - Seth Turin Media, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.9.564 - ASUS Cloud Corporation)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-asus) (Version: 4.0.11.16 - WildTangent)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
WPS Office for ASUS (HKLM-x32\...\Kingsoft Office) (Version: 9.1.0.5178 - Kingsoft Corp.)
XRD i1d3 (HKLM-x32\...\{DAEEE97F-6A57-46C9-BE1D-371249F8CAB4}) (Version: 1.0.135 - X-Rite) Hidden
X-Rite Device Services Manager (HKLM-x32\...\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}) (Version: 2.4.1 - X-Rite)
XSplit Gamecaster (HKLM-x32\...\{0E12BEC0-F2EE-43FA-AEA0-24B5E9F80167}) (Version: 2.5.1507.3011 - SplitmediaLabs)
Zoom (HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3624156614-4154489229-1379725982-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-95737AE22E2B}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3624156614-4154489229-1379725982-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [           IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2017-06-24] (Tonec Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.9.564\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers1-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-25] (Adobe Systems Inc.)
ContextMenuHandlers1-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ContextMenuHandlers1-x32: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2015-05-01] (Foxit Software Inc.)
ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-29] (AO Kaspersky Lab)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-29] (AO Kaspersky Lab)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\Windows\system32\mscoree.dll [2017-03-19] (Microsoft Corporation)
ContextMenuHandlers4-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers4-x32: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ContextMenuHandlers4-x32: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-29] (AO Kaspersky Lab)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-15] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-04-13] (NVIDIA Corporation)
ContextMenuHandlers6-x32: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files (x86)\7-Zip\7-zip.dll [2015-12-31] (Igor Pavlov)
ContextMenuHandlers6-x32: [Adobe.Acrobat.ContextMenu] -> {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll [2015-09-25] (Adobe Systems Inc.)
ContextMenuHandlers6-x32: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\x64\shellex.dll [2017-04-29] (AO Kaspersky Lab)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {072B26D5-D133-475E-8ACD-439D13E7F65C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {1002996C-74B6-4F1A-ADFA-E9FB68636384} - System32\Tasks\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA} => C:\Users\Martin\AppData\Local\Temp\is-E5FF5.tmp\XRD Manager.exe <==== ATTENTION
Task: {14CAD22B-5492-4784-8D49-4F73B3BD0226} - System32\Tasks\S-1-5-21-3624156614-4154489229-1379725982-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-19] (Microsoft Corporation)
Task: {1AFAA5DC-97F7-4C1B-9475-8D3450E0C7FD} - System32\Tasks\X-Rite Device Services Software Updater => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe [2015-09-18] (X-Rite Inc.)
Task: {229450ED-AD47-44A6-B71B-A3368C021DE4} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {23DB92EB-93B6-4FC3-8F15-29BF68AE4AD9} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {2D7E4517-6DBE-4EA1-A23B-8A35D12B4F0F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-09-13] (Adobe Systems Incorporated)
Task: {3431D1F3-402C-4255-A6A5-8B4AEFEBE108} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-08-26] (ASUS)
Task: {38B57BFA-CF38-4DAE-86CF-C44BAC860F97} - System32\Tasks\SS2svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe [2015-08-15] ()
Task: {3B087A2E-A6B5-4436-AE58-545DE69D6E75} - System32\Tasks\ASUS\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe [2017-07-03] (ASUSTek Computer Inc)
Task: {4ECF1EA5-3B2E-4B5B-B8C1-B5012B00789A} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe [2015-08-05] (SplitmediaLabs)
Task: {70B6D757-79BE-4CFF-A5B5-11396C24D85E} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-02] (Realtek Semiconductor)
Task: {7365CB29-C698-4385-ADD6-546A99DE2088} - System32\Tasks\SS2svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe [2015-08-15] ()
Task: {84044C41-6680-40D3-9570-674847D6BCB9} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {87118547-C559-4DFD-8C95-5F8D1D647D87} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()
Task: {88C5DA63-D959-45D6-9793-9D75481ACDE1} - System32\Tasks\ROG Gaming Center => C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe [2015-08-13] (ASUSTek Computer Inc.)
Task: {9442087D-18C6-4ED7-A47D-53135930E2A4} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe
Task: {968D1F17-18C3-4D13-B179-8E85F6234047} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {98016EAB-7F60-465E-8194-F3EC53F31E60} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-17] (Google Inc.)
Task: {999555E2-3C9D-4F97-95B9-4509B2E7DE8E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {9FA6CBD1-5C38-41E2-968B-6C427ADB8000} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-05-17] (Google Inc.)
Task: {A794DBAC-2749-452E-A13E-95EB7A9B616B} - System32\Tasks\WpsNotifyTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe [2015-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {AB8534B6-DF77-4D6C-9AEA-1E4CA00E2A8D} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-OTB3QSE-Martin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {B46BAE91-8CAC-48ED-917F-AAA821A66DB2} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-11-23] ()
Task: {B551AD13-0663-4781-B830-9C89E42F557E} - System32\Tasks\WpsUpdateTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe [2015-11-25] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {BAB04E49-C970-47A4-B3FD-C2521AFF1F36} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-26] (ASUSTek Computer Inc.)
Task: {C11E9D24-91FB-4586-B34D-B3E76A4D4F50} - System32\Tasks\ASUS ROG Macro Key Listener => C:\Program Files (x86)\ASUS\ROG MacroKey\AsListen.exe [2015-10-20] (ASUS)
Task: {CA876458-0303-4CE9-9936-24978771B1B8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-19] (Dropbox, Inc.)
Task: {CEEF6EE8-7F2E-4BBD-97A1-51BED591A860} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe
Task: {D5BF20C2-BF8D-4888-9E5A-16F92D115D99} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-11] (ASUSTek Computer Inc.)
Task: {DCA08C30-1E02-4B42-92C3-B16D7B1CF7BD} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-11-02] (Realtek Semiconductor)
Task: {E06BB1A0-27D2-4568-921D-37C1E71591E2} - System32\Tasks\SS2UILauncherRun => C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe [2015-08-15] ()
Task: {E7E45266-BFC2-4249-B257-9289E6BFCF56} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-15] (ASUSTek Computer Inc.)
Task: {EF8C4130-A1E4-4394-BD28-E43D53469802} - System32\Tasks\Microsoft\Office\Microsoft Office Touchless Attach Notification => C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe [2015-03-14] (Microsoft Corporation)
Task: {F0F1A6B6-E100-4EDD-9708-3903244C4247} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-06-19] (Dropbox, Inc.)
Task: {FF67653C-AD7E-4143-B0AF-D3733B9202B6} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2016-08-01] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\WpsNotifyTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsnotify.exe
Task: C:\WINDOWS\Tasks\WpsUpdateTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5178\wtoolex\wpsupdate.exe
Task: C:\WINDOWS\Tasks\X-Rite Device Services Software Updater.job => C:\Program Files (x86)\X-Rite\Devices\Services\XRD Software Update.exe
Task: C:\WINDOWS\Tasks\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}.job => C:\Users\Martin\AppData\Local\Temp\is-E5FF5.tmp\XRD Manager.exeɂ/exenoupdates /noprereqs /qr   AI_RESUME=1 ADDLOCAL=MainFeature,XRDdrivers64 ACTION=INSTALL EXECUTEACTION=INSTALL ROOTDRIVE D:\ AI_PREREQFILES=C:\Users\Martin\AppData\Local\Temp\{1E18A923-CDF1-4D1C-93B2-AD4CC5BD33EA}\drivers64.msi AI_PREREQDIRS=C:\Users\Martin\AppData\Local\Temp OLDPRODUCTS={558B988B-F866-4754-9D47-9E48F94408CF} AI_SETUPEXEPATH=C:\Users\Martin\AppData\Local\Temp\is-E5FF5.tmp\XRD Manager.exe SETUPEXEDIR=C:\Users\Martin\AppData\Local\Temp\is-E5FF5.tmp <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Martin\OneDrive\Penshurst Project\Desktop\Pandora TV.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://jp.pandora.tv/?kmp
ShortcutWithArgument: C:\Users\Martin\Documents\Backup for Dropbox\Penshurst Project\Desktop\Pandora TV.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://jp.pandora.tv/?kmp

==================== Loaded Modules (Whitelisted) ==============

2016-11-17 00:28 - 2016-11-17 00:28 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-07-13 20:50 - 2017-07-13 20:50 - 001354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-03-09 10:41 - 2011-03-09 10:41 - 001066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2011-03-09 10:41 - 2011-03-09 10:41 - 000491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2015-08-15 02:45 - 2015-08-15 02:45 - 000341472 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll
2015-08-15 02:45 - 2015-08-15 02:45 - 000242144 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll
2017-03-19 06:28 - 2017-03-19 06:28 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 06:29 - 2017-03-19 12:01 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-23 12:39 - 2017-08-23 12:39 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-08-23 12:39 - 2017-08-23 12:39 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-08-23 12:39 - 2017-08-23 12:39 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-08-23 12:39 - 2017-08-23 12:39 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2015-08-15 02:43 - 2015-08-15 02:43 - 000970720 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2UILauncher.exe
2015-08-15 02:43 - 2015-08-15 02:43 - 002608128 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2svc32.exe
2015-08-15 02:46 - 2015-08-15 02:46 - 000301056 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2svc64.exe
2017-07-14 10:27 - 2017-07-14 10:27 - 000092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-07-14 10:26 - 2017-07-14 10:26 - 001354040 _____ () C:\Program Files\iTunes\libxml2.dll
2016-08-27 12:45 - 2016-07-07 11:53 - 002520064 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\i1ProfilerTray.exe
2016-10-25 08:57 - 2016-10-25 08:57 - 031723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-08-29 09:35 - 2017-08-23 18:18 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-29 09:35 - 2017-08-23 18:18 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2016-08-01 10:35 - 2016-08-01 10:35 - 000017920 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 000865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 17.0.0\kpcengine.2.3.dll
2010-03-05 08:24 - 2010-03-05 08:24 - 000886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll
2015-07-13 10:33 - 2015-07-13 10:33 - 001592832 _____ () C:\Program Files (x86)\X-Rite\Devices\rm200\GoldenEye.dll
2013-06-21 14:03 - 2013-06-21 14:03 - 002633728 _____ () C:\Program Files (x86)\X-Rite\Devices\colormunki\colormunki.dll
2015-09-19 17:04 - 2015-09-19 17:04 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-08-26 03:10 - 2015-08-26 03:10 - 000027648 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-08-26 03:10 - 2015-08-26 03:10 - 000124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2017-07-03 19:21 - 2017-07-03 19:21 - 001937408 _____ () C:\Program Files (x86)\ASUS\Giftbox\ffmpeg.dll
2015-12-25 15:20 - 2015-10-04 17:54 - 000012080 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-08-15 02:43 - 2015-08-15 02:43 - 000302048 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
2015-08-15 02:43 - 2015-08-15 02:43 - 000210912 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2DevProps.dll
2017-07-03 19:21 - 2017-07-03 19:21 - 002177536 _____ () C:\Program Files (x86)\ASUS\Giftbox\libglesv2.dll
2017-07-03 19:21 - 2017-07-03 19:21 - 000079360 _____ () C:\Program Files (x86)\ASUS\Giftbox\libegl.dll
2017-07-03 19:21 - 2017-07-03 19:21 - 003561984 _____ () C:\Program Files (x86)\ASUS\Giftbox\node.dll
2017-07-03 19:21 - 2017-07-03 19:21 - 000292352 _____ () \\?\C:\Program Files (x86)\ASUS\Giftbox\node_modules\appcloud-native-utils\anu.node
2015-08-15 02:43 - 2015-08-15 02:43 - 000120320 _____ () C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\sradarlauncher.dll
2016-08-12 11:35 - 2016-08-12 11:35 - 040523480 _____ () C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\libcef.dll
2017-09-13 14:48 - 2017-08-05 06:49 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-09-13 14:48 - 2017-09-07 14:21 - 002505504 _____ () C:\Program Files (x86)\Steam\video.dll
2017-09-13 14:48 - 2016-09-01 10:32 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-09-13 14:48 - 2016-01-27 17:19 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-09-13 14:48 - 2016-01-27 17:19 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-09-13 14:48 - 2016-01-27 17:19 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-09-13 14:48 - 2016-01-27 17:19 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-09-13 14:48 - 2016-01-27 17:19 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-09-13 14:48 - 2016-09-01 10:32 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-09-13 14:48 - 2016-09-01 10:32 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-09-13 14:48 - 2017-09-07 14:21 - 000885024 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-09-13 14:49 - 2017-05-17 11:24 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-09-13 14:49 - 2017-07-18 08:20 - 073115424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-09-13 14:48 - 2015-09-25 09:22 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-09-16 09:41 - 2017-09-15 07:11 - 000771392 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-16 09:41 - 2017-09-15 07:11 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2016-06-19 12:44 - 2017-09-15 07:10 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-06-19 12:44 - 2017-09-15 07:13 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-16 09:41 - 2017-09-15 07:10 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-16 09:41 - 2017-09-15 07:11 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-06-19 12:44 - 2017-09-15 07:10 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 10:06 - 2017-09-15 07:13 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-16 09:41 - 2017-09-15 07:10 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-16 09:41 - 2017-09-15 07:11 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-06-19 12:44 - 2017-09-15 07:13 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-06 10:06 - 2017-09-15 07:13 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-09 12:05 - 2017-09-15 07:13 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-05-18 09:17 - 2017-09-15 07:13 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2016-06-19 12:44 - 2017-09-15 07:13 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-28 09:41 - 2017-09-15 07:13 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-21 10:55 - 2017-09-15 07:13 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-06-19 12:44 - 2017-09-15 07:13 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-21 10:55 - 2017-09-15 07:13 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-21 10:55 - 2017-09-15 07:13 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-21 10:55 - 2017-09-15 07:13 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-06-19 12:44 - 2017-09-15 07:10 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-06-19 12:44 - 2017-09-15 07:13 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-16 09:41 - 2017-09-15 07:11 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-16 09:41 - 2017-09-15 07:12 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-09-16 09:41 - 2017-09-15 07:11 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-09-16 09:41 - 2017-09-15 07:12 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-27 09:52 - 2017-09-15 07:13 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-09-16 09:41 - 2017-09-15 07:12 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-06 10:06 - 2017-09-15 07:13 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-07 09:40 - 2017-09-15 07:13 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-16 09:41 - 2017-09-15 07:12 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-27 12:45 - 2016-07-11 03:09 - 002147328 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\QtCore4.dll
2016-08-27 12:45 - 2016-07-11 03:09 - 007982592 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\QtGui4.dll
2016-08-27 12:46 - 2016-07-11 03:09 - 044202496 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\Prism.dll
2016-08-27 12:45 - 2016-07-11 03:09 - 003449344 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\CxF2_VC90MD_2.1.dll
2016-08-27 12:45 - 2016-07-11 03:09 - 000898560 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\libxml2.dll
2016-08-27 12:45 - 2016-07-11 03:09 - 000073728 _____ () C:\Program Files (x86)\X-Rite\i1Profiler\zlib1.dll
2016-10-25 09:51 - 2016-10-25 09:51 - 040523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2016-10-12 00:08 - 2016-10-12 00:08 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 00:08 - 2016-10-12 00:08 - 000223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 00:08 - 2016-10-12 00:08 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 00:08 - 2016-10-12 00:08 - 000124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 09:49 - 2016-10-25 09:49 - 000098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 00:08 - 2016-10-12 00:08 - 000166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-09-04 09:15 - 2015-09-04 09:15 - 000439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-09-04 09:15 - 2015-09-04 09:15 - 000321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-09-04 09:15 - 2015-09-04 09:15 - 000212488 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2015-09-04 09:15 - 2015-09-04 09:15 - 021120008 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2015-09-04 09:15 - 2015-09-04 09:15 - 000988696 _____ () C:\Program Files (x86)\Evernote\Evernote\avcodec-54.dll
2015-09-04 09:15 - 2015-09-04 09:15 - 000138776 _____ () C:\Program Files (x86)\Evernote\Evernote\avutil-51.dll
2015-09-04 09:15 - 2015-09-04 09:15 - 000195096 _____ () C:\Program Files (x86)\Evernote\Evernote\avformat-54.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 16:54 - 2015-10-30 16:51 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3624156614-4154489229-1379725982-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\asus\wallpapers\asus.jpg
DNS Servers: 163.47.16.144 - 223.252.40.243
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{00E259F9-B93E-4B9D-8057-96ECAE7E16B0}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7194AFA8-9818-4F27-9AB3-A2D6D200F920}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{A4694B84-D312-4136-9AAB-462039002062}] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{D5E8EC9F-A540-406F-9568-F5BCE662BE70}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{9FABD42A-FBAD-4D57-AEB0-CB32D7953D5D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{78B84070-4CEF-4E34-8EFC-C36DE4EF7614}] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A10F6991-DB11-480D-87CD-4942F025875C}] => (Block) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{93AC9E75-431B-46C5-8D6D-145A8B63CE47}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E5D3377C-0AB1-4F03-9ADC-544B722FDA9D}C:\users\martin\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\martin\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DA9AC858-817E-4F40-BB9B-01614DB1D901}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{1B2C4A62-C77F-44CE-BE1E-8ADAE56B590B}C:\program files\tixati\tixati.exe] => (Block) C:\program files\tixati\tixati.exe
FirewallRules: [{4D543976-548C-46C9-893A-B073095C70BD}] => (Allow) LPort=1900
FirewallRules: [{F1C59F98-6320-4288-B1C6-B94A8FB2CD7A}] => (Allow) LPort=2869
FirewallRules: [{C85AD99C-2980-4460-A5D4-7567122BD797}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{E953C136-0BA9-40EB-810F-3DCEF778A726}] => (Allow) C:\WINDOWS\system32\hasplms.exe
FirewallRules: [{33B6A52B-2431-4BD4-89DE-28833C744C60}] => (Allow) LPort=5454
FirewallRules: [{5848BDF2-AA88-4B81-91C1-C1DB058118BF}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe
FirewallRules: [{F8A88748-C1FA-4DC8-802C-4E7A11A0EAE0}] => (Allow) C:\Program Files (x86)\Pantone Color Manager\PantoneColorManager.exe
FirewallRules: [{AF81A7A8-A733-49D6-A1B4-EC0C31A9E5F7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B855DFF-5A9A-48AE-86DD-57676AD62915}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{CEA499BC-6EAC-471F-AA7C-9BC5AD4FDCFF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E51BEF8C-E3D7-491E-9D4A-45F439467BE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{3A07D589-AB07-49FA-AE91-DE04C2C3A54C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{EA01AC6D-83DC-4A39-80EE-95BADB912462}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F971A4EE-372D-453F-90B5-F2F0C7F15080}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{D6180E20-4881-4A94-8303-5E87CE075FC1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{5FFF7424-6A8F-4737-A9B7-2E2720EB9FBE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{18CF9B46-1A4F-4107-A9BE-2E450CF492F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{78D73C70-0A44-4835-B244-990C1F411184}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CBF686E1-C7FF-4118-9879-09761D99C648}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{70F6DDFB-C93F-4F38-82F7-0458F9D636B9}] => (Allow) C:\Windows\system32\ftp.exe
FirewallRules: [{C5C6161D-D234-438A-92DD-BF4F9921BF4D}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{E1912AFB-A3D6-4704-8C0A-A806D72CDFE7}] => (Allow) C:\Windows\SysWOW64\ftp.exe
FirewallRules: [{D77EF182-58CB-43CD-9B6B-362126CF2E96}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A9D4BD1A-5CB8-4939-9FE9-9C4B6CF9447F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4BFD1A55-4072-4C06-ABBE-640E4FE6F747}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{717B688A-C038-4022-ABC5-E24247E913E9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{66E44D7A-4A0C-4A1C-8B66-95D13BF08224}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DF8CC5C3-9BBF-4B1B-AAF9-D0E3E58F6FB6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{681817F9-FCAB-4F6A-A99C-F5DDFA20C4DC}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{8917F0CC-F64F-4313-8195-DFD3616E903A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{B66A9167-0377-4352-B565-7A9A8A13E067}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CA8F7081-1F98-4D09-A6F0-5400FF155062}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F4046FDA-AD16-4552-9319-74AB281E63C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{7BCAA610-8434-4009-81D9-F60AFF69B6C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6B9A1A5F-5BDA-4EB8-9782-75BA848689F8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1A49E69C-A78E-452C-81A5-267F9306C57D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1F20F0BE-366D-4662-B16E-30081F0247FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoir '44 Online\Memoir'44 Online.exe
FirewallRules: [{3079EFF6-10CA-4972-B927-E89919A41C3F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Memoir '44 Online\Memoir'44 Online.exe
FirewallRules: [{3A2C1514-6657-4275-9659-169C4CCDB682}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

03-09-2017 16:00:21 Scheduled Checkpoint
12-09-2017 15:30:41 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Intel® Dual Band Wireless-AC 8260
Description: Intel® Dual Band Wireless-AC 8260
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2017 11:07:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (09/20/2017 09:25:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_27_0_0_130.exe, version: 27.0.0.130, time stamp: 0x59a5bf49
Faulting module name: SS2OSD.dll, version: 0.0.0.0, time stamp: 0x55cd9503
Exception code: 0xc0000005
Fault offset: 0x00006699
Faulting process id: 0x4148
Faulting application start time: 0x01d33207641174c6
Faulting application path: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_130.exe
Faulting module path: C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
Report Id: fabafb53-18eb-4fd7-91a2-7a019c5dd433
Faulting package full name:
Faulting package-relative application ID:

Error: (09/20/2017 09:16:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_27_0_0_130.exe, version: 27.0.0.130, time stamp: 0x59a5bf49
Faulting module name: SS2OSD.dll, version: 0.0.0.0, time stamp: 0x55cd9503
Exception code: 0xc0000005
Fault offset: 0x00006699
Faulting process id: 0x4078
Faulting application start time: 0x01d33206275c19f7
Faulting application path: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_130.exe
Faulting module path: C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
Report Id: 614c442a-d5e4-4cea-a5a1-16229b47bf46
Faulting package full name:
Faulting package-relative application ID:

Error: (09/20/2017 01:12:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.15063.0, time stamp: 0x982d0cc7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x887a0001
Fault offset: 0x0000000000000000
Faulting process id: 0x654
Faulting application start time: 0x01d331477ac27800
Faulting application path: C:\WINDOWS\System32\dwm.exe
Faulting module path: unknown
Report Id: 4077c38d-4d98-4196-bd27-f894bab08c70
Faulting package full name:
Faulting package-relative application ID:

Error: (09/20/2017 09:13:55 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (09/19/2017 09:45:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sihost.exe, version: 10.0.15063.0, time stamp: 0x745f8759
Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0x943cbf8b
Exception code: 0xc00000fd
Fault offset: 0x000000000003900b
Faulting process id: 0x1fbc
Faulting application start time: 0x01d33103503b1a5f
Faulting application path: c:\windows\system32\sihost.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: b0b99cce-9a22-4500-bc31-5a12746541d9
Faulting package full name:
Faulting package-relative application ID:

Error: (09/19/2017 03:27:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_27_0_0_130.exe, version: 27.0.0.130, time stamp: 0x59a5bf49
Faulting module name: SS2OSD.dll, version: 0.0.0.0, time stamp: 0x55cd9503
Exception code: 0xc0000005
Fault offset: 0x00006699
Faulting process id: 0x2308
Faulting application start time: 0x01d3310c31e86c61
Faulting application path: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_130.exe
Faulting module path: C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
Report Id: 10361d47-8ddd-4903-bdba-7dbee3f15d97
Faulting package full name:
Faulting package-relative application ID:

Error: (09/19/2017 02:27:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.

Error: (09/18/2017 09:54:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_27_0_0_130.exe, version: 27.0.0.130, time stamp: 0x59a5bf49
Faulting module name: SS2OSD.dll, version: 0.0.0.0, time stamp: 0x55cd9503
Exception code: 0xc0000005
Fault offset: 0x00006699
Faulting process id: 0xf44
Faulting application start time: 0x01d3307902ea3bfb
Faulting application path: C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_27_0_0_130.exe
Faulting module path: C:\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\SS2OSD.dll
Report Id: 2d4866fe-e75b-4f07-b87e-f7e3a63e1838
Faulting package full name:
Faulting package-relative application ID:

Error: (09/18/2017 01:50:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1028
Faulting application start time: 0x01d3303570f85949
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: dc7b940f-88b8-4bcc-9ae9-d763339281da
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

System errors:
=============
Error: (09/21/2017 11:03:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/21/2017 11:03:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/20/2017 09:10:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/20/2017 09:10:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2017 02:24:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2017 02:24:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/18/2017 10:45:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OTB3QSE)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.

Error: (09/18/2017 09:38:02 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR5.

Error: (09/18/2017 05:33:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-OTB3QSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user DESKTOP-OTB3QSE\Martin SID (S-1-5-21-3624156614-4154489229-1379725982-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (09/18/2017 05:33:01 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-OTB3QSE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user DESKTOP-OTB3QSE\Martin SID (S-1-5-21-3624156614-4154489229-1379725982-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.8.12.15063_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

CodeIntegrity:
===================================
Date: 2017-09-20 12:47:46.729
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Microsoft signing level requirements.

Date: 2017-09-20 12:47:46.724
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Microsoft signing level requirements.

Date: 2017-09-19 14:25:45.971
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Microsoft signing level requirements.

Date: 2017-09-19 14:25:45.968
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Microsoft signing level requirements.

Date: 2017-09-18 14:04:05.197
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Store signing level requirements.

Date: 2017-09-18 14:04:05.188
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Store signing level requirements.

Date: 2017-09-18 12:42:23.818
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Microsoft signing level requirements.

Date: 2017-09-18 12:42:23.811
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 21:59:13.077
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2DevProps.dll that did not meet the Microsoft signing level requirements.

Date: 2017-09-17 21:59:13.074
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\SS2\UserInterface\x64\SS2OSD.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 31%
Total physical RAM: 16322.36 MB
Available physical RAM: 11133.21 MB
Total Virtual: 18754.36 MB
Available Virtual: 12637.31 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:237.4 GB) (Free:66.3 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:912.46 GB) NTFS
Drive f: (TOSHIBA EXT) (Fixed) (Total:1863.01 GB) (Free:1205.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E7B4C6B6)

Partition: GPT.

========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 26F40E11)

Partition: GPT.

========================================================
Disk: 2 (Size: 1863 GB) (Disk ID: 5CD7DB9A)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

#4
RKinner

Posted 20 September 2017 - 09:12 PM

Malware Expert

Expert
24,624 posts

Nothing obvious. Let's run some tests. Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/

(If you open an elevated command prompt the prompt will be c:\Windows\System32> )

Type:

nslookup  amazon.com.au

and hit Enter. It should say something like:

C:\Windows\system32>nslookup amazon.com.au

Server: Waitsfield.gateway.Waitsfield.gateway

Address: 192.168.1.254

Non-authoritative answer:

Name: amazon.com.au

Addresses: 54.240.252.209

54.240.250.225

54.240.248.230

Do you get the same IP addressess? If not what addresses do you get?

Type:

tracert -d amazon.com.au > \junk.txt

Hit Enter

notepad \junk.txt

Hit Enter.

Copy and paste the text from notepad

#5
jervis

Posted 20 September 2017 - 11:07 PM

Member

Topic Starter
Member
30 posts

Thanks for your quick reply.

Ironically, I hadn't tried to access Amazon Au. It was Amazon US and Amazon UK that I couldn't get onto - and then I just assumed that all Amazons were inaccessible. When I got your message, I checked Amazon Au, and found could reach it. So when I followed your instructions, I used the address Amazon.com

By the way the Amazon US addresses were Server: 163.47.16.144 (The Server was Unknown)

and Amazon.com: 107.6.136.177
216.158.75.141

Here the trace:

Tracing route to amazon.com [216.158.75.141]
over a maximum of 30 hops:

1     4 ms    <1 ms    <1 ms 192.168.1.1
2     9 ms     8 ms     8 ms 10.20.25.50
3    10 ms     9 ms     8 ms 203.219.199.2
4    19 ms    19 ms    19 ms 203.219.199.142
5    31 ms    30 ms    31 ms 202.7.171.153
6    28 ms    27 ms    28 ms 203.29.134.68
7   205 ms   204 ms   204 ms 213.248.86.188
8   204 ms   204 ms   204 ms 62.115.125.0
9   218 ms   219 ms   218 ms 62.115.119.91
10   210 ms   211 ms   210 ms 213.248.77.75
11   211 ms   211 ms   226 ms 107.182.174.138
12   210 ms   210 ms   211 ms 216.158.75.141

Trace complete.

#6
RKinner

Posted 21 September 2017 - 05:55 AM

Malware Expert

Expert
24,624 posts

The two addresses you got are not what I get.and are located in Chicago and Los Angeles. When I do Amazom.com I get:

Name: amazon.com

Addresses: 54.239.25.192

54.239.25.208

54.239.17.7

54.239.17.6

54.239.25.200

54.239.26.128

The problem with a big company like amazon is that you will get different addresses depending on where you live but it seems wrong that they are in different places.

Open the elevated Command Prompt again

Type (with an Enter after each line):

nslookup

server 8.8.8.8

amazon.com  > \junk.txt

tracert -d >> \junk.txt

notepad \junk.txt

Copy and paste the result from notepad.

Are these IP addresses different from before? Copy the first address then open IE and paste (Ctrl + v) the address into the URL bar. Hit Enter. You will get a page that complains about the certificate. Hit: Continue to this website (not recommended). (Don't use Chrome since it won't let you continue)

Do you get amazon.com? IF so, the problem is with the DNS servers you were using. Try changing them manually to 8.8.8.8 and 4.2.2.1 or you can use the OpenDNS addresses they use here:

https://support.open...0-Configuration

Not ideal for Australia but I just want to see if it fixes the problem. IF it does you can choose a better DNS with one of the programs here:

https://www.lifewire...-change-2377750

#7
jervis

Posted 21 September 2017 - 06:05 PM

Member

Topic Starter
Member
30 posts

I'm not sure what I'm doing wrong, but I enter the first two lines down to 'server 8.8.8.8', and I get a reply which ends in 'Address 8.8.8.8', then I press enter and write:
amazon.com > \junk.txt

and I get:

Unrecognized command: amazon.com > \junk.txt

#8
RKinner

Posted 21 September 2017 - 07:34 PM

Malware Expert

Expert
24,624 posts

My fault. Can't use the > ]junk.txt in nslookup.

Should be:

nslookup

server 8.8.8.8

amazon.com

quit

#9
jervis

Posted 21 September 2017 - 08:53 PM

Member

Topic Starter
Member
30 posts

OK, the addresses turn out to be exactly the same as the ones you listed, though in a different order.

I copied the first address and entered it into Edge and it couldn't access the website:

Hmmm...can’t reach this pageThis website might be marked as work-related by your organization. Try to access this link in a new Microsoft Edge window outside of Windows Defender Application Guard.

Make sure you’ve got the right web address: https://www.amazon.com

#10
RKinner

Posted 22 September 2017 - 03:24 AM

Malware Expert

Expert
24,624 posts

Edge is too secure to work. Would only work in Internet Explorer. Since you got the right IP addresses, Go ahead and change the DNS server to 8.8.8.8 & 4.2.2.1 and see if that fixes the issue.

Try changing them manually to 8.8.8.8 and 4.2.2.1 or you can use the OpenDNS addresses they use here:

https://support.open...0-Configuration

Not ideal for Australia but I just want to see if it fixes the problem. IF it does you can choose a better DNS with one of the programs here:

https://www.lifewire...-change-2377750

I'm moving back to Florida today. It's a 4 day trip so expect delays.

#11
jervis

Posted 24 September 2017 - 09:06 PM

Member

Topic Starter
Member
30 posts

Well, that fixed it!! Fantastic! Thanks so much RKinner - I really appreciate your help. You were very quick with your replies, you were patient, and it seems you went straight to the heart of what was wrong.

I’ve attached a copy of the DNS test results. I’d been getting strange warnings from Kaspersky about what were obviously reputable sites recently, like Amazon.com for instance - before I stopped being able to access it. The warnings often cited Google as the danger. I noticed in the DNS test results some references to Google being incorrect or hijacked, and wondered if that might have had anything with the Kaspersky warnings.

I’m not expecting a reply from you any time soon – I know you’re on the road in the middle of a massive move. I hope all is going well, and that things go smoothly when you finally get there. Thanks again for your help. I feel lucky to have got to you just before you set off – and I appreciate that you helped me up to the last minute.

All the best
Martin

Attached Thumbnails

#12
RKinner

Posted 25 September 2017 - 04:30 AM

Malware Expert

Expert
24,624 posts

Made it a day earlier than I expected. Actually got in last night but was too tired to do anything on the PC.

172.217.25.174 belongs to Google so that's OK. The DNS tuning program is probably US-based so it expects US versions of Google but Google is different for every country. Apparently Twitter is the same way. Don't think we can trust the DNS tuning program results as far as which site goes where tho the speed should be OK..

Your current DNS is

203.12.60.35

inetnum: 203.12.60.0 - 203.12.63.255
netname: VICDET-AU
descr: Department of Education and Training - Victoria
descr: 2 Treasury Place
descr: East Melbourne, Victoria
country: AU
org: ORG-DOEA1-AP
admin-c: DOEA2-AP
tech-c: DOEA2-AP
mnt-by: APNIC-HM
mnt-routes: MAINT-AU-VICDET
status: ASSIGNED PORTABLE
mnt-irt: IRT-AU-VICDET
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
changed: nobody{+]aunic.net 19950201
changed: aunic-transfer{+]apnic.net 20010525
changed: hm-changed{+]apnic.net 20131014
changed: hm-changed{+]apnic.net 20150501
changed: hm-changed{+]apnic.net 20170830
source: APNIC

irt: IRT-AU-VICDET
address: Department of Education and Training - Victoria
address: Level 2, 2 Treasury Place, East Melbourne
e-mail: wheeler.colin.c{+]edumail.vic.gov.au
abuse-mailbox: abuse{+]edumail.vic.gov.au
admin-c: DOEA2-AP
tech-c: DOEA2-AP
auth: # Filtered
mnt-by: MAINT-AU-VICDET
changed: hm-changed{+]apnic.net 20150430
source: APNIC

organisation: ORG-DOEA1-AP
org-name: Department of Education and Training
country: AU
address: Level 2
address: 2 Treasury Place
phone: +613-9637-2495
fax-no: +613-9637-2600
e-mail: DLITDDomainAdmin{+]edumail.vic.gov.au
mnt-ref: APNIC-HM
mnt-by: APNIC-HM
changed: hm-changed{+]apnic.net 20170809
source: APNIC

role: Department of Education and Training - Victoria
address: 2 Treasury Place
address: East Melbourne, Victoria
country: AU
phone: +61 3 9637 2495
fax-no: +61 3 9637 2600
e-mail: wheeler.colin.c{+]edumail.vic.gov.au
admin-c: CW1685-AP
tech-c: PK206-AP
nic-hdl: DOEA2-AP
mnt-by: MAINT-AU-VICDET
changed: hm-changed{+]apnic.net 20150430
source: APNIC