EXE Files Won't Run, Browsers, PC Crash

Collapse
X
Collapse
 
  • Page of 3
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • paulwb
    PCHF Member
    • Nov 2016
    • 159
    #1

    EXE Files Won't Run, Browsers, PC Crash

    @Malnutrition

    Good evening, need your expertise again… the master blaster of malware

    RE: System Manufacturer/Model Number > Custom Build February 23, 2014
    OS > Windows 7 Pro SP1 64 bit
    CPU > Intel Core i7-4930K @ 3.40GHz
    Motherboard > ASUS P9X79 LE Quad Channel DDR3 2400
    Memory > 16 GB G Skill Ripjaws Z DDR3 1866MHz
    Graphics Card > ASUS GeForce GTX 770 2GB X 2
    Browsers > Chrome, Mozilla, Opera
    Antivirus > Panda AV, Privatefirewall

    Below are the FRST files … full PC specs at bottom of post.

    I’ve run Panda AV, & ComboFix in Safe Mode but problem persists.
    Tried to run FSecure & ESET online scanners but database updates stall.
    Ran sfc/ scannow in Safe Mode and process stalls.
    Windows Defender alerts shows the following:

    [ATTACH]803[/ATTACH]
    [ATTACH]804[/ATTACH]

    Apply action to disinfect which shows Successful, but alert reappears.
    Tried running Windows Defender because Microsoft says it will remove Browser Modifier but get error message shown below.

    [ATTACH]805[/ATTACH]
    Code:
    [B][SIZE=4]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016[/SIZE][/B]
Ran by Owner (administrator) on PS-CORSAIR (17-11-2016 21:36:44)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:  http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ 

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-07-26] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\...\Run: [GizmoDriveDelegate] => C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2014-07-20] (Arainia Solutions)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{49B9C919-AC6C-48B4-B3F1-BAE2AAC57837}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3707217111-3059912600-4169917813-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://[www.google.com/search?q=](http://www.google.com/search?q=){searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-26] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3707217111-3059912600-4169917813-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-23] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-10-29] (Cisco WebEx LLC)

Chrome: 
=======
CHR HomePage: Default -> hxxps://[www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en](http://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en)
CHR StartupUrls: Default -> "hxxps://[www.startpage.com/](http://www.startpage.com/)"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-11-17]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-15]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-15]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-15]
CHR Extension: (TV) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2016-11-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-15]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2016-11-15]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2016-11-15]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfnahhhglp [2016-11-15]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj [2016-11-15]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-15]
CHR Extension: (Save to Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-11-15]
CHR Extension: (Send Anywhere (File Transfer)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihbikoooaenkpdooehgemieligjejcb [2016-11-15]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegbjmfnfh [2016-11-15]
CHR Extension: (Mailvelope) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-11-15]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2016-11-15]
CHR Extension: (Yesware Reports) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2016-11-15]
CHR Extension: (Boomerang for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-11-15]
CHR Extension: (Vend) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdebajikafa [2016-11-15]
CHR Extension: (Mailtrack for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-15]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2016-11-15]
CHR Extension: (Streak CRM for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-11-15]

Opera: 
=======
OPR Extension: (HTTPS Everywhere) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2016-11-10]
OPR Extension: (uBlock Origin) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-11-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-03-19] (AOMEI Tech Co., Ltd.) [File not signed]
R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2014-07-20] (Arainia Solutions)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] () [File not signed]
R0 bdisk; C:\Windows\System32\DRIVERS\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
R0 CBUFS; C:\Windows\System32\DRIVERS\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2014-07-20] (Arainia Solutions LLC)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R0 Reparse; C:\Windows\System32\DRIVERS\CBReparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R3 vdbus; C:\Windows\System32\DRIVERS\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-11-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-11-13] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-17 21:36 - 2016-11-17 21:36 - 00021160 _____ C:\Users\Owner\Desktop\FRST.txt
2016-11-17 21:36 - 2016-11-17 21:36 - 00000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2016-11-17 08:00 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-11-16 20:49 - 2016-11-16 20:49 - 00001177 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-16 20:49 - 2016-11-16 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-16 20:49 - 2016-11-16 20:49 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-16 20:21 - 2016-11-16 20:21 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-11-16 20:21 - 2016-11-16 20:21 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-11-16 20:08 - 2016-11-16 20:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ZHP
2016-11-16 20:07 - 2016-11-16 20:07 - 00164692 _____ C:\Windows\ntbtlog.txt
2016-11-15 23:10 - 2016-11-15 23:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-15 23:07 - 2016-11-17 21:12 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 23:07 - 2016-11-17 08:00 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-15 23:07 - 2016-11-15 23:07 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-15 23:07 - 2016-11-15 23:07 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-15 23:07 - 2016-11-15 23:07 - 00002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 23:07 - 2016-11-15 23:07 - 00002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 22:35 - 2016-11-15 22:35 - 00013036 _____ C:\Users\Owner\Desktop\Fixlog.M.txt
2016-11-15 19:41 - 2016-11-15 22:32 - 00022336 _____ C:\Users\Owner\Desktop\INFO.txt
2016-11-15 13:33 - 2016-11-15 13:33 - 00000000 ____D C:\zoek
2016-11-15 13:24 - 2016-11-15 13:34 - 00003148 _____ C:\runcheck.txt
2016-11-15 13:24 - 2016-11-15 13:34 - 00000000 ____D C:\zoek_backup
2016-11-15 12:45 - 2016-11-17 21:36 - 02412032 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-11-15 11:47 - 2016-11-15 11:47 - 04186040 _____ C:\Users\Owner\Desktop\zoek.zip
2016-11-15 11:47 - 2016-11-15 11:47 - 01309184 _____ C:\Users\Owner\Desktop\zoek.exe
2016-11-15 11:34 - 2016-11-15 11:34 - 00000078 _____ C:\Users\Owner\Desktop\Zoek.Code.txt
2016-11-14 21:34 - 2016-11-14 21:34 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill_2.8.4.0.exe
2016-11-14 12:50 - 2016-11-14 12:56 - 00219198 _____ C:\TDSSKiller.3.1.0.12_14.11.2016_12.50.13_log.txt
2016-11-14 12:48 - 2016-11-17 21:36 - 00000000 ____D C:\FRST
2016-11-14 12:00 - 2016-11-14 12:00 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Owner\Desktop\tdsskiller.exe
2016-11-13 16:14 - 2016-11-17 21:36 - 00137055 _____ C:\Windows\ZAM.krnl.trace
2016-11-13 16:14 - 2016-11-17 21:36 - 00115261 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-13 16:14 - 2016-11-13 16:14 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-11-13 16:14 - 2016-11-13 16:14 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-11-13 16:14 - 2016-11-13 16:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Zemana
2016-11-13 15:54 - 2016-11-16 18:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 15:54 - 2016-11-13 15:54 - 00001131 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-13 15:54 - 2016-11-13 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-13 15:54 - 2016-11-13 15:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-13 15:54 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-13 15:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-13 15:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-13 15:25 - 2016-11-16 19:44 - 00000000 ____D C:\AdwCleaner
2016-11-13 14:54 - 2016-11-13 14:54 - 03910208 _____ C:\Users\Owner\Desktop\adwcleaner_6.030.exe
2016-11-13 14:03 - 2016-11-13 14:30 - 00000000 ____D C:\Users\Owner\Desktop\PandaCloudCleaner
2016-11-13 13:23 - 2016-11-13 13:23 - 37786232 _____ (Panda Security ) C:\Users\Owner\Desktop\PandaCloudCleaner.exe
2016-11-13 13:17 - 2016-11-13 13:17 - 00000000 ____D C:\Quarantine
2016-11-13 13:04 - 2016-11-13 13:22 - 00000000 ____D C:\Program Files (x86)\stinger
2016-11-13 11:46 - 2016-11-13 14:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-11-13 10:51 - 2016-11-13 10:51 - 00748192 _____ (TechGuy, Inc.) C:\Users\Owner\Downloads\SysInfo.exe
2016-11-13 00:07 - 2016-11-13 00:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-12 23:41 - 2016-11-12 23:41 - 00524248 _____ (F-Secure Corporation) C:\Users\Owner\Desktop\F-SecureOnlineScanner.exe
2016-11-12 23:35 - 2016-11-12 23:35 - 00021464 _____ C:\ComboFix.txt
2016-11-12 23:08 - 2016-11-12 23:08 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Owner\Desktop\esetonlinescanner_enu.exe
2016-11-12 22:24 - 2016-11-13 14:31 - 00000000 ____D C:\Users\Owner\AppData\Local\FSDART
2016-11-12 22:24 - 2016-11-13 11:36 - 00000000 ____D C:\ProgramData\F-Secure
2016-11-12 22:24 - 2016-11-12 22:24 - 00000000 ____D C:\Users\Owner\AppData\Local\F-Secure
2016-11-12 22:14 - 2016-11-12 22:14 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET
2016-11-07 20:45 - 2016-10-25 15:00 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-11-07 20:42 - 2016-10-25 20:06 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-11-07 20:42 - 2016-10-25 20:06 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 40123840 _____ C:\Windows\system32\nvcompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 35224632 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 34701760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 28138552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 17429080 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 17348752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 14397272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 14033976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-07 20:42 - 2016-10-25 16:39 - 10912232 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 10773504 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 10324400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 09113296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 08913512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 08716056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 03628992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 03193912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437570.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437570.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 01037248 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00945208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00897080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00439864 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-11-07 20:42 - 2016-10-25 16:39 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-11-07 20:35 - 2016-10-25 15:21 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-07 20:35 - 2016-10-25 15:21 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-07 20:35 - 2016-10-25 15:21 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-02 10:42 - 2016-11-02 10:42 - 00001004 _____ C:\Users\Owner\Desktop\TOU_Winter - Shortcut.lnk
2016-11-02 10:38 - 2016-11-02 10:38 - 00001004 _____ C:\Users\Owner\Desktop\TOU_Summer - Shortcut.lnk
2016-10-27 13:44 - 2016-10-27 13:44 - 04965616 _____ (Interactive Brokers LLC) C:\Users\Owner\Downloads\tws-latest-windows-x86.exe
2016-10-27 13:44 - 2016-10-27 13:44 - 00001427 _____ C:\Users\Public\Desktop\Trader Workstation.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-17 21:23 - 2014-07-23 17:37 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job
2016-11-17 20:30 - 2015-06-11 19:00 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job
2016-11-17 08:08 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-17 08:08 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-17 08:05 - 2009-07-14 00:13 - 00915794 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-17 08:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-17 08:01 - 2014-02-10 00:09 - 00000000 ____D C:\Users\Owner
2016-11-17 08:00 - 2014-02-11 00:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-17 08:00 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-16 19:56 - 2016-09-20 20:40 - 00000000 ____D C:\Users\Owner\Downloads\CFix
2016-11-16 15:55 - 2014-03-25 23:05 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-11-16 10:06 - 2014-08-25 21:25 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-11-15 23:33 - 2016-09-18 13:06 - 00000066 ___SH C:\Users\Owner\3824700-18.cbr
2016-11-15 23:33 - 2014-02-10 00:09 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2016-11-15 23:07 - 2014-03-03 16:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-15 23:07 - 2014-02-11 00:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-11-15 22:58 - 2014-07-20 20:08 - 00000028 _____ C:\Windows\ODBC.INI
2016-11-15 22:57 - 2014-05-13 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-15 22:57 - 2014-03-19 17:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-11-15 22:57 - 2014-03-19 17:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla
2016-11-15 22:54 - 2016-08-29 16:04 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1472504661
2016-11-15 22:54 - 2016-08-29 16:03 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-15 12:51 - 2016-02-28 13:24 - 00000000 ___SD C:\Users\Owner\AppData\LocalLow\Temp
2016-11-15 12:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-11-13 13:49 - 2016-06-10 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXDD Malta - MetaTrader 4-1
2016-11-13 13:26 - 2014-10-18 21:31 - 00001311 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2016-11-13 12:08 - 2010-11-20 22:24 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2016-11-12 23:34 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-11-12 23:32 - 2016-08-29 12:51 - 00000000 ____D C:\Windows\erdnt
2016-11-12 23:11 - 2009-07-14 00:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-12 21:22 - 2014-03-03 16:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
2016-11-12 21:21 - 2014-03-03 16:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2016-11-09 11:37 - 2014-12-26 12:00 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 09:34 - 2016-02-23 18:29 - 06948888 _____ (Geek Uninstaller) C:\Users\Owner\Desktop\geek.exe
2016-11-08 20:38 - 2014-02-11 00:52 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA Corporation
2016-11-07 20:46 - 2014-02-11 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-07 20:46 - 2014-02-11 00:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-07 20:45 - 2016-03-21 08:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-07 20:44 - 2014-02-11 00:50 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-07 20:44 - 2014-02-11 00:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-07 20:35 - 2016-10-09 22:37 - 00003598 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003836 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003836 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003786 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003774 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003538 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00001441 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-06 08:56 - 2015-12-18 22:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 07:37 - 2014-03-03 09:20 - 00000000 ____D C:\Jts
2016-11-02 06:00 - 2016-02-23 18:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-11-01 07:11 - 2015-06-11 19:00 - 00003688 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000
2016-11-01 07:11 - 2014-07-23 17:37 - 00003592 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000
2016-10-29 16:47 - 2016-01-12 12:00 - 00000000 ____D C:\Users\Owner\AppData\Local\WebEx
2016-10-29 16:46 - 2016-01-12 12:00 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\WebEx
2016-10-27 13:44 - 2016-09-20 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trader Workstation
2016-10-26 16:29 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-25 20:06 - 2016-08-06 22:26 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 19925152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 03933968 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 03473368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-10-25 15:21 - 2016-09-11 19:51 - 01854008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 01454136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-10-25 15:17 - 2016-01-22 21:23 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-10-25 15:17 - 2016-01-22 21:23 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-10-25 15:17 - 2015-02-04 11:23 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 06386232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-10-25 15:13 - 2016-09-11 19:51 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-10-24 01:31 - 2014-02-11 00:50 - 07507695 _____ C:\Windows\system32\nvcoproc.bin
2016-10-19 18:20 - 2014-03-03 15:49 - 00001004 _____ C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======

2014-03-02 23:54 - 2014-03-02 23:54 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-02-10 12:17 - 2014-02-10 12:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\geek_x64.exe
C:\Users\Owner\AppData\Local\Temp\libeay32.dll
C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\sys50bf.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-14 10:25

==================== End of FRST.txt ============================

[SIZE=4][B]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016[/B][/SIZE]
Ran by Owner (17-11-2016 21:37:14)
Running from C:\Users\Owner\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-02-10 05:09:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3707217111-3059912600-4169917813-500 - Administrator - Disabled)
Guest (S-1-5-21-3707217111-3059912600-4169917813-501 - Limited - Disabled)
Owner (S-1-5-21-3707217111-3059912600-4169917813-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Disabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
AOMEI Backupper Standard Edition 2.5 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.4.0 - Asmedia Technology)
BTMM Software (HKLM-x32\...\BTMM Software) (Version:  - )
BTMM WSM Viewer 3.7 (HKLM-x32\...\{64F8E2C6-A88D-4C0A-BA07-93F9FFA11A8E}}_is1) (Version: 3.7 - Beat the Market Maker)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version:  - NCH Software)
FXDD Malta - MetaTrader 4 (HKLM-x32\...\FXDD Malta - MetaTrader 4) (Version: 6.00 - MetaQuotes Software Corp.)
FXDD Malta - MetaTrader 4 (HKLM-x32\...\FXDD Malta - MetaTrader 4-1) (Version: 4.00 - MetaQuotes Software Corp.)
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version:  - UltimateOutsider)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Network Recording Player (HKLM-x32\...\{D64DFCA4-1AEC-4B6A-8A3A-6C2E1B2E16BD}) (Version: 29.11.3.4862 - Cisco WebEx LLC)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Opera Stable 41.0.2353.56 (HKLM-x32\...\Opera 41.0.2353.56) (Version: 41.0.2353.56 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.9 - Panda Security)
Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Snagit 12 (HKLM-x32\...\{a8dbd220-0251-433a-8cc0-8b2e0d67053b}) (Version: 12.1.0.1322 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.1.0 - TechSmith Corporation) Hidden
Trader Workstation (HKLM-x32\...\5889-6375-8446-2021) (Version: latest (959.1d) 20161026 17:20:13 - Interactive Brokers LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3707217111-3059912600-4169917813-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054DF6B1-C0C5-477B-BA36-8E596BB7F10D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {3EE4F2EC-8A45-43C6-854A-2EDE6113F277} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {43B908A7-34DE-469C-8EC9-FDA7D168F818} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)
Task: {515FADEF-C8DA-41A6-88DD-A4E851464711} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {627D4F51-9196-43DF-A04D-B872C8B6DEFF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {63ADC1E8-0A62-4658-A9D2-935AEEBC35B9} - System32\Tasks\Opera scheduled Autoupdate 1472504661 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-07] (Opera Software)
Task: {78CB52C6-2420-4117-BC17-944F2415D339} - System32\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {79B5E9B1-7893-4DBD-B013-FBFE5FE0E7E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {7ED220D2-3F34-41E5-A3D0-1F5E1A517E5E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {A33DAEBA-F917-4160-98A5-F3F9E7D33C27} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {B79E76B8-8CD9-4FD4-9812-3DCEFB0056F8} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2014-03-25] (NCH Software)
Task: {C32994E5-1867-4194-ADB3-B2BEAD9904EB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {C4551982-7BEC-4243-9194-74FB6DFE6175} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2014-07-20] (Arainia Solutions)
Task: {D0BEEEBF-CD17-4AE2-A56B-EB783685BEC7} - System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DBECA225-BEA2-4E24-824D-407830BC8221} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {E3DC60B8-AECD-43D0-8EB1-960DF854E78E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {E72EC86B-3D23-4084-BDD8-881206C004F4} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
Task: {E76D5133-5A44-4F50-BE32-F47E52A983BA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {FB9C88AE-0821-4A9A-A3EC-E2081441377F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\Favorites\NCH Software Download Site.lnk -> hxxp://[www.nchsoftware.com/index.html](http://www.nchsoftware.com/index.html)

ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Send Anywhere (File Transfer).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=hihbikoooaenkpdooehgemieligjejcb

==================== Loaded Modules (Whitelisted) ==============

2016-09-11 19:51 - 2016-10-25 15:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-03-08 21:29 - 2014-10-07 05:55 - 01508032 _____ () C:\Program Files\COMODO\COMMON\LIBEAY32.dll
2016-03-08 21:29 - 2014-10-07 05:55 - 00338112 _____ () C:\Program Files\COMODO\COMMON\SSLEAY32.dll
2014-02-11 00:50 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-21 19:07 - 2014-01-21 19:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-20 16:41 - 2014-07-20 16:41 - 00367528 _____ () C:\Program Files (x86)\Gizmo\gshell-x64.dll
2016-11-16 20:49 - 2016-11-16 20:49 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00224984 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00286424 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00966360 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00278232 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00110296 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00675544 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2015-04-21 21:00 - 2015-02-25 23:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-11 19:51 - 2016-10-25 14:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-11 19:51 - 2016-10-25 14:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-11 19:51 - 2016-10-25 14:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-11 19:51 - 2016-10-25 15:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-11 19:51 - 2016-10-25 14:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-11 19:51 - 2016-10-25 14:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-11 19:51 - 2016-10-25 14:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-11 19:51 - 2016-10-25 14:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2014-02-11 00:50 - 2013-07-26 12:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Owner\Desktop\fxddmalta4setup_build610.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Owner\Downloads\nbr2player.msi:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-11-15 22:35 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B1D29FB0-35CB-4D16-A4C5-607D778F7EB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-11-2016 12:50:53 Restore Point Created by FRST
15-11-2016 13:25:34 zoek.exe restore point
15-11-2016 22:35:17 Restore Point Created by FRST
15-11-2016 22:58:47 Removed Privatefirewall 7.0
16-11-2016 19:59:58 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2016 08:55:04 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (11/17/2016 08:55:04 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=2350}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (11/17/2016 08:00:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 08:35:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 08:14:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 08:09:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 07:46:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 03:58:06 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (11/16/2016 03:58:06 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4300}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)

Error: (11/16/2016 03:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/17/2016 07:59:54 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/16/2016 08:34:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/16/2016 08:13:31 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/16/2016 08:07:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (11/16/2016 08:07:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/16/2016 08:07:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/16/2016 08:07:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/16/2016 08:07:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (11/16/2016 08:07:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (11/16/2016 08:07:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
discache
GizmoDrv
NNSALPC
NNSHTTP
NNSHTTPS
NNSIDS
NNSPICC
NNSPIHSW
NNSPOP3
NNSPROT
NNSPRV
NNSSMTP
NNSSTRM
NNSTLSC
PSINKNC
spldr
Wanarpv6


CodeIntegrity:
===================================
  Date: 2016-08-29 13:55:26.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-08-29 13:55:26.844
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-16 20:53:38.146
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdvrt64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 14276.8 MB
Available physical RAM: 11621.34 MB
Total Virtual: 14274.98 MB
Available Virtual: 11571.96 MB

==================== Drives ================================

Drive c: (Kingston HyperX SSD 240GB) (Fixed) (Total:223.47 GB) (Free:162.59 GB) NTFS
Drive d: (2TB.Seagate.Barracuda) (Fixed) (Total:1863.01 GB) (Free:1242.65 GB) NTFS
Drive f: (2TB.WD.Black.Caviar) (Fixed) (Total:1863.01 GB) (Free:1382.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: CB504B49)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CB504B42)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F47551AD)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
[SIZE=4]
PC Specs
Computer Type > PC/Desktop
System Manufacturer/Model Number > Custom Build February 23, 2014
OS > [B]Windows 7 Pro SP1 64 bit[/B]
CPU > Intel Core i7-4930K @ 3.40GHz
Motherboard > ASUS P9X79 LE Quad Channel DDR3 2400
Memory > 16 GB G Skill Ripjaws Z DDR3 1866MHz
Graphics Card > ASUS GeForce GTX 770 2GB X 2
Sound Card > Realtek ALC892 8-channel High Def Audio
Monitor(s) Displays > 23 inch ASUS LCDs X 2
Keyboard > Logitech K800
Mouse > Logitech G9X
PSU > Seasonic X-850 Gold 850 W
Case > Corsair Carbide Series 330R Mid Tower ATX
Cooling > Cooler Master Hyper 212 EVO CPU cooler
Hard Drives > 240 GB Kingston Hyper X SSD and 2TB Seagate HDD
Internet Speed > 15 Mbps DOWN - 2 Mbps UP
Browsers > Chrome, Mozilla, Opera
Antivirus > Panda AV, Privatefirewall[/SIZE]
    Tags: None
    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7041
      #2
      Emsisoft Emergency Kit Scan

      [ul]
      [li]Download Emsisoft Emergency Kit and save it to your desktop.[/li][li]Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract[/li][li]Double click the Start Emsisoft Emergency Kit icon that will appear after extraction[/li][li]Click Yes to update the program, this may take some time[/li][li]Click on 2. Scan[/li][li]Click Yes to detecting Potentially Unwanted Programs[/li][li]Click Malware Scan[/li][li]Patiently wait for the thorough scan to complete, this can be a lengthy process[/li][li]Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK[/li][li]Click View Report[/li][li]Copy and paste or attach the report to your reply[/li][li]Close the program then click Close[/li][/ul]

      9-Lab Scan.

      [ul]
      [li]Download 9-Lab Removal Tool. [/li][li]CLICK HERE to determine whether you’re running 32-bit or 64-bit for Windows.[/li][li]Install the program onto your computer, then right click the icon run as administrator.[/li][li]Update the program and then run a full scan! [/li][li] Make sure the program updates, might be better to install it update reboot and check for updates again. [/li][li]You need to make sure the database updates!!![/li][li]Upon Scan Completion Click on Show Results.[/li][li]Then Click On Clean [/li][li]Then Click on Save Log.[/li][li]Save it to your desktop, copy and paste the contents of the log here in your next reply.[/li][/ul]

        Comment

        • paulwb
          PCHF Member
          • Nov 2016
          • 159
          #3
          The Emsisoft scan worked but 9-Lab has been stalled at the same file for 20+ min.
          Should I abort, reboot PC and run again?

            Comment

            • Malnutrition
              PCHF Moderator
              • Jul 2016
              • 7041
              #4
              Originally posted by Paul Simoes
              Should I abort, reboot PC and run again?
              Yes. If it stalls again, let it run for at least an hour. If it is stalled for more than an hour post the Emsisoft log and we will go from there.

                Comment

                • Malnutrition
                  PCHF Moderator
                  • Jul 2016
                  • 7041
                  #5
                  Also, I see that you have Zemana installed. Let’s run a deep scan with it.

                  Zemana Deep Scan.

                  [ul]
                  [li]Right click on Zemana and run as admin.[/li][li]Click the Cog/Sproket Wheel, at the top right of Zemana[/li]
                  [li]Select Advanced - I have read the warning and wish to proceed.[/li][li]Place a tick next to Detect Suspicious (Root CA) Certificates.[/li][li]Then click the house icon in Zemana.[/li][li]Then hit your start button at the lower left hand corner of your desktop.[/li]
                  [li]Then left click on Computer.[/li][li]Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.[/li][li]http://i.imgur.com/bOVO6lY.png[/li][li]Once the scan has completed click graph icon on the top right of the programs User interface.[/li][li]Double click to open the latest log-file.[/li][li]Copy it to your clipboard.[/li]
                  [li]Post the log here in your next reply.[/li][/ul]

                    Comment

                    • paulwb
                      PCHF Member
                      • Nov 2016
                      • 159
                      #6
                      9-Lab stalled again.

                      Here is the Emsisoft report …
                      Emsisoft Emergency Kit - Version 11.9
                      Last update: 17/11/2016 11:17:28 PM
                      User account: PS-CORSAIR\Owner
                      Computer name: PS-CORSAIR
                      OS version: Windows 7x64 Service Pack 1

                      Scan settings:

                      Scan type: Malware Scan
                      Objects: Rootkits, Memory, Traces, Files

                      Detect PUPs: On
                      Scan archives: Off
                      ADS Scan: On
                      File extension filter: Off
                      Advanced caching: On
                      Direct disk access: Off

                      Scan start: 17/11/2016 11:20:11 PM
                      Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\POLICIES\EXPLORER → NORUN detected: Setting.NoRun (A)
                      Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\POLICIES\EXPLORER → NORUN detected: Setting.NoRun (A)
                      Value: HKEY_USERS\S-1-5-21-3707217111-3059912600-4169917813-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POL ICIES\EXPLORER → NORUN detected: Setting.NoRun (A)

                      Scanned 74991
                      Found 3

                      Scan end: 17/11/2016 11:20:51 PM
                      Scan time: 0:00:40

                      Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\POLICIES\EXPLORER → NORUN Setting.NoRun (A)
                      Value: HKEY_USERS\S-1-5-21-3707217111-3059912600-4169917813-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POL ICIES\EXPLORER → NORUN Setting.NoRun (A)

                      Quarantined 2


                      Here is the Zeman report …

                      Zemana AntiMalware 2.60.2.1 (Installed)

                      Scan Result : Completed
                      Scan Date : 2016/11/18
                      Operating System : Windows 7 64-bit
                      Processor : 12X Intel(R) Core™ i7-4930K CPU @ 3.40GHz
                      BIOS Mode : Legacy
                      CUID : 12643313D681278AC1EB11
                      Scan Type : Custom Scan
                      Duration : 12m 8s
                      Scanned Objects : 192081
                      Detected Objects : 1
                      Excluded Objects : 3
                      Read Level : SCSI
                      Auto Upload : Enabled
                      Detect All Extensions : Disabled
                      Scan Documents : Disabled
                      Domain Info : WORKGROUP,0,2
                      [HEADING=1]Detected Objects[/HEADING]
                      PandaSecurityTb.exe
                      Status : Scanned
                      Object : %programfiles%\panda security\panda security protection\tools\pandasecuritytb.exe
                      MD5 : 6B349A684970E51ABD8823846A6EFD41
                      Publisher : Visicom Media Inc.
                      Size : 4903664
                      Version : 4.3.1.9
                      Detection : Adware:Win32/VisicomToolbar!Ep
                      Cleaning Action : Quarantine
                      Related Objects :
                      File - %programfiles%\panda security\panda security protection\tools\pandasecuritytb.exe

                      䎤̘䏌̘妌̙䏴̘䐜̘쓼̗䑄̘䑬̘䒔̘妼̙姬̙씜̗셬̧灄̢씼̗앜̗̤야̗䒼̘얜̗얼̗娜̙範̣솴̧灼̢ 婌̙䓤̘䯬̣䰬̣䱬̣쇼̧炴̢烬̢䲬̣䳬̣엜̗염̗∌̨쉄̧䔌̘옜̗옼̗왜̗왼̗䔴̘䕜̘焤̢煜̢婼̙媬̙ 嫜̙䖄̘쳼̡䴬̣嬌̙̤욜̗嬼̙熔̢䖬̘䗔̘燌̢䵬̣욼̗䗼̘웜̗孬̙宜̙웼̗爄̢爼̢富̙导̙尬̙屜̙ 윜̗岌̙으̗岼̙읜̗䘤̘䙌̘牴̢일̗잜̗잼̗䙴̘䚜̘峬̙崜̙嵌̙嵼̙䛄̘嶬̙巜̙䛬̘希̙犬̢狤̢䜔̘ 䜼̘䝤̘䞌̘帼̙䶬̣䞴̘䟜̘幬̙䠄̘府̙廌̙䠬̘쟜̗廼̙䡔̘̤䡼̘䢤̘䣌̘䣴̘쟼̗䤜̘䥄̘猜̢獔̢ 제̗젼̗졜̗졼̗좜̗좼̗죜̗주̗줜̗줼̗쥜̗쥼̗즜̗즼̗짜̗짼̗䥬̘쨜̗̤쨼̗쩜̗䦔̘䦼̘

                        Comment

                        • Malnutrition
                          PCHF Moderator
                          • Jul 2016
                          • 7041
                          #7
                          Run a quick scan with 9-Lab if it stalls again uninstall it and forget it.

                          Full Scan with Loaris Trojan Remover.

                          Note: This is a trial software… – Even if you are given the option to remove threats, do not do so. Let me choose if they need to go or not.

                          [ul]
                          [li]Download Loaris Trojan Remover[/li][li]Install the program. [/li]
                          [li]Go to settings – Scan Options.[/li][li]Make sure Heuristics is set to High.[/li][li]Make sure Deep Scan Slow it ticked.[/li][li]Then Click Update – Update virus signature database.[/li][li]Go to scan, then select Full Scan.[/li][li]When the scan is complete – go to log files.[/li][li]Double click on the red writing where it says detected items.[/li]
                          [li]A notepad will open.[/li][li]Click on edit — Select All.[/li][li]Right click and select Copy.[/li][li]Paste the contents of that log here in your next reply.[/li][li]Close the program & Uninstall it.[/li][/ul]
                          Security Check Scan

                          [ul]
                          [li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the scan completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]
                          Removing M$ Spyware

                          Lets remove the GWX Folder and M$ Telemetry from your machine, those are basically M$ spyware and those also will slow your machine.

                          Get the Everything Search Engine
                          Install Program, Right Click Run As Admin. Type GWX into search window.
                          Then Click Edit.
                          Select all.
                          Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.
                          Now repeat the above process for the following words, one at a time.

                          Telemetry DiagTrack

                          Please also see the links below to disable M$ Spying.

                          How to disable the Diagnostics Tracking Service in Windows - gHacks Tech News
                          http://www.ghacks.net/2015/05/12/how-to-disable-the-diagnostics-tracking-service-in-windows/
                          Find out how to disable the Diagnostics Tracking Service that Microsoft pushed to various operating systems via the May 2015 Patch Day.

                          http://www.kjrnet.com/Info/Windows 7 Hidden Settings 2.html

                            Comment

                            • paulwb
                              PCHF Member
                              • Nov 2016
                              • 159
                              #8
                              It’s baaaaaaaaccckkk… !!!
                              9-Lab froze again. While uninstalling with geek, the original Win Defender alert popups reappeared again.
                              I apply the action to disinfect, and it reappears. Previously, it took 7-8 tries before it worked. But now it’s back …
                              The vulkanRT file is appears to be connected with NVIDIA drivers. Many have come across this before.
                              {{MetaTags.og.title}}
                              https://forums.geforce.com/default/topic/933833/trojan-discovered-in-the-latest-driver-download/?offset=4
                              {{MetaTags.og.description}}

                              Some say false positive but Win Defender shows alerts, other posts refer to so-called telemetry aka tracking malware from Nvidia
                              I do see a NVIDIA new driver update…
                              There is a youtube video on How to remove VulkanInfo.exe …

                              I’ll be continuing with the scans you recommended in the last post.

                              [ATTACH]818[/ATTACH]

                              [ATTACH]819[/ATTACH]

                              [ATTACH]820[/ATTACH]

                              It reappears after applying action and file supposedly removed.
                              [ATTACH]821[/ATTACH]

                              [ATTACH]822[/ATTACH]

                              [ATTACH]823[/ATTACH]

                                Comment

                                • paulwb
                                  PCHF Member
                                  • Nov 2016
                                  • 159
                                  #9
                                  Hi M,
                                  RE the Everthing Search Engine, you said " [COLOR=rgb(0, 0, 0)]Now repeat the above process for the following words, [COLOR=rgb(0, 0, 0)]one at a time[COLOR=rgb(0, 0, 0)]."
                                  Which following words? Is there suppose to be a list of words below that sentence?

                                  ** OK, I see the words, thought they referred to the info below them
                                  • 1. Telemetry 2. Diag 3. Track ( I assume 2 & 3 are separate words )

                                  ** Also, cannot uninstall Loaris using geek, stalls.[/COLOR][/COLOR][/COLOR]                                  [COLOR=rgb(0, 0, 0)][COLOR=rgb(0, 0, 0)][COLOR=rgb(0, 0, 0)]
                                  Originally posted by Malnutrition
                                  Run a quick scan with 9-Lab if it stalls again uninstall it and forget it.

                                  Full Scan with Loaris Trojan Remover.

                                  Note: This is a trial software… – Even if you are given the option to remove threats, do not do so. Let me choose if they need to go or not.

                                  [ul]
                                  [li]Download Loaris Trojan Remover[/li][li]Install the program. [/li]
                                  [li]Go to settings – Scan Options.[/li][li]Make sure Heuristics is set to High.[/li][li]Make sure Deep Scan Slow it ticked.[/li][li]Then Click Update – Update virus signature database.[/li][li]Go to scan, then select Full Scan.[/li][li]When the scan is complete – go to log files.[/li][li]Double click on the red writing where it says detected items.[/li]
                                  [li]A notepad will open.[/li][li]Click on edit — Select All.[/li][li]Right click and select Copy.[/li][li]Paste the contents of that log here in your next reply.[/li][li]Close the program & Uninstall it.[/li][/ul]
                                  Security Check Scan

                                  [ul]
                                  [li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the scan completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]
                                  Removing M$ Spyware

                                  Lets remove the GWX Folder and M$ Telemetry from your machine, those are basically M$ spyware and those also will slow your machine.

                                  Get the Everything Search Engine
                                  Install Program, Right Click Run As Admin. Type GWX into search window.
                                  Then Click Edit.
                                  Select all.
                                  Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.
                                  Now repeat the above process for the following words, one at a time.

                                  Telemetry DiagTrack

                                  Please also see the links below to disable M$ Spying.

                                  How to disable the Diagnostics Tracking Service in Windows - gHacks Tech News
                                  http://www.ghacks.net/2015/05/12/how-to-disable-the-diagnostics-tracking-service-in-windows/
                                  Find out how to disable the Diagnostics Tracking Service that Microsoft pushed to various operating systems via the May 2015 Patch Day.

                                  http://www.kjrnet.com/Info/Windows 7 Hidden Settings 2.html
                                  [/color][/color][/color]

                                    Comment

                                    • paulwb
                                      PCHF Member
                                      • Nov 2016
                                      • 159
                                      #10
                                      Below are the [COLOR=rgb(0, 0, 255)]Loaris, Security Check & Everything Search logs … also, followed intrux as per disabling M$ spying links.

                                      Trojan Remover v.2.0.24
                                      Report file date: 18/11/2016 11:50:52 AM
                                      Last update: 18/11/2016 11:50:02 AM

                                      Scanning for 802183 virus strains and unwanted programs.

                                      Licensed: UNREGISTERED
                                      Windows version: Windows 7 Professional x64 (version 6.1)
                                      Username: Owner
                                      Computer name: PS-CORSAIR

                                      Starting the file scan:

                                      Full Scan started
                                      Scanning process…
                                      ----- c:\users\owner\appdata\roaming\ZHP\Quarantine\host s ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: 90C8F3BA7DB5CB3562298C2E11C97C52:35

                                      ----- c:\users\owner\appdata\roaming\ZHP\Quarantine\http s_d10lpsik1i8c69.cloudfront.net_0.localstorage ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: D57C6746BC79C1FA0C36094806225735:9216

                                      ----- c:\users\owner\appdata\roaming\ZHP\Quarantine\http s_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: D41D8CD98F00B204E9800998ECF8427E:0

                                      ----- c:\users\owner\appdata\roaming\ZHP\Quarantine\wix{ 89AFB053-A343-46EF-97E4-D593AD7184E6}.SchedServiceConfig.rmi ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: 907A88D2BEDDBC4EAEBF6E0186A01E5B:288

                                      ----- c:\users\owner\appdata\roaming\ZHP\Tempo.txt ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: D41D8CD98F00B204E9800998ECF8427E:0

                                      ----- c:\users\owner\appdata\roaming\ZHP\Trace.txt ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: AC3F85DF9467ED96080254F38EB1F1EB:6308

                                      ----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner-[R]-16112016-20_10_52.txt ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: D2A6DD03776777B5C4180DF647C36BC1:1947

                                      ----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner–1611 2016-20_09_36.txt ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: 95E758CF44D7DAA70B3144E2A17F00D3:1832

                                      ----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner.exe ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      ProdVer: 3.3.14.0
                                      FileVer: 2016.11.16.195
                                      Signature verification: False
                                      MD5: 65DA4274EB286028A8FEE696B75C4A8E:2494976
                                      RIC: 23FDB51BA5FFEC20F1EDCE89A13CAFB0:76778
                                      RFH: 1536:qExbsaPmYq4SiGgpR2xbHDtyEIVl0Ij236K31gRJ:qrJJ i5UHDtyE8V236K30d
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E8B5D00000E97FFEFFFFCCCCCCCCCCCCCCCCCC57568B742410 8B4C24148B7C240C8BC18BD103C63BFE76083BF80F82680300 000FBA25FC314C00017307F3A4E917
                                      EPSEC: 0
                                      EPRVA: 00027DCD
                                      IBASE: 00400000
                                      SEC:
                                      .text:6000002028A820A1D9FF26CDA02D12B888BA4B4:581120
                                      .rdata:40000040:79B14B254506B0DBC8CD0AD67FB70AD9:1 88928
                                      .data:C0000040:9F9D6F746F1A415A63DE45F8B7983D33:20 992
                                      .rsrc:40000040:F64BEB6D6F6B3C0AACB60FC3E4306DAB:16 73728
                                      .reloc:42000040:6FCAE3CBBF6BFBABF5EC5BBE7CF612C3:2 9184

                                      ----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner.txt ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: 70A1F1AC1568D4EBA45E042C84C72B78:2288

                                      ----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner_Quar antine.txt ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: 7B5E1D30E89E0EF1C86FECB977131673:38

                                      ----- c:\users\owner\appdata\roaming\ZHP\ZHPQ_Files.txt ---- General Threat
                                      Trojan.FPL.Rotbrow.vl
                                      MD5: 0E886B96B0D035DA127C56B347790044:875

                                      ----- c:\users\owner\appdata\roaming\ZHP\ ---- General Threat
                                      Trojan.FPL.Rotbrow.vl

                                      ----- C:$RECYCLE.BIN\S-1-5-21-3707217111-3059912600-4169917813-1000$RF65RGY.zip ---- General Threat
                                      Malware.Win32.Gen.sm
                                      MD5: 4DBB21E5A883B50C408239E05D927BCB:4186040

                                      ----- C:$RECYCLE.BIN\S-1-5-21-3707217111-3059912600-4169917813-1000$RF65RGY.zip\zoek.exe ---- General Threat
                                      Malware.Win32.Gen.sm
                                      ProdVer: 5,0,0,1
                                      FileVer: 5,0,0,1
                                      Name: Zoek
                                      Company: http://www.hijackthis.nl/smeenk
                                      Signature verification: False
                                      NAC: 99299E80F7DAFE4C9D43DB5F58B173DC:35
                                      MD5: 7EA0260488F304D68067A50B33A23AC2:1309184
                                      RIC: FF6424C8D4F0AFF46A767882C86EC867:10032
                                      RFH: 192:LE888JDcbZ4888KYPyr3ll/X1LA9ZdZSFv2IgTwoq+V:xiZxyr1l/FOgE1qo
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 60BE157057008DBEEB9FE8FF5789E58D9C2480C1FFFF31C050 39DC75FB4646536888092B005783C30453683CB813005683C3 045350C70303000200909090909055
                                      EPSEC: 1
                                      EPRVA: 002B2860
                                      IBASE: 00400000
                                      SEC:
                                      UPX0:E0000080:00000000000000000000000000000000:0
                                      UPX1:E0000040:9839E904B19A2AF8BAAA28DD22AFB553:129 5360
                                      .rsrc:C0000040:18D0905753B2A68E2D13659DC807AF14:13 312

                                      ----- D:.Corsair.Software_Downloads\FXCM_Scripts-Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip ---- General Threat
                                      Malware.Win32.Gen.D704.sm!ff
                                      MD5: E6545AA60E57359C2BDDEBFEC208CDB4:73076

                                      ----- D:.Corsair.Software_Downloads\FXCM_Scripts-Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip\DailyFX News\Setup.exe ---- General Threat
                                      Malware.Win32.Gen.D704.sm!ff
                                      Signature verification: False
                                      MD5: 5C5F36F22BE17E3A2BCA376C6118E421:96940
                                      FUZ: 1536:SpgpHzb9dZVX9fHMvG0D3XJiPYXnj3WCW2EW58A4Romu/T2Fn7kuNmjkcLxWCfBF:QgXdZt9P6D3XJznj3WCW2EW5x45DZ7 p+
                                      RIC: 102242B9CA8463C70811C15C226B34E1:23424
                                      RFH: 384:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96BlPNdi7znj3WUxW2EW5GzmVID:bZ/MZew/ig4RoBlldi7znj3WUxW2EW5g
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 81EC8001000053555633DB57895C2418C74424106091400033 F6C644241420FF15307040006801800000FF15B070400053FF 157C7240006A08A318EC4200E8F12B
                                      EPSEC: 0
                                      EPRVA: 000030FA
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24 064
                                      .rdata:40000040C77F8A1E6985A4361C55642680DDB4F:5120
                                      .data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:10 24
                                      .ndata:C0000080:00000000000000000000000000000000:0
                                      .rsrc:40000040:EDF58F8464AFD5BEF21628E6ED6A633B:26 624

                                      ----- D:.Corsair.Software_Downloads\FXCM_Scripts-Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip ---- General Threat
                                      Malware.Win32.Gen.89AA.sm!ff
                                      MD5: 4E775C4C984CAA2ADA230734A200220D:897465

                                      ----- D:.Corsair.Software_Downloads\FXCM_Scripts-Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip\Risk Manager\setup.exe ---- General Threat
                                      Malware.Win32.Gen.89AA.sm!ff
                                      FileVer: 1.0.0.0
                                      Name: FXCM Risk Management
                                      Signature verification: False
                                      NAC: 5FF6B545D28486EE4F43CB554385537F:20
                                      MD5: 40B46FE7807D9B87C7DF9AAADF90313C:64991
                                      FUZ: 1536:OpgpHzb9dZVX9fHMvG0D3XJG4Romu/nNWO7ztV/Xy4:UgXdZt9P6D3XJG458lb/Xy4
                                      RIC: 58B43C26C3B5FE1C5B8EEACEC149D37E:13784
                                      RFH: 192:6kZgHox9ZP2RqOSRMPCiBzxBc2BQQemDYa7/yI6kKh6M1hZ+0FAE8Sn2arNL6S:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 81EC8001000053555633DB57895C2418C74424106091400033 F6C644241420FF15307040006801800000FF15B070400053FF 157C7240006A08A318EC4200E8F12B
                                      EPSEC: 0
                                      EPRVA: 000030FA
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24 064
                                      .rdata:40000040C77F8A1E6985A4361C55642680DDB4F:5120
                                      .data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:10 24
                                      .ndata:C0000080:00000000000000000000000000000000:0
                                      .rsrc:40000040:84EC7D2209E289BAC50ECCD1142B801C:17 920

                                      ----- D:.Corsair.Software_Downloads\Utilities\ultradefra g-7.0.0.bin.amd64.exe ---- General Threat
                                      Malware.Win32.Gen.sm
                                      FileVer: 7.0.0
                                      Name: Ultra Defragmenter
                                      Company: UltraDefrag Development Team
                                      Signature verification: False
                                      NAC: 581CBEB0101E48C3ECD756937DC066A2:46
                                      MD5: B946C0C1EA7A1530E7DC588E310BD34F:2387006
                                      RIC: 83631C6EE60CB4FD09321EACFD478F66:57714
                                      RFH: 1536:rm+KmEWqG72KmGfkTcwSETgJYIWlyGKU8:rm+KmEWqG72 Km1/Kg
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 60BE00C043008DBE0050FCFF57EB0B908A064688074701DB75 078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11 DB11C001DB73EF75098B1E83EEFC11
                                      EPSEC: 1
                                      EPRVA: 00040600
                                      IBASE: 00400000
                                      SEC:
                                      UPX0:E0000080:00000000000000000000000000000000:0
                                      UPX1:E0000040:2914C76B87882DC1CD2DC8B386631D94:184 32
                                      .rsrc:C0000040:4D76D5F6DD794AC30F1EA7A9CFAF91B5:61 440

                                      ----- D:.Corsair.Software_Downloads\TechSmith Snagit v12.1.0 build 1322 Incl Keygen-TSZ [TorDigger]\keygen-tsz\Keygen.exe ---- General Threat
                                      Malware.Win32.Gen.cs1
                                      Signature verification: False
                                      MD5: 377444369B7BD18E6D1C25A8750D35C5:83968
                                      FUZ: 1536:WHoruMnw3SyNWHyWTCeu72TJJtyTbn+Vi6QTYYJ1nouy8 EX:Wwuay4NTLu2lJQf+/MtoutET
                                      RIC: D1EB2B45E19FC9CDC69F8FBBD8227CB9:7224
                                      RFH: 48:lHkqh3sfnt4ujq2Epu8metqPrIXHimU7yxvVK666y22bs69 YtnJgG3bagif+LqaD:ZCt4ujOUpACaHynLIn9TNNHOIO/bVg
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 60BE00E041008DBE0030FEFF5789E58D9C2480C1FFFF31C050 39DC75FB464653681EDD02005783C3045368FF1701005683C3 045350C70303000000909090909055
                                      EPSEC: 1
                                      EPRVA: 0002F810
                                      IBASE: 00400000
                                      SEC:
                                      UPX0:E0000080:00000000000000000000000000000000:0
                                      UPX1:E0000040:932AFEE10E547482DC70137792EA1736:747 52
                                      .rsrc:C0000040:2A21009FFBAF1E417AC5CF8B7969E732:81 92

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Auto.Restart\FXBlueAuto-RestartSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: 2EE63AFB09B5D99B0BA4AE6314813728:366299

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Auto.Restart\FXBlueAuto-RestartSetup.zip\FX Blue Auto-Restart Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 91E0D1F91C0A46DAC3885CB7CE4EFB08:367667
                                      FUZ: 6144:0z9B57WTB0DDGnR5ahqAjuEBHpy6lZJH3fh5BMnHrfjKg g4VVGpQ:y9X7WThXahq6NJy0hcDumVGpQ
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorReceiverSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: 9EBE948491F8C87DB27FD8F7B2A17AC8:912938

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorReceiverSetup.zip\FX Blue Trade Mirror Receiver Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 039443FF8582C0B16FFEBA66536650DE:671099
                                      FUZ: 12288:y9X7WThQ46jwzXnoBn7ROsxOmLpk4fLtHCtxF5nhcDum VGpA:y9CThQ4hX4ROsxXLpk4RKhii2GpA
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorSenderSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: 2B135F1B9485B209DBB2EA3033DB3A2A:754238

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorSenderSetup.zip\FX Blue Trade Mirror Sender Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 6A0D0A38C1484D1984F40D081B9B6647:569011
                                      FUZ: 12288:y9X7WThIb2XqqAO2vg5vyF7eeNjGhgnu5qhkbDhcDumV Gp2:y9CTh62XuO2MvylTq5Xii2Gp2
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue PL Manager\FXBluePLManagerSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: 537EF0293760785EA24A1F5F722C101C:324776

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue PL Manager\FXBluePLManagerSetup.zip\FX Blue PL Manager Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 1C21D9E9F43F4C91DCC7A54D5ABC64D0:319670
                                      FUZ: 6144:0z9B57WTB0DDGnISCiqs58cX9hXHYPlZJH3fh5BMnHrfj Kgg4VVGpv:y9X7WTh9+knPXAhcDumVGpv
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Personal.Trade.Copier\FXBluePersona lTradeCopierSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: D23987C5BA06B905C9DCBC5B5CBBF7B8:1592610

                                      ----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Personal.Trade.Copier\FXBluePersona lTradeCopierSetup.zip\FX Blue Personal Trade Copier Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 496515538FA084784BDBD10C188744FC:1120959
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- C:\Users\Owner\Desktop\zoek.exe ---- General Threat
                                      Malware.Win32.Gen.sm
                                      ProdVer: 5,0,0,1
                                      FileVer: 5,0,0,1
                                      Name: Zoek
                                      Company: http://www.hijackthis.nl/smeenk
                                      Signature verification: False
                                      NAC: 99299E80F7DAFE4C9D43DB5F58B173DC:35
                                      MD5: 7EA0260488F304D68067A50B33A23AC2:1309184
                                      RIC: FF6424C8D4F0AFF46A767882C86EC867:10032
                                      RFH: 192:LE888JDcbZ4888KYPyr3ll/X1LA9ZdZSFv2IgTwoq+V:xiZxyr1l/FOgE1qo
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 60BE157057008DBEEB9FE8FF5789E58D9C2480C1FFFF31C050 39DC75FB4646536888092B005783C30453683CB813005683C3 045350C70303000200909090909055
                                      EPSEC: 1
                                      EPRVA: 002B2860
                                      IBASE: 00400000
                                      SEC:
                                      UPX0:E0000080:00000000000000000000000000000000:0
                                      UPX1:E0000040:9839E904B19A2AF8BAAA28DD22AFB553:129 5360
                                      .rsrc:C0000040:18D0905753B2A68E2D13659DC807AF14:13 312

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Auto.Restart\FXBlueAuto-RestartSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: 2EE63AFB09B5D99B0BA4AE6314813728:366299

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Auto.Restart\FXBlueAuto-RestartSetup.zip\FX Blue Auto-Restart Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 91E0D1F91C0A46DAC3885CB7CE4EFB08:367667
                                      FUZ: 6144:0z9B57WTB0DDGnR5ahqAjuEBHpy6lZJH3fh5BMnHrfjKg g4VVGpQ:y9X7WThXahq6NJy0hcDumVGpQ
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorReceiverSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: 9EBE948491F8C87DB27FD8F7B2A17AC8:912938

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorReceiverSetup.zip\FX Blue Trade Mirror Receiver Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 039443FF8582C0B16FFEBA66536650DE:671099
                                      FUZ: 12288:y9X7WThQ46jwzXnoBn7ROsxOmLpk4fLtHCtxF5nhcDum VGpA:y9CThQ4hX4ROsxXLpk4RKhii2GpA
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorSenderSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: 2B135F1B9485B209DBB2EA3033DB3A2A:754238

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorSenderSetup.zip\FX Blue Trade Mirror Sender Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 6A0D0A38C1484D1984F40D081B9B6647:569011
                                      FUZ: 12288:y9X7WThIb2XqqAO2vg5vyF7eeNjGhgnu5qhkbDhcDumV Gp2:y9CTh62XuO2MvylTq5Xii2Gp2
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue PL Manager\FXBluePLManagerSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: 537EF0293760785EA24A1F5F722C101C:324776

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue PL Manager\FXBluePLManagerSetup.zip\FX Blue PL Manager Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 1C21D9E9F43F4C91DCC7A54D5ABC64D0:319670
                                      FUZ: 6144:0z9B57WTB0DDGnISCiqs58cX9hXHYPlZJH3fh5BMnHrfj Kgg4VVGpv:y9X7WTh9+knPXAhcDumVGpv
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Personal.Trade.Copier\FXBluePersona lTradeCopierSetup.zip ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      MD5: D23987C5BA06B905C9DCBC5B5CBBF7B8:1592610

                                      ----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Personal.Trade.Copier\FXBluePersona lTradeCopierSetup.zip\FX Blue Personal Trade Copier Setup.exe ---- General Threat
                                      Malware.Win32.Gen.sm!s1
                                      ProdVer: 1.0.1.0
                                      FileVer: 1.0.1.0
                                      Name: ExeWrapp Application
                                      Signature verification: False
                                      NAC: DF235A11E37E0218E38CF3594413B63B:20
                                      MD5: 496515538FA084784BDBD10C188744FC:1120959
                                      RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
                                      RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM: mWQCk+/EBSCYKPU109xk9eG/dCqO6s
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A3887141 00890D84714100891580714100891D7C714100893578714100 893D74714100668C15A0714100668C
                                      EPSEC: 0
                                      EPRVA: 00005EDC
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59 392
                                      .rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:2 3040
                                      .data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:46 08
                                      .rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20 992
                                      .reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6 144

                                      ----- F:\D_full_files\Downloads.on.D.Drive\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip ---- General Threat
                                      Malware.Win32.Gen.D704.sm!ff
                                      MD5: E6545AA60E57359C2BDDEBFEC208CDB4:73076

                                      ----- F:\D_full_files\Downloads.on.D.Drive\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip\DailyFX News\Setup.exe ---- General Threat
                                      Malware.Win32.Gen.D704.sm!ff
                                      Signature verification: False
                                      MD5: 5C5F36F22BE17E3A2BCA376C6118E421:96940
                                      FUZ: 1536:SpgpHzb9dZVX9fHMvG0D3XJiPYXnj3WCW2EW58A4Romu/T2Fn7kuNmjkcLxWCfBF:QgXdZt9P6D3XJznj3WCW2EW5x45DZ7 p+
                                      RIC: 102242B9CA8463C70811C15C226B34E1:23424
                                      RFH: 384:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96BlPNdi7znj3WUxW2EW5GzmVID:bZ/MZew/ig4RoBlldi7znj3WUxW2EW5g
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 81EC8001000053555633DB57895C2418C74424106091400033 F6C644241420FF15307040006801800000FF15B070400053FF 157C7240006A08A318EC4200E8F12B
                                      EPSEC: 0
                                      EPRVA: 000030FA
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24 064
                                      .rdata:40000040C77F8A1E6985A4361C55642680DDB4F:5120
                                      .data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:10 24
                                      .ndata:C0000080:00000000000000000000000000000000:0
                                      .rsrc:40000040:EDF58F8464AFD5BEF21628E6ED6A633B:26 624

                                      ----- F:\D_full_files\Downloads.on.D.Drive\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip ---- General Threat
                                      Malware.Win32.Gen.89AA.sm!ff
                                      MD5: 4E775C4C984CAA2ADA230734A200220D:897465

                                      ----- F:\D_full_files\Downloads.on.D.Drive\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip\Risk Manager\setup.exe ---- General Threat
                                      Malware.Win32.Gen.89AA.sm!ff
                                      FileVer: 1.0.0.0
                                      Name: FXCM Risk Management
                                      Signature verification: False
                                      NAC: 5FF6B545D28486EE4F43CB554385537F:20
                                      MD5: 40B46FE7807D9B87C7DF9AAADF90313C:64991
                                      FUZ: 1536:OpgpHzb9dZVX9fHMvG0D3XJG4Romu/nNWO7ztV/Xy4:UgXdZt9P6D3XJG458lb/Xy4
                                      RIC: 58B43C26C3B5FE1C5B8EEACEC149D37E:13784
                                      RFH: 192:6kZgHox9ZP2RqOSRMPCiBzxBc2BQQemDYa7/yI6kKh6M1hZ+0FAE8Sn2arNL6S:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 81EC8001000053555633DB57895C2418C74424106091400033 F6C644241420FF15307040006801800000FF15B070400053FF 157C7240006A08A318EC4200E8F12B
                                      EPSEC: 0
                                      EPRVA: 000030FA
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24 064
                                      .rdata:40000040C77F8A1E6985A4361C55642680DDB4F:5120
                                      .data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:10 24
                                      .ndata:C0000080:00000000000000000000000000000000:0
                                      .rsrc:40000040:84EC7D2209E289BAC50ECCD1142B801C:17 920

                                      ----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Soft ware\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip ---- General Threat
                                      Malware.Win32.Gen.D704.sm!ff
                                      MD5: E6545AA60E57359C2BDDEBFEC208CDB4:73076

                                      ----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Soft ware\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip\DailyFX News\Setup.exe ---- General Threat
                                      Malware.Win32.Gen.D704.sm!ff
                                      Signature verification: False
                                      MD5: 5C5F36F22BE17E3A2BCA376C6118E421:96940
                                      FUZ: 1536:SpgpHzb9dZVX9fHMvG0D3XJiPYXnj3WCW2EW58A4Romu/T2Fn7kuNmjkcLxWCfBF:QgXdZt9P6D3XJznj3WCW2EW5x45DZ7 p+
                                      RIC: 102242B9CA8463C70811C15C226B34E1:23424
                                      RFH: 384:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96BlPNdi7znj3WUxW2EW5GzmVID:bZ/MZew/ig4RoBlldi7znj3WUxW2EW5g
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 81EC8001000053555633DB57895C2418C74424106091400033 F6C644241420FF15307040006801800000FF15B070400053FF 157C7240006A08A318EC4200E8F12B
                                      EPSEC: 0
                                      EPRVA: 000030FA
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24 064
                                      .rdata:40000040C77F8A1E6985A4361C55642680DDB4F:5120
                                      .data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:10 24
                                      .ndata:C0000080:00000000000000000000000000000000:0
                                      .rsrc:40000040:EDF58F8464AFD5BEF21628E6ED6A633B:26 624

                                      ----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Soft ware\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip ---- General Threat
                                      Malware.Win32.Gen.89AA.sm!ff
                                      MD5: 4E775C4C984CAA2ADA230734A200220D:897465

                                      ----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Soft ware\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip\Risk Manager\setup.exe ---- General Threat
                                      Malware.Win32.Gen.89AA.sm!ff
                                      FileVer: 1.0.0.0
                                      Name: FXCM Risk Management
                                      Signature verification: False
                                      NAC: 5FF6B545D28486EE4F43CB554385537F:20
                                      MD5: 40B46FE7807D9B87C7DF9AAADF90313C:64991
                                      FUZ: 1536:OpgpHzb9dZVX9fHMvG0D3XJG4Romu/nNWO7ztV/Xy4:UgXdZt9P6D3XJG458lb/Xy4
                                      RIC: 58B43C26C3B5FE1C5B8EEACEC149D37E:13784
                                      RFH: 192:6kZgHox9ZP2RqOSRMPCiBzxBc2BQQemDYa7/yI6kKh6M1hZ+0FAE8Sn2arNL6S:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 81EC8001000053555633DB57895C2418C74424106091400033 F6C644241420FF15307040006801800000FF15B070400053FF 157C7240006A08A318EC4200E8F12B
                                      EPSEC: 0
                                      EPRVA: 000030FA
                                      IBASE: 00400000
                                      SEC:
                                      .text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24 064
                                      .rdata:40000040C77F8A1E6985A4361C55642680DDB4F:5120
                                      .data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:10 24
                                      .ndata:C0000080:00000000000000000000000000000000:0
                                      .rsrc:40000040:84EC7D2209E289BAC50ECCD1142B801C:17 920

                                      ----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Soft ware\TechSmith Snagit v12.1.0 build 1322 Incl Keygen-TSZ [TorDigger]\keygen-tsz\Keygen.exe ---- General Threat
                                      Malware.Win32.Gen.cs1
                                      Signature verification: False
                                      MD5: 377444369B7BD18E6D1C25A8750D35C5:83968
                                      FUZ: 1536:WHoruMnw3SyNWHyWTCeu72TJJtyTbn+Vi6QTYYJ1nouy8 EX:Wwuay4NTLu2lJQf+/MtoutET
                                      RIC: D1EB2B45E19FC9CDC69F8FBBD8227CB9:7224
                                      RFH: 48:lHkqh3sfnt4ujq2Epu8metqPrIXHimU7yxvVK666y22bs69 YtnJgG3bagif+LqaD:ZCt4ujOUpACaHynLIn9TNNHOIO/bVg
                                      SUBS: Win32 GUI
                                      PE: x86
                                      EP: 60BE00E041008DBE0030FEFF5789E58D9C2480C1FFFF31C050 39DC75FB464653681EDD02005783C3045368FF1701005683C3 045350C70303000000909090909055
                                      EPSEC: 1
                                      EPRVA: 0002F810
                                      IBASE: 00400000
                                      SEC:
                                      UPX0:E0000080:00000000000000000000000000000000:0
                                      UPX1:E0000040:932AFEE10E547482DC70137792EA1736:747 52
                                      .rsrc:C0000040:2A21009FFBAF1E417AC5CF8B7969E732:81 92

                                      Scan completed

                                      Scan result: 51 detected items
                                      Scan completed in: Scan completed in 43 minute(s) 7 sec.
                                      Files were scanned: 47169
                                      Code:
                                      [B]SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16][/B]
WebSite: [www.safezone.cc]('http://www.safezone.cc')
DateLog: 18.11.2016 12:54:23
Path starting: C:\Users\Owner\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Owner
VersionXML: 3.51is-12.11.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) Professional Lang: English(0409)
Installation date OS: 10.02.2014 05:09:30
LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [223.5 Gb] Used: [67.1 Gb] Free: [156.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18426 [B]Warning! [Download Update]('http://windows.microsoft.com/en-us/internet-explorer/ie-11-worldwide-languages')
Online installation. Last version available when Windows update is enabled throught the Internet.[/B]
User Account Control [B]enabled[/B]
Notify before download
Date install updates: 2016-11-05 01:53:58
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4569.1506
---------------------------- [ Antivirus_WMI ] ----------------------------
Panda Free Antivirus (disabled)
---------------------------- [ Firewall_WMI ] -----------------------------
Panda Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Panda Free Antivirus (disabled)
Windows Defender (disabled and out of date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Panda Free Antivirus v.8.04.00.0000
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.60.1
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.4
WinRAR 5.00 (64-bit) v.5.00.0 [B]Warning! [Download Update]('http://www.rarlab.com/download.htm')[/B]
7-Zip 9.20 (x64 edition) v.9.20.00.0 [B]Warning! [Download Update]('http://www.7-zip.org/download.html')
Uninstall old version and install new one.[/B]
Microsoft Silverlight v.5.1.30214.0 [B]Warning! [Download Update]('https://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx')[/B]
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 25 v.8.0.250 [B]Warning! [Download Update]('http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html')
Uninstall old version and install new one (jre-8u112-windows-i586.exe).[/B]
Java 8 Update 31 v.8.0.310 [B]Warning! [Download Update]('http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html')
Uninstall old version and install new one (jre-8u112-windows-i586.exe).[/B]
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 17 NPAPI v.17.0.0.169 [B]Warning! [Download Update]('http://download.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe')[/B]
Adobe Acrobat Reader DC v.15.020.20042
------------------------------- [ Browser ] -------------------------------
Google Chrome v.54.0.2840.99
Opera Stable 41.0.2353.56 v.41.0.2353.56
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe v.4.0.0.646
Panda Protection Service (NanoServiceMain) - The service has stopped
Panda Product Service (PSUAService) - The service has stopped
Panda Devices Agent (PandaAgent) - The service has stopped
Windows Defender (WinDefend) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Loaris Trojan Remover 2.0.24 v.2.0.24 [B]Warning![/B] Suspected demo version of anti-spyware or optimization program - scareware or badware. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

GWX
C:\Windows\winsxs\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23396_none_ba1ea7c6f4920e24
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036
C:\Users\Owner\AppData\Local\GWX
C:\Windows\Logs\Gwx
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231
C:\Windows\winsxs\FileMaps\$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\FileMaps\$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\01b7a421073ed201ee1200009c07a807.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\01b7a421073ed201ef1200009c07a807.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1213d599d03dd2013141000078078407.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
D:\.Corsair.Software_Downloads\0AV.Alerts.Popups\2016.05.04_GWXUX.popup.JPG
C:\Windows\winsxs\Temp\PendingRenames\22605a9ad03dd2013c41000078078407.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ed120000f407a002.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ee120000f407a002.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ef120000f407a002.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6478674ed03dd201e912000078078407.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7c7a2417bd3dd201e9120000a407b007.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9398de99d03dd2013341000078078407.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a055a221073ed201ed1200009c07a807.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a1c7c079d03dd201aa2e000078078407.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-ins_31bf3856ad364e35_6.1.7601.23396_none_a8be71bc81a2397b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23396_none_ba1ea7c6f4920e24.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036.manifest
C:\Windows\winsxs\Temp\PendingRenames\c1fe579ad03dd2013b41000078078407.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e47c4ed03dd201ee12000078078407.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e47c4ed03dd201ef12000078078407.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d5f9c54d073ed201a72e00009c07a807.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\dee63917bd3dd201ee120000a407b007.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\dee63917bd3dd201ef120000a407b007.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fc0e68e4d43dd201a02e0000f407a002.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\GWX Control Panel User Guide.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\GWX Control Panel.lnk
C:\Users\Public\Desktop\GWX Control Panel.lnk
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWX.exe
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231\GWX.exe
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GWX.post.fix.Results.Asus.Corsair.JPG
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GWX.Results.Asus.Corsair.JPG
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXConfigManager.exe
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GwxControlPanelLog.txt
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GwxControlPanelSetup.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXDetector.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f\GWXGC.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXMig.inf
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUI.dll
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUX.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUXWorker.exe
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\Uninstall GWX Control Panel.lnk
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231.manifest
                                      Telemetry

                                      C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b 1b7ec100d8e3b
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59 f18f2101b1222
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18503_none_e5d bf9380fee0247
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18551_none_e5a 3e90810185b4e
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18653_none_e5a 5eb8210168b23
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e58 57bbe102edef6
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18742_none_e5a fbd0a100f5302
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e65 9ab392914c3fe
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be4 60b59c2a
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea 60c32011
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18503_none_66539d30 60961036
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18653_none_661d8f7a 60be9912
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18683_none_65fd1fb6 60d6ece5
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18742_none_66276102 60b760f1
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574 c7d41010b
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5 f71db043ad
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847 a11d97ed01
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78 f236dc8149
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea 9c36c42a9d
                                      C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry
                                      C:\Program Files\NVIDIA Corporation\NvTelemetry
                                      C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry
                                      C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry
                                      C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}
                                      C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry
                                      C:\Users\Owner\AppData\Roaming\Microsoft\Microsoft Security Client\Telemetry
                                      C:\Windows\AppCompat\Appraiser\Telemetry
                                      C:\Windows\System32\config\systemprofile\AppData\R oaming\Microsoft\Microsoft Security Client\Telemetry
                                      C:\Windows\winsxs\FileMaps$$_appcompat_appraiser_t elemetry_94274e99519f58a9.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\092ebd43d03d d201c10b000078078407.$$_appcompat_appraiser_teleme try_94274e99519f58a9.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\8132cd16073e d201c10b00009c07a807.$$_appcompat_appraiser_teleme try_94274e99519f58a9.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\88a47eaed43d d201c10b0000f407a002.$$_appcompat_appraiser_teleme try_94274e99519f58a9.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\a3b5830cbd3d d201c10b0000a407b007.$$_appcompat_appraiser_teleme try_94274e99519f58a9.cdf-ms
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b 1b7ec100d8e3b.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59 f18f2101b1222.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18503_none_e5d bf9380fee0247.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18551_none_e5a 3e90810185b4e.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18653_none_e5a 5eb8210168b23.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e58 57bbe102edef6.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18742_none_e5a fbd0a100f5302.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e65 9ab392914c3fe.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be4 60b59c2a.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea 60c32011.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18503_none_66539d30 60961036.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18551_none_661b8d00 60c0693d.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18653_none_661d8f7a 60be9912.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18683_none_65fd1fb6 60d6ece5.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18742_none_66276102 60b760f1.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23412_none_66d14f31 79bcd1ed.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574 c7d41010b.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5 f71db043ad.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847 a11d97ed01.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78 f236dc8149.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea 9c36c42a9d.manifest
                                      C:\Windows\AppCompat\Appraiser\APPRAISER_Telemetry Baseline.bin
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..ence-inventory.data_31bf3856ad364e35_6.1.7601.23412_non e_b7bb39c6464eeaab\Appraiser_TelemetryRunList.xml
                                      C:\Windows\winsxs\Temp\PendingRenames\b48ea09bbe3d d201c10b0000d8048807.$$_appcompat_appraiser_teleme try_94274e99519f58a9.cdf-ms
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f 7003efe9645d3\CompatTelemetry.inf
                                      C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
                                      C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-301-0.sqm
                                      C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-302-0.sqm
                                      C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-303-0.sqm
                                      C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-304-0.sqm
                                      C:\Program Files (x86)\Microsoft Office\Office15\msotelemetry.dll
                                      C:\Program Files (x86)\Microsoft Office\Office15\1033\msotelemetryintl.dll
                                      C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User\NvTelemetry.d ll
                                      C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NvTelemetry.d ll
                                      C:\ProgramData\NVIDIA Corporation\Downloader\latest\NVI2\NvTelemetry.dll
                                      C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTeleme try.dll
                                      C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry\nvtelemetry.log
                                      C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry\nvtelemetry.log.bak
                                      C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}\NvTelemetry.nvi
                                      C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTeleme try.nvi
                                      C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}\NvTelemetry.NVX
                                      C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvTelemetryAPI.js
                                      C:\ProgramData\NVIDIA Corporation\Downloader\latest\nodejs\NvTelemetryAP I.js
                                      C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI32.dll
                                      C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTeleme tryAPI32.dll
                                      C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI64.dll
                                      C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTeleme tryAPI64.dll
                                      C:\Windows\System32\Tasks\Microsoft\Office\OfficeT elemetryAgentFallBack
                                      C:\Windows\System32\Tasks\Microsoft\Office\OfficeT elemetryAgentLogOn
                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk
                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk
                                      C:\ProgramData\Microsoft\Diagnosis\DownloadedSetti ngs\telemetry.ASM-WindowsDefault.json
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5 f71db043ad\telemetry.ASM-WindowsDefault.json
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847 a11d97ed01\telemetry.ASM-WindowsDefault.json
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78 f236dc8149\telemetry.ASM-WindowsDefault.json
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea 9c36c42a9d\telemetry.ASM-WindowsDefault.json
                                      C:\ProgramData\Microsoft\Diagnosis\DownloadedSetti ngs\telemetry.ASM-WindowsDefault.json.bk
                                      C:\Program Files (x86)\Microsoft Office\Office15\1033\TelemetryDashboard.xltx
                                      C:\Program Files (x86)\Microsoft Office\Office15\1033\TelemetryLog.xltx
                                      C:\Users\Owner\AppData\Local\GWX\TelemetryStore.xm l
                                      C:\Users\Owner\AppData\Local\GWX\TelemetryStore.xm l.lock
                                      Code:
                                      Diag

C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06
C:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_365b53d91b3ce4ff
C:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc
C:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_36c870f2346f4f0e
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_36a0dee2348e195e
C:\Windows\winsxs\amd64_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_501611cee0eb67c8
C:\Windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311
C:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351
C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45
C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874
C:\Windows\winsxs\amd64_microsoft-windows-diagcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_640f478eb91d197a
C:\Windows\winsxs\amd64_microsoft-windows-diagcpl_31bf3856ad364e35_6.1.7601.17514_none_38e0b39aee9579c3
C:\Windows\winsxs\amd64_microsoft-windows-diskdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_b8b9f3bcc473892a
C:\Windows\winsxs\amd64_microsoft-windows-dispdiag_31bf3856ad364e35_6.1.7600.16385_none_a0d95afc49c833b6
C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.16428_none_f246234dd65241b6
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17041_none_f27404efd62f4e60
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17126_none_f266c287d639b7c8
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17239_none_f25cae8dd64139f3
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17501_none_f239f42bd65b74b9
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17633_none_f231f78dd6610ff1
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18282_none_f262515dd63c0266
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18314_none_f25051dbd64aa038
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18349_none_f252e0d1d6486c62
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18426_none_f24654a9d65208c2
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18449_none_f24810e5d6508853
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18499_none_f24d1257d64c0706
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_94807fb08c727921
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_94ae61528c4f85cb
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_94a11eea8c59ef33
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_94970af08c61715e
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_9474508e8c7bac24
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_946c53f08c81475c
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_949cadc08c5c39d1
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_948aae3e8c6ad7a3
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_948d3d348c68a3cd
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_9480b10c8c72402d
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_94826d488c70bfbe
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_94876eba8c6c3e71
C:\Windows\winsxs\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc
C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0
C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224
C:\Windows\winsxs\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c
C:\Windows\winsxs\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.1.7600.16385_none_84db2473005c51cb
C:\Windows\winsxs\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.1.7601.17514_none_f1fca1ab90570e8a
C:\Windows\winsxs\amd64_microsoft-windows-m..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_15f0d2a592fd0ac2
C:\Windows\winsxs\amd64_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_ba9155a54beaf1c2
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006
C:\Windows\winsxs\amd64_microsoft-windows-p..ancediagnostics-adm_31bf3856ad364e35_6.1.7600.16385_none_bbee9da8b0773714
C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa
C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e
C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554
C:\Windows\winsxs\amd64_microsoft-windows-r..ance-diag.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0aa841d0afc8562e
C:\Windows\winsxs\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_b70694aa97134f37
C:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-diag_31bf3856ad364e35_6.1.7600.16385_none_0f7601a1f6f55d23
C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98
C:\Windows\winsxs\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50
C:\Windows\winsxs\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f
C:\Windows\winsxs\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2
C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0
C:\Windows\winsxs\amd64_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_2d12dfd1b218fe11
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_fa0b58d89010ee0a
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_e33eb23ea9b767b8
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17514_none_f5ecee5ec06d0cf0
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17966_none_f5f1c1b0c068c029
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18523_none_f5ee0756c06c09cd
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18532_none_f5ef1e68c06b0983
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22126_none_df201cf2da13b521
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22733_none_df2160bcda12837b
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22743_none_df226106da119cd2
C:\ProgramData\Microsoft\Diagnosis
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
C:\PerfLogs\System\Diagnostics
C:\Users\Owner\AppData\Local\Diagnostics
C:\Windows\diagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
C:\Users\Owner\AppData\Local\ElevatedDiagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop
C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources
C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine
C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources
C:\Windows\winsxs\msil_microsoft.powershel..ommands.diagnostics_31bf3856ad364e35_6.1.7601.17514_none_35339da6e2cf3848
C:\Windows\winsxs\msil_microsoft.windows.d..diaginput.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a1ca5dc4d29b78b
C:\Windows\winsxs\msil_microsoft.windows.d..ds.updatediagreport_31bf3856ad364e35_6.1.7600.16385_none_b52cef29a48aa15f
C:\Windows\winsxs\msil_microsoft.windows.d..mmands.getdiaginput_31bf3856ad364e35_6.1.7600.16385_none_6d8cb854e89282b8
C:\Windows\winsxs\msil_microsoft.windows.d..s.writediagprogress_31bf3856ad364e35_6.1.7600.16385_none_e38c01a0031da2a2
C:\Windows\winsxs\msil_microsoft.windows.d..updatediagrootcause_31bf3856ad364e35_6.1.7600.16385_none_8aa80511ddf38090
C:\Windows\winsxs\msil_microsoft.windows.diagnosis.sdhost_31bf3856ad364e35_6.1.7600.16385_none_65a203c8a2dd2bc2
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17514_none_72eeb0016ca58ae6
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17966_none_72f383536ca13e1f
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18523_none_72efc8f96ca487c3
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18532_none_72f0e00b6ca38779
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22126_none_5c21de95864c3317
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22733_none_5c23225f864b0171
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22743_none_5c2422a9864a1ac8
C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDiagnostics
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics
C:\Windows\assembly\GAC_MSIL\SMDiagnostics
C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics
C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Contracts
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Debug
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tools
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing
C:\Windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_da3cb85562df73c9
C:\Windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_da1934b762fa8f86
C:\Windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_daa9d56e7c11ddd8
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_da82435e7c30a828
C:\Windows\winsxs\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_25cb021dbc0611db
C:\Windows\winsxs\x86_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_362ce835fe42421b
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_3861e42cd41507eb
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_388fc5ced3f21495
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_38828366d3fc7dfd
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_38786f6cd4040028
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_3855b50ad41e3aee
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_384db86cd423d626
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_387e123cd3fec89b
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_386c12bad40d666d
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_386ea1b0d40b3297
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_38621588d414cef7
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_3863d1c4d4134e88
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_3868d336d40ecd3b
C:\Windows\winsxs\x86_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_5e72ba21938d808c
C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01
C:\Windows\winsxs\x86_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_d0f4444df9bb8cdb
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_41b88fafa48d1710
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_2aebe915be3390be
C:\Windows\winsxs\FileMaps\$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\011658c8d43dd201681c0000f407a002.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\011658c8d43dd201691c0000f407a002.$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Program Files (x86)\TechSmith\Snagit 12\Stamps\Windows Interface\023 Disclosure Arrow Diagonal Right.pdf
C:\Program Files (x86)\TechSmith\Snagit 12\Stamps\Windows Interface\024 Disclosure Arrow Diagonal Down.pdf
C:\Windows\winsxs\Temp\PendingRenames\0293ef55d03dd2010419000078078407.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\08e61831073ed2016d1c00009c07a807.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\08e61831073ed2016e1c00009c07a807.$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\092ebd43d03dd201c20b000078078407.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\092ebd43d03dd201c30b000078078407.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\09e3f021073ed201591300009c07a807.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\09e3f021073ed2015a1300009c07a807.$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\0a321748d03dd201fe0e000078078407.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\0a321748d03dd201ff0e000078078407.$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\0bd31e2abd3dd201aa1e0000a407b007.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1ba74132bd3dd20139240000a407b007.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1ba74132bd3dd2013a240000a407b007.$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1fbb3a30bd3dd201e3220000a407b007.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1fbb3a30bd3dd201e4220000a407b007.programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21ba43d4d43dd20134240000f407a002.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21ba43d4d43dd20135240000f407a002.$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21ba43d4d43dd20136240000f407a002.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21be9927bd3dd201531d0000a407b007.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21d7511d073ed201bb1000009c07a807.programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\25ce3cd2d43dd201e1220000f407a002.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\25ce3cd2d43dd201e2220000f407a002.programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\263ef0b4d43dd201bb100000f407a002.programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\26d49e69d03dd2013824000078078407.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\29e0e35ed03dd201531d000078078407.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2ae89767d03dd201e322000078078407.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2ae89767d03dd201e422000078078407.programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2c5dd743d03dd201c60b000078078407.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2c5dd743d03dd201c70b000078078407.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2c5dd743d03dd201c80b000078078407.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2c5dd743d03dd201c90b000078078407.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2ca02a3d073ed201342400009c07a807.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2ca02a3d073ed201352400009c07a807.$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2eab3d3d073ed2013a2400009c07a807.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\32296317073ed201350c00009c07a807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\32dca766073ed201ad3c00009c07a807.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\358d7d48d03dd201670f000078078407.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\369d0ac9d43dd201e31c0000f407a002.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\371fbd9bbe3dd201c80b0000d8048807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\371fbd9bbe3dd201c90b0000d8048807.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3823adc3d43dd2017f1a0000f407a002.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\392b3c5dd03dd201fe1b000078078407.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\392b3c5dd03dd201ff1b000078078407.$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3d4b6426bd3dd2016a1c0000a407b007.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3d4b6426bd3dd2016b1c0000a407b007.$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3f7c3836073ed201961f00009c07a807.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3fbf504fd03dd2012714000078078407.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\43df575ad03dd201f51a000078078407.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\43df575ad03dd201f61a000078078407.$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\45ea8fc9d43dd201511d0000f407a002.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\46f470d4d43dd2013f240000f407a002.$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\47662c4ad03dd201bb10000078078407.programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\4877559cbe3dd201390c0000d8048807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\4aaf3d32073ed2014f1d00009c07a807.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\4b97b731bd3dd201cc230000a407b007.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\4cc4313d073ed201382400009c07a807.$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\51da573d073ed2013f2400009c07a807.$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5334b221bd3dd201811a0000a407b007.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\534d6a17073ed201390c00009c07a807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5435e8c7d43dd201fc1b0000f407a002.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5435e8c7d43dd201fd1b0000f407a002.$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\54ac190dbd3dd201350c0000a407b007.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\54dee829073ed2016a1900009c07a807.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\57f3dc34073ed201a81e00009c07a807.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5ac35044d03dd201350c000078078407.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5ae43c32bd3dd20136240000a407b007.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5ae43c32bd3dd20137240000a407b007.$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5ae43c32bd3dd20138240000a407b007.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5b56fc58d03dd201811a000078078407.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5cdfc662d03dd201981f000078078407.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\62f4f155d03dd2010519000078078407.$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6372e047d03dd201f80e000078078407.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6372e047d03dd201f90e000078078407.$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\671cad69d03dd2013b24000078078407.$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6791b55dd03dd2016f1c000078078407.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6791b55dd03dd201701c000078078407.$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6b34212abd3dd201ab1e0000a407b007.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6dbcf026bd3dd201de1c0000a407b007.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6eb34111bd3dd201660f0000a407b007.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6eb34111bd3dd201670f0000a407b007.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6fafc64ed03dd2015b13000078078407.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6fafc64ed03dd2015c13000078078407.$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e12200009c07a807.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e22200009c07a807.programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e32200009c07a807.programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e42200009c07a807.programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e52200009c07a807.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e62200009c07a807.programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\72d21627bd3dd201e51c0000a407b007.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\75d0200dbd3dd201390c0000a407b007.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\76de3a5ed03dd201de1c000078078407.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7894a031073ed201dc1c00009c07a807.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7a1e9d30073ed201fc1b00009c07a807.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7a1e9d30073ed201fd1b00009c07a807.$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7af4605ed03dd201e51c000078078407.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7be75744d03dd201390c000078078407.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7c25562c073ed2017f1a00009c07a807.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7caac631073ed201e31c00009c07a807.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f148927bd3dd201511d0000a407b007.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e5220000a407b007.programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e6220000a407b007.programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e7220000a407b007.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e8220000a407b007.programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e9220000a407b007.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\801e6a32bd3dd20141240000a407b007.$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\808cf012bd3dd201bb100000a407b007.programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8132cd16073ed201c20b00009c07a807.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8132cd16073ed201c30b00009c07a807.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\829b61c8d43dd2016d1c0000f407a002.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\829b61c8d43dd2016e1c0000f407a002.$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e3220000f407a002.programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e4220000f407a002.programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e5220000f407a002.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e6220000f407a002.programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e7220000f407a002.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\87600f31073ed201681c00009c07a807.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\87600f31073ed201691c00009c07a807.$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8836d35ed03dd201511d000078078407.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\88a47eaed43dd201c20b0000f407a002.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\88a47eaed43dd201c30b0000f407a002.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e522000078078407.programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e622000078078407.programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e722000078078407.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e822000078078407.programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e922000078078407.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8c012d3d073ed201362400009c07a807.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\906017ccd43dd201a81e0000f407a002.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\916149c1d43dd2016a190000f407a002.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\92e8e6c8d43dd201dc1c0000f407a002.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\957a7261d03dd201aa1e000078078407.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9ab57f22073ed201251400009c07a807.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9b42a430073ed201fe1b00009c07a807.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9b42a430073ed201ff1b00009c07a807.$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9c110bbad43dd20125140000f407a002.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9e22a5c0d43dd20102190000f407a002.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9e22a5c0d43dd20103190000f407a002.$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a1dc3f29073ed201021900009c07a807.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a1dc3f29073ed201031900009c07a807.$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3407fc9d43dd2014f1d0000f407a002.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b5830cbd3dd201c20b0000a407b007.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b5830cbd3dd201c30b0000a407b007.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b9dd10bd3dd201fe0e0000a407b007.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b9dd10bd3dd201ff0e0000a407b007.$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a461e716073ed201c60b00009c07a807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a461e716073ed201c70b00009c07a807.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a461e716073ed201c80b00009c07a807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a461e716073ed201c90b00009c07a807.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\abd398aed43dd201c60b0000f407a002.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\abd398aed43dd201c70b0000f407a002.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\abd398aed43dd201c80b0000f407a002.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\abd398aed43dd201c90b0000f407a002.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ad724e1fbd3dd2016c190000a407b007.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AdoNetDiag.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77\AdoNetDiag.dll
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_fa0b58d89010ee0a\AdoNetDiag.dll
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_e33eb23ea9b767b8\AdoNetDiag.dll
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d\AdoNetDiag.dll
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_41b88fafa48d1710\AdoNetDiag.dll
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_2aebe915be3390be\AdoNetDiag.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\adonetdiag.mof
C:\Windows\Microsoft.NET\Framework\v4.0.30319\adonetdiag.mof
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77\adonetdiag.mof
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d\adonetdiag.mof
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\adonetdiag.mof.uninstall
C:\Windows\Microsoft.NET\Framework\v4.0.30319\adonetdiag.mof.uninstall
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\AeroDiagnostic.xml
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_365b53d91b3ce4ff.manifest
C:\Windows\winsxs\Backup\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc.manifest
C:\Windows\winsxs\Backup\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc_memtest.efi_01d7fdbb
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_36c870f2346f4f0e.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_36a0dee2348e195e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_36a0dee2348e195e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_501611cee0eb67c8.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-diagcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_640f478eb91d197a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-diagcpl_31bf3856ad364e35_6.1.7601.17514_none_38e0b39aee9579c3.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-disk-failure-diagnosis_31bf3856ad364e35_6.1.7600.16385_none_47858f39be748ba7.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-diskdiagnosis-events_31bf3856ad364e35_6.1.7600.16385_none_f3940ccd09208b7d.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-diskdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_b8b9f3bcc473892a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-dispdiag_31bf3856ad364e35_6.1.7600.16385_none_a0d95afc49c833b6.manifest
C:\Windows\winsxs\Backup\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f_werdiagcontroller.dll_208f2db3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.16428_none_f246234dd65241b6.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17041_none_f27404efd62f4e60.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17126_none_f266c287d639b7c8.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17239_none_f25cae8dd64139f3.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17501_none_f239f42bd65b74b9.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17633_none_f231f78dd6610ff1.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18282_none_f262515dd63c0266.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18314_none_f25051dbd64aa038.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18349_none_f252e0d1d6486c62.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18426_none_f24654a9d65208c2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18449_none_f24810e5d6508853.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18499_none_f24d1257d64c0706.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18499_none_f24d1257d64c0706.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_94807fb08c727921.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_94ae61528c4f85cb.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_94a11eea8c59ef33.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_94970af08c61715e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_9474508e8c7bac24.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_946c53f08c81475c.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_949cadc08c5c39d1.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_948aae3e8c6ad7a3.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_948d3d348c68a3cd.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_9480b10c8c72402d.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_94826d488c70bfbe.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_94876eba8c6c3e71.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_94876eba8c6c3e71.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.1.7600.16385_none_84db2473005c51cb.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.1.7601.17514_none_f1fca1ab90570e8a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-m..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_15f0d2a592fd0ac2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_ba9155a54beaf1c2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-p..ancediagnostics-adm_31bf3856ad364e35_6.1.7600.16385_none_bbee9da8b0773714.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..ance-diag.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0aa841d0afc8562e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..diagnostic-settings_31bf3856ad364e35_6.1.7600.16385_none_be61cec8a576ed5f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_b70694aa97134f37.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..k-diagnostic-events_31bf3856ad364e35_6.1.7600.16385_none_b24e85b5510ae61f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..rce-leak-diagnostic_31bf3856ad364e35_6.1.7600.16385_none_e49e4b3cc6f25195.manifest
C:\Windows\winsxs\Backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ba0c82eccf526351_rasdiag.dll.mui_15cb4ec4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a_rasdiag.dll_341d4299
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-remoteassistance-diag_31bf3856ad364e35_6.1.7600.16385_none_0f7601a1f6f55d23.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..diagnosticspackages_31bf3856ad364e35_6.1.7601.17514_none_0485b783573cc1d2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..diagnosticsprovider_31bf3856ad364e35_6.1.7600.16385_none_fb4d7799a5f0c114.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..eddiagnosticsengine_31bf3856ad364e35_6.1.7601.17514_none_4bff7c9e90a2eca7.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripteddiagnostics_31bf3856ad364e35_6.1.7601.17514_none_6cd6b2604244f82d.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_2d12dfd1b218fe11.manifest
C:\Windows\winsxs\Manifests\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77.manifest
C:\Windows\winsxs\Manifests\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_fa0b58d89010ee0a.manifest
C:\Windows\winsxs\Manifests\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_e33eb23ea9b767b8.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17514_none_f5ecee5ec06d0cf0.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17966_none_f5f1c1b0c068c029.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18523_none_f5ee0756c06c09cd.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18532_none_f5ef1e68c06b0983.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22126_none_df201cf2da13b521.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22733_none_df2160bcda12837b.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22743_none_df226106da119cd2.manifest
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\AudioDiagnosticSnapIn.dll
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\AudioPlaybackDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\AudioRecordingDiagnostic.xml
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl
C:\Windows\winsxs\Temp\PendingRenames\b10bbcd3d43dd201ca230000f407a002.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b4033fb3d43dd201660f0000f407a002.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b4033fb3d43dd201670f0000f407a002.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b48ea09bbe3dd201c20b0000d8048807.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b48ea09bbe3dd201c30b0000d8048807.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b6251769d03dd201cc23000078078407.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b7221018bd3dd20127140000a407b007.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b754df34073ed201a91e00009c07a807.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b754df34073ed201aa1e00009c07a807.$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ba33aa1ebd3dd20104190000a407b007.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ba33aa1ebd3dd20105190000a407b007.$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ba568192d03dd201b03c000078078407.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bab0455dd03dd201001c000078078407.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bab0455dd03dd201011c000078078407.$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bc5dfc1a073ed201f80e00009c07a807.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bc5dfc1a073ed201f90e00009c07a807.$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bcf1a23c073ed201ca2300009c07a807.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bed06d26bd3dd2016f1c0000a407b007.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bed06d26bd3dd201701c0000a407b007.$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
C:\Windows\winsxs\Temp\PendingRenames\c04a06c5d43dd201f31a0000f407a002.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c04a06c5d43dd201f41a0000f407a002.$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c36354d4d43dd20139240000f407a002.$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c36354d4d43dd2013a240000f407a002.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c37e351b073ed201fe0e00009c07a807.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c37e351b073ed201ff0e00009c07a807.$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c40fb42d073ed201f31a00009c07a807.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c40fb42d073ed201f41a00009c07a807.$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c5729c69d03dd2013624000078078407.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c5729c69d03dd2013724000078078407.$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e49d0cbd3dd201c60b0000a407b007.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e49d0cbd3dd201c70b0000a407b007.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e49d0cbd3dd201c80b0000a407b007.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e49d0cbd3dd201c90b0000a407b007.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c7f14b9cbe3dd201350c0000d8048807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c87daf69d03dd2013c24000078078407.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\cc0181b9d43dd20159130000f407a002.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\cc0181b9d43dd2015a130000f407a002.$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\cc95232abd3dd201ac1e0000a407b007.$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ce493b3d073ed201392400009c07a807.$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_AvailableDiagnosticService.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticCompletionRecord.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticRecord.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResult.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultForMSE.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultForTest.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultInPackage.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticService.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticServiceCapabilities.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticServiceRecord.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSetting.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSettingForTest.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSettingRecord.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticsLog.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTest.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTestForMSE.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTestInPackage.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\html\CIM_Schema_inheritance_classes_Diagram.jpg
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\CL_RunDiagnosticScript.ps1
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\CL_RunDiagnosticScript.ps1
D:\0BTMM_Mauro.Steve\0Benchmark\Confirmed Reset Diagram.PNG
D:\0BTMM_Mauro.Steve\0Daily.Routine\Confirmed Reset Diagram.PNG
C:\Windows\winsxs\Temp\PendingRenames\d052213b073ed201e72200009c07a807.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d052213b073ed201e82200009c07a807.programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d052213b073ed201e92200009c07a807.programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d0a7ef25bd3dd201fe1b0000a407b007.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d0a7ef25bd3dd201ff1b0000a407b007.$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d237732bbd3dd201981f0000a407b007.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d52b7b48d03dd201660f000078078407.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d6baf1c7d43dd201fe1b0000f407a002.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d6baf1c7d43dd201ff1b0000f407a002.$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d7bdba9bbe3dd201c60b0000d8048807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d7bdba9bbe3dd201c70b0000d8048807.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d93912afd43dd201350c0000f407a002.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\db5b0b23bd3dd201f51a0000a407b007.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\db5b0b23bd3dd201f61a0000a407b007.$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\System32\ddodiag.exe
C:\Windows\SysWOW64\ddodiag.exe
C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\DeviceCenterDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\DeviceDiagnostic.xml
C:\Windows\System32\DiagCpl.dll
C:\Windows\winsxs\amd64_microsoft-windows-diagcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_640f478eb91d197a\DiagCpl.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-troubleshooting-events_31bf3856ad364e35_6.1.7600.16385_none_fe9f911694295023\DiagCpl.Events.ptxml
C:\Windows\winsxs\x86_microsoft-windows-troubleshooting-events_31bf3856ad364e35_6.1.7600.16385_none_a280f592dbcbdeed\DiagCpl.Events.ptxml
C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\diagER.dll
C:\Windows\Panther\diagerr.xml
C:\Windows\Panther\UnattendGC\diagerr.xml
C:\Windows\System32\sysprep\Panther\IE\diagerr.xml
C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\diagnostic.dll
C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\Diagnostics.Format.ps1xml
C:\Windows\winsxs\wow64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_65ab62a5f1bba14b\Diagnostics.Format.ps1xml
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18499_none_290c390015737af6\DiagnosticsHub.DataWarehouse.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18449_none_2907378e1577fc43\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.16428_none_290549f61579b5a6\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17041_none_29332b981556c250\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17126_none_2925e93015612bb8\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17239_none_291bd5361568ade3\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17501_none_28f91ad41582e8a9\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17633_none_28f11e36158883e1\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18282_none_2921780615637656\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18314_none_290f788415721428\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18349_none_2912077a156fe052\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18426_none_29057b5215797cb2\DiagnosticsHub.DataWarehouse.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18499_none_3e39dfc180657d6d\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18449_none_3e34de4f8069feba\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17041_none_3e60d2598048c4c7\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17126_none_3e538ff180532e2f\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17239_none_3e497bf7805ab05a\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17501_none_3e26c1958074eb20\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17633_none_3e1ec4f7807a8658\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18282_none_3e4f1ec7805578cd\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18314_none_3e3d1f458064169f\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18349_none_3e3fae3b8061e2c9\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18426_none_3e332213806b7f29\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18499_none_f24d1257d64c0706\DiagnosticsHub_is.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18449_none_f24810e5d6508853\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.16428_none_f246234dd65241b6\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17041_none_f27404efd62f4e60\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17126_none_f266c287d639b7c8\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17239_none_f25cae8dd64139f3\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17501_none_f239f42bd65b74b9\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17633_none_f231f78dd6610ff1\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18282_none_f262515dd63c0266\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18314_none_f25051dbd64aa038\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18349_none_f252e0d1d6486c62\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18426_none_f24654a9d65208c2\DiagnosticsHub_is.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_94876eba8c6c3e71\DiagnosticsTap.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_3868d336d40ecd3b\DiagnosticsTap.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_94826d488c70bfbe\DiagnosticsTap.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_3863d1c4d4134e88\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_94807fb08c727921\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_94ae61528c4f85cb\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_94a11eea8c59ef33\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_94970af08c61715e\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_9474508e8c7bac24\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_946c53f08c81475c\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_949cadc08c5c39d1\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_948aae3e8c6ad7a3\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_948d3d348c68a3cd\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_9480b10c8c72402d\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_3861e42cd41507eb\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_388fc5ced3f21495\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_38828366d3fc7dfd\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_38786f6cd4040028\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_3855b50ad41e3aee\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_384db86cd423d626\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_387e123cd3fec89b\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_386c12bad40d666d\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_386ea1b0d40b3297\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_38621588d414cef7\DiagnosticsTap.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18499_en-us_6d583c6ff9da2358\DiagnosticsTap.dll.mui
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18499_en-us_1139a0ec417cb222\DiagnosticsTap.dll.mui
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18449_en-us_6d533afdf9dea4a5\DiagnosticsTap.dll.mui
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18449_en-us_11349f7a4181336f\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.16428_en-us_6d514d65f9e05e08\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17041_en-us_6d7f2f07f9bd6ab2\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17126_en-us_6d71ec9ff9c7d41a\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17239_en-us_6d67d8a5f9cf5645\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17501_en-us_6d451e43f9e9910b\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17633_en-us_6d3d21a5f9ef2c43\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18282_en-us_6d6d7b75f9ca1eb8\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18314_en-us_6d5b7bf3f9d8bc8a\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18349_en-us_6d5e0ae9f9d688b4\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18426_en-us_6d517ec1f9e02514\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.16428_en-us_1132b1e24182ecd2\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17041_en-us_11609384415ff97c\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17126_en-us_1153511c416a62e4\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17239_en-us_11493d224171e50f\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17501_en-us_112682c0418c1fd5\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17633_en-us_111e86224191bb0d\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18282_en-us_114edff2416cad82\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18314_en-us_113ce070417b4b54\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18349_en-us_113f6f664179177e\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18426_en-us_1132e33e4182b3de\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_4570dd9fe024ca48\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_74a07663e30b3b7f\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_2320293c6dab889f\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_d39af25d080ac5ca\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_431397faaea66ab1\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_50a23c79de28d447\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c854a35629be53ad\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-m..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e42d49001c40300e\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fa4f858db62e951b\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_19328f568d3b4e53\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_3ef7df0351777007\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_63ace8212d64b345\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8a0227acea6dfc9e\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e086c887cd65eb8f\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_6de46ea42ffb7c9c\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_91fe3cf51f1d527b\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e0272d216c49ec0b\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fee1d678cfc147fb\DiagPackage.dll.mui
C:\Windows\System32\diagperf.dll
C:\Windows\winsxs\amd64_microsoft-windows-c..xperfcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a26b0ec1d7415253\diagperf.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrackrunner.exe
C:\Windows\Panther\diagwrn.xml
C:\Windows\Panther\UnattendGC\diagwrn.xml
C:\Windows\System32\sysprep\Panther\IE\diagwrn.xml
C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_01c3f8226387e1a7\DiskDiagnostic.adml
C:\Windows\winsxs\amd64_microsoft-windows-diskdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_b8b9f3bcc473892a\DiskDiagnostic.admx
C:\Windows\System32\dispdiag.exe
C:\Windows\System32\dxdiag.exe
C:\Windows\SysWOW64\dxdiag.exe
C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ddf81a85f99d6d20\dxdiag.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81d97f02413ffbea\dxdiag.exe.mui
C:\Windows\System32\dxdiagn.dll
C:\Windows\SysWOW64\dxdiagn.dll
C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ddf81a85f99d6d20\dxdiagn.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81d97f02413ffbea\dxdiagn.dll.mui
C:\Windows\winsxs\Temp\PendingRenames\e07d3f30bd3dd201ea220000a407b007.programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e07d3f30bd3dd201eb220000a407b007.programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e17c48d4d43dd20137240000f407a002.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e17c48d4d43dd20138240000f407a002.$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e2e8a1b2d43dd201f80e0000f407a002.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e2e8a1b2d43dd201f90e0000f407a002.$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e59041d2d43dd201e8220000f407a002.programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e59041d2d43dd201e9220000f407a002.programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e60bac5dd03dd2016a1c000078078407.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e60bac5dd03dd2016b1c000078078407.$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e696a369d03dd2013924000078078407.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e696a369d03dd2013a24000078078407.$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e7128617bd3dd2015b130000a407b007.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e7128617bd3dd2015c130000a407b007.$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e809dbb2d43dd201fe0e0000f407a002.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e809dbb2d43dd201ff0e0000f407a002.$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\eaaa9c67d03dd201ea22000078078407.programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\eaaa9c67d03dd201eb22000078078407.programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ebacc969d03dd2014124000078078407.$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ec584e32073ed201511d00009c07a807.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ec622f3d073ed201372400009c07a807.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\efd99b1b073ed201660f00009c07a807.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\efd99b1b073ed201670f00009c07a807.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\winsxs\Temp\PendingRenames\f0c119ccd43dd201a91e0000f407a002.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f0c119ccd43dd201aa1e0000f407a002.$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f1cbf625bd3dd201001c0000a407b007.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f1cbf625bd3dd201011c0000a407b007.$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f4d19356d03dd2016c19000078078407.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f5db7461d03dd201ab1e000078078407.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f5db7461d03dd201ac1e000078078407.$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f76369cdd43dd201961f0000f407a002.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f95d19afd43dd201390c0000f407a002.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fc8d4d32bd3dd2013b240000a407b007.$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fc8d4d32bd3dd2013c240000a407b007.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fdf9a610bd3dd201f80e0000a407b007.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fdf9a610bd3dd201f90e0000a407b007.$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\IEBrowseWebDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc\iediagcmd.exe
C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\IESecurityDiagnostic.xml
C:\Windows\System32\igdDiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4f3598caae7a1724\igdDiag.dll.mui
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\html\Intel_ME_defined_Classes_Diagram.jpg
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18499_none_26878ec7d2b96dac\jscript9diag.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18499_none_30dc391a071a2fa7\jscript9diag.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18449_none_26828d55d2bdeef9\jscript9diag.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18449_none_30d737a8071eb0f4\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16428_none_26809fbdd2bfa85c\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16476_none_2685cebfd2baf3cd\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16518_none_2674cf87d2c8aaf6\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16521_none_26766f49d2c710e6\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17041_none_26ae815fd29cb506\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17126_none_26a13ef7d2a71e6e\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17239_none_26972afdd2aea099\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17501_none_2674709bd2c8db5f\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17633_none_266c73fdd2ce7697\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17640_none_266db89fd2cd430b\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18282_none_269ccdcdd2a9690c\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18314_none_268ace4bd2b806de\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18349_none_268d5d41d2b5d308\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18426_none_2680d119d2bf6f68\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16428_none_30d54a1007206a57\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16476_none_30da7912071bb5c8\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16518_none_30c979da07296cf1\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16521_none_30cb199c0727d2e1\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17041_none_31032bb206fd7701\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17126_none_30f5e94a0707e069\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17239_none_30ebd550070f6294\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17501_none_30c91aee07299d5a\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17633_none_30c11e50072f3892\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17640_none_30c262f2072e0506\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18282_none_30f17820070a2b07\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18314_none_30df789e0718c8d9\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18349_none_30e2079407169503\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18426_none_30d57b6c07203163\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-l..ostic-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d5fa3332fe3241\LeakDiagnostic.adml
C:\Windows\winsxs\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c\LeakDiagnostic.admx
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\MaintenanceDiagnostic.xml
C:\Windows\System32\memdiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-m..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6e8e7629e72640d3\memdiag.dll.mui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\MF_AERODiagnostic.ps1
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\MF_AudioDiagnostic.ps1
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\MF_PrinterDiagnostic.ps1
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
C:\Windows\servicing\Packages\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
C:\Windows\servicing\Packages\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.mum
C:\Windows\servicing\Packages\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
C:\Windows\servicing\Packages\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx
C:\Windows\winsxs\amd64_microsoft-windows-h...netlistmgr.interop_31bf3856ad364e35_6.1.7601.17514_none_3f569315a5a75cde\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\858a3b1ab7962ef166b260bdce4e7c34\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx
C:\Windows\servicing\Packages\Microsoft-Windows-NetworkDiagnostics-DirectAccessEntry-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NetworkDiagnostics-DirectAccessEntry-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
C:\Windows\servicing\Packages\Microsoft-Windows-NetworkDiagnostics-DirectAccessEntry-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx
C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.xml
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\v4.0_15.0.0.0__71e9bce111e9429c\microsoft.office.businessapplications.diagnostics.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Of2ff78c4#\f61174305afc86bc5589c5226eb8f830\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Of2ff78c4#\f61174305afc86bc5589c5226eb8f830\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll.aux
C:\Windows\winsxs\msil_microsoft.powershel..ommands.diagnostics_31bf3856ad364e35_6.1.7601.17514_none_35339da6e2cf3848\Microsoft.PowerShell.Commands.Diagnostics.dll
C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\Microsoft.PowerShell.Commands.Diagnostics.dll-Help.xml
C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\Microsoft.PowerShell.Commands.Diagnostics.dll-Help.xml
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7465bd76552dc4a933c1cebb71af0f92\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\07ca9c8c8a3158301917a170e64a3cde\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
C:\Windows\winsxs\msil_microsoft.powershel..agnostics.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b02bed25d4c4a149\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ar\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\bg\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\cs\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\da\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\de\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\el\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\es\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\et\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\fi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\fr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\he\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\hi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\hr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\hu\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\id\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\it\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ja\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\kk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ko\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\lt\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\lv\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ms\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\nl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\no\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\pl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\pt\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\pt-PT\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ro\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ru\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\sk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\sl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\sr-Latn-CS\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\sv\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\th\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\tr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\uk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\vi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\zh-CHS\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\zh-CHT\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ar\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\bg\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\cs\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\da\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\de\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\el\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\es\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\et\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\fi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\fr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\he\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\hi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\hr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\hu\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\id\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\it\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ja\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\kk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ko\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\lt\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\lv\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ms\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\nl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\no\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\pl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\pt\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\pt-PT\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ro\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ru\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\sk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\sl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\sr-Latn-CS\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\sv\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\th\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\tr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\uk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\vi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\zh-CHS\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\zh-CHT\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..mmands.getdiaginput_31bf3856ad364e35_6.1.7600.16385_none_6d8cb854e89282b8\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\623e191312fdde2102a1d12cc88931bf\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\095ce4afdf272159b47fb422a6c4ebb2\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..diaginput.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a1ca5dc4d29b78b\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..ds.updatediagreport_31bf3856ad364e35_6.1.7600.16385_none_b52cef29a48aa15f\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\9ed76ae80008f2d3bf00c76886b3b78d\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\222d35dd90e861ae316a8dff3bedf9fe\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..iagreport.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e2fd0d125757040a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..updatediagrootcause_31bf3856ad364e35_6.1.7600.16385_none_8aa80511ddf38090\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\5d6949bf8e0e2eab249daf7eb385d5c2\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\48d972554b675018ac2fa7893b0eaab5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..rootcause.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5b7a5a7744697513\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..s.writediagprogress_31bf3856ad364e35_6.1.7600.16385_none_e38c01a0031da2a2\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\b712f39fdedf5cb6d879de4d9ee4d90d\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\58d5eb2a95879dd9d48d9311da375440\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..gprogress.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a3c603c86d812f2f\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.resources.dll
C:\Windows\winsxs\amd64_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_2d12dfd1b218fe11\Microsoft.Windows.Diagnosis.SDEngine.dll
C:\Windows\winsxs\x86_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_d0f4444df9bb8cdb\Microsoft.Windows.Diagnosis.SDEngine.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\973f5ae958d8f60ef7224bab84e1d7ef\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\107517c9121e25668fe084d5e06e9cc9\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.diagnosis.sdhost_31bf3856ad364e35_6.1.7600.16385_none_65a203c8a2dd2bc2\Microsoft.Windows.Diagnosis.SDHost.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\fa3e87e77c934a5c1e841890e1c80dc1\Microsoft.Windows.Diagnosis.SDHost.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8fda7b02c28aeb302286ba7527ee37bb\Microsoft.Windows.Diagnosis.SDHost.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..is.sdhost.resources_31bf3856ad364e35_6.1.7601.17514_en-us_56bb5a7dc5566557\Microsoft.Windows.Diagnosis.SDHost.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..troubleshootingpack_31bf3856ad364e35_6.1.7600.16385_none_d39c6eb26d6b6b96\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll
C:\Windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b69450ce148582ce\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll-Help.xml
C:\Windows\winsxs\wow64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c0e8fb2048e644c9\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll-Help.xml
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3317a575aa9113562818b7ab18e3503f\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5d9f5c2c5953a64a93b493c5c0c12e15\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..otingpack.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d02ebf5719b16e1\Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll
C:\Windows\System32\msdadiag.dll
C:\Windows\SysWOW64\msdadiag.dll
C:\Windows\winsxs\Manifests\msil_microsoft.powershel..ommands.diagnostics_31bf3856ad364e35_6.1.7601.17514_none_35339da6e2cf3848.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..diaginput.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a1ca5dc4d29b78b.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..ds.updatediagreport_31bf3856ad364e35_6.1.7600.16385_none_b52cef29a48aa15f.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..mmands.getdiaginput_31bf3856ad364e35_6.1.7600.16385_none_6d8cb854e89282b8.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..s.writediagprogress_31bf3856ad364e35_6.1.7600.16385_none_e38c01a0031da2a2.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..updatediagrootcause_31bf3856ad364e35_6.1.7600.16385_none_8aa80511ddf38090.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.diagnosis.sdhost_31bf3856ad364e35_6.1.7600.16385_none_65a203c8a2dd2bc2.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7600.16385_en-us_498f001b3ec8255f.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.17966_en-us_4968e0f13f1b1f4e.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.18523_en-us_496526973f1e68f2.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.18532_en-us_49663da93f1d68a8.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.22126_en-us_32973c3358c61446.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.22733_en-us_32987ffd58c4e2a0.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.22743_en-us_3299804758c3fbf7.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17514_none_72eeb0016ca58ae6.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17966_none_72f383536ca13e1f.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18523_none_72efc8f96ca487c3.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18532_none_72f0e00b6ca38779.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22126_none_5c21de95864c3317.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22733_none_5c23225f864b0171.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22743_none_5c2422a9864a1ac8.manifest
C:\Windows\winsxs\amd64_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.1.7601.17514_none_3a80c7b9f769c13d\netdiagfx.dll
C:\Windows\winsxs\x86_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.1.7601.17514_none_de622c363f0c5007\netdiagfx.dll
C:\Windows\winsxs\amd64_microsoft-windows-n..framework.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2699cd21ba909be6\netdiagfx.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-n..framework.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ca7b319e02332ab0\netdiagfx.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-nettrace-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_f72251fe8a04e1e5\NetTrace.PLA.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnostics_1_Web.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnostics_2_FileShare.xml
C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c\NetworkDiagnostics_3_HomeGroup.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnostics_4_NetworkAdapter.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnostics_5_Inbound.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..s-directaccessentry_31bf3856ad364e35_6.1.7600.16385_none_52b3ba1508e42ec5\NetworkDiagnostics_6_DA.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.1.7601.17514_none_3a80c7b9f769c13d\NetworkDiagnosticsFramework.ptxml
C:\Windows\winsxs\x86_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.1.7601.17514_none_de622c363f0c5007\NetworkDiagnosticsFramework.ptxml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnosticsResolve.ps1
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnosticsTroubleshoot.ps1
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnosticsVerify.ps1
C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\PCWDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e\PerformanceDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_292dc3eeb5ddca39\PerformanceDiagnostics.adml
C:\Windows\winsxs\amd64_microsoft-windows-p..ancediagnostics-adm_31bf3856ad364e35_6.1.7600.16385_none_bbee9da8b0773714\PerformanceDiagnostics.admx
C:\Program Files (x86)\Panda Security\Panda Devices Agent\Plugins\Plugin_Diagnosis.dll
C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\PowerDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\PrinterDiagnostic.xml
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANModAdiag.dll
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psd1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psd1
C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\PSDiagnostics.psd1
C:\Windows\winsxs\wow64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_65ab62a5f1bba14b\PSDiagnostics.psd1
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psm1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psm1
C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\PSDiagnostics.psm1
C:\Windows\winsxs\wow64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_65ab62a5f1bba14b\PSDiagnostics.psm1
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAADiag.dll
C:\Windows\System32\rasdiag.dll
C:\Windows\SysWOW64\rasdiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ba0c82eccf526351\rasdiag.dll.mui
C:\Windows\winsxs\wow64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c4612d3f03b3254c\rasdiag.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_b70694aa97134f37\rdrleakdiag.exe
C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01\rdrleakdiag.exe
C:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a371f8237ce9694\rdrleakdiag.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2e1883fe7f71255e\rdrleakdiag.exe.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11b07c1bb446e787\Report.System.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\Report.System.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\Report.System.NetDiagFramework.xml
C:\Windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\Report.System.NetDiagFramework.xml
C:\Windows\System32\RpcDiag.dll
C:\Windows\SysWOW64\RpcDiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\RS_AdminDiagnosticHistory.ps1
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\RS_UserDiagnosticHistory.ps1
C:\Windows\winsxs\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11b07c1bb446e787\Rules.System.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\Rules.System.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\Rules.System.NetDiagFramework.xml
C:\Windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\Rules.System.NetDiagFramework.xml
C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxdiag.dll
C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxdiag.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\amd64\server\rxdiag.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\x86\server\rxdiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-s..ngine-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92ae7bc7fccaab93\sdiageng.adml
C:\Windows\winsxs\amd64_microsoft-windows-s..agnosticsengine-adm_31bf3856ad364e35_6.1.7600.16385_none_af31be1d191f101a\sdiageng.admx
C:\Windows\System32\sdiageng.dll
C:\Windows\SysWOW64\sdiageng.dll
C:\Windows\winsxs\amd64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a2f9e3d0e9db1d26\sdiageng.dll.mui
C:\Windows\winsxs\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad4e8e231e3bdf21\sdiageng.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_761ad65676427bd9\sdiagnhost.exe
C:\Windows\winsxs\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_806f80a8aaa33dd4\sdiagnhost.exe
C:\Windows\winsxs\amd64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8dd16b721c38eb8e\sdiagnhost.exe.mui
C:\Windows\winsxs\wow64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_982615c45099ad89\sdiagnhost.exe.mui
C:\Windows\System32\sdiagprv.dll
C:\Windows\SysWOW64\sdiagprv.dll
C:\Windows\winsxs\amd64_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6336f71e6582b89f\sdiagprv.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07185b9aad254769\sdiagprv.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5f8922af42048d70\sdiagschd.adml
C:\Windows\winsxs\amd64_microsoft-windows-s..lient-scheduled-adm_31bf3856ad364e35_6.1.7600.16385_none_67efddec4340e49d\sdiagschd.admx
C:\Windows\winsxs\amd64_microsoft-windows-s..icsclient-scheduled_31bf3856ad364e35_6.1.7600.16385_none_60a8c45de10f8eda\sdiagschd.dll
C:\Windows\winsxs\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d918afc73126f9df\sdiagschd.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98\SearchDiagnostic.xml
C:\Windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMDiagnostics.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17514_none_f5ecee5ec06d0cf0\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17966_none_f5f1c1b0c068c029\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18523_none_f5ee0756c06c09cd\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18532_none_f5ef1e68c06b0983\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22126_none_df201cf2da13b521\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22733_none_df2160bcda12837b\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22743_none_df226106da119cd2\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17514_none_72eeb0016ca58ae6\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17966_none_72f383536ca13e1f\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18523_none_72efc8f96ca487c3\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18532_none_72f0e00b6ca38779\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22126_none_5c21de95864c3317\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22733_none_5c23225f864b0171\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22743_none_5c2422a9864a1ac8\SMdiagnostics.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1d70f0cb319b4d459a7d837f5fa508b9\SMDiagnostics.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\5742ab9e571c78e27c49a422ef962100\SMDiagnostics.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\32b270a7b4daf4731cf1c36ecd660297\SMDiagnostics.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\f9c76a0bdb7aaf37e5514c0cfe500231\SMDiagnostics.ni.dll
C:\Windows\assembly\temp\IPELQWE3OR\SMDiagnostics.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\32b270a7b4daf4731cf1c36ecd660297\SMDiagnostics.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\f9c76a0bdb7aaf37e5514c0cfe500231\SMDiagnostics.ni.dll.aux
C:\Windows\assembly\temp\IPELQWE3OR\SMDiagnostics.ni.dll.aux
C:\Program Files (x86)\Microsoft Office\Office15\DCF\SpreadsheetIQ.Diagram.dll
C:\Program Files (x86)\Microsoft Office\Office15\DCF\en\SpreadsheetIQ.Diagram.Resources.dll
C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
C:\Windows\PLA\System\System Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\System Diagnostics.xml
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Contracts\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Contracts.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Contracts.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Contracts.dll
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Debug\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Debug.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Debug.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Debug.dll
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tools\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tools.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tools.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tools.dll
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tracing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tracing.dll
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\TS_DiagnosticHistory.ps1
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png
C:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7600.16385_none_7c6ba3bd1f954290\werdiagcontroller.dll
C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.17514_none_227e1c01642654f4\werdiagcontroller.dll
C:\Windows\System32\wfp\wfpdiag.etl
C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0\WindowsUpdateDiagnostic.xml
C:\Windows\winsxs\Backup\wow64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c4612d3f03b3254c_rasdiag.dll.mui_15cb4ec4
C:\Windows\winsxs\Backup\wow64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_765b17a2c56f9155_rasdiag.dll_341d4299
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-s..eddiagnosticsengine_31bf3856ad364e35_6.1.7601.17514_none_565426f0c503aea2.manifest
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripteddiagnostics_31bf3856ad364e35_6.1.7601.17514_none_772b5cb276a5ba28.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_da3cb85562df73c9.manifest
C:\Windows\winsxs\Backup\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_da1934b762fa8f86.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_da1934b762fa8f86.manifest
C:\Windows\winsxs\Backup\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_da1934b762fa8f86_memtest.exe_01d80391
C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_daa9d56e7c11ddd8.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_da82435e7c30a828.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_da82435e7c30a828.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_25cb021dbc0611db.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_362ce835fe42421b.manifest
C:\Windows\winsxs\Backup\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_222f511b6461ebd9_werdiagcontroller.dll_208f2db3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_3861e42cd41507eb.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_388fc5ced3f21495.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_38828366d3fc7dfd.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_38786f6cd4040028.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_3855b50ad41e3aee.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_384db86cd423d626.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_387e123cd3fec89b.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_386c12bad40d666d.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_386ea1b0d40b3297.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_38621588d414cef7.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_3863d1c4d4134e88.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_3868d336d40ecd3b.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_3868d336d40ecd3b.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_5e72ba21938d808c.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..diagnostic-settings_31bf3856ad364e35_6.1.7600.16385_none_62433344ed197c29.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..k-diagnostic-events_31bf3856ad364e35_6.1.7600.16385_none_562fea3198ad74e9.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..rce-leak-diagnostic_31bf3856ad364e35_6.1.7600.16385_none_887fafb90e94e05f.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..diagnosticsprovider_31bf3856ad364e35_6.1.7600.16385_none_9f2edc15ed934fde.manifest
C:\Windows\winsxs\Manifests\x86_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_d0f4444df9bb8cdb.manifest
C:\Windows\winsxs\Manifests\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d.manifest
C:\Windows\winsxs\Manifests\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_41b88fafa48d1710.manifest
C:\Windows\winsxs\Manifests\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_2aebe915be3390be.manifest
                                      Track

                                      C:\Windows\winsxs\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.1 6385_en-us_a0eb2900bcd92bf3
                                      C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c 8281d64919b46
                                      C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7601.18713_none_b9f 8289f61811978
                                      C:\Windows\winsxs\amd64_microsoft-windows-c..rmance-powertracker_31bf3856ad364e35_6.1.7601.18713_none_ 838b9f400b1ebc7f
                                      C:\Windows\winsxs\amd64_microsoft-windows-d..tedlinktracking-adm_31bf3856ad364e35_6.1.7600.16385_none_9f07bdbfc dd751fe
                                      C:\Windows\winsxs\amd64_microsoft-windows-p..rmanceperftrack-adm_31bf3856ad364e35_6.1.7600.16385_none_0e4964a57 8d4a5cc
                                      C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c13d58e431d898bb
                                      C:\Windows\winsxs\amd64_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_ en-us_81e9aa717b4d552e
                                      C:\Windows\winsxs\amd64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_5ec90 957e1a8fe95
                                      C:\Windows\System32\Tasks\Microsoft\Windows\PerfTr ack
                                      C:\Windows\System32\wdi\perftrack
                                      C:\Windows\SysWOW64\wdi\perftrack
                                      C:\Windows\tracing\PowerTracker
                                      C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins \tracked-send
                                      C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins \tracked-send\js\plugins\tracked-send
                                      C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker
                                      C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Tracking Protection
                                      D:\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet
                                      F:\D_full_files\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet
                                      C:\Windows\winsxs\x86_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_ en-us_25cb0eedc2efe3f8
                                      C:\Windows\winsxs\x86_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_02aa6 dd4294b8d5f
                                      C:\Windows\winsxs\FileMaps$$_system32_wdi_perftrac k_e5904ddd3f58b556.cdf-ms
                                      C:\Windows\winsxs\FileMaps$$_system32_wdi_perftrac k_traces_0af2b48360b94cec.cdf-ms
                                      C:\Windows\winsxs\FileMaps$$_syswow64_wdi_perftrac k_11b14f44681a7baa.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\15f0340ebd3d d2011e0d0000a407b007.$$_system32_wdi_perftrack_e59 04ddd3f58b556.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\15f0340ebd3d d2011f0d0000a407b007.$$_system32_wdi_perftrack_tra ces_0af2b48360b94cec.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\1b076c45d03d d2011e0d000078078407.$$_system32_wdi_perftrack_e59 04ddd3f58b556.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\1b076c45d03d d2011f0d000078078407.$$_system32_wdi_perftrack_tra ces_0af2b48360b94cec.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\284b0b48d03d d201fc0e000078078407.$$_system32_wdi_perftrack_e59 04ddd3f58b556.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\53ce8018073e d2011e0d00009c07a807.$$_system32_wdi_perftrack_e59 04ddd3f58b556.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\53ce8018073e d2011f0d00009c07a807.$$_system32_wdi_perftrack_tra ces_0af2b48360b94cec.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\8136271b073e d201fc0e00009c07a807.$$_system32_wdi_perftrack_e59 04ddd3f58b556.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\a7c1ccb2d43d d201fc0e0000f407a002.$$_system32_wdi_perftrack_e59 04ddd3f58b556.cdf-ms
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.1 6385_en-us_a0eb2900bcd92bf3.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c 8281d64919b46.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7601.18713_none_b9f 8289f61811978.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..rmance-powertracker_31bf3856ad364e35_6.1.7601.18713_none_ 838b9f400b1ebc7f.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..tedlinktracking-adm_31bf3856ad364e35_6.1.7600.16385_none_9f07bdbfc dd751fe.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-p..rmanceperftrack-adm_31bf3856ad364e35_6.1.7600.16385_none_0e4964a57 8d4a5cc.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c13d58e431d898bb.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_ en-us_81e9aa717b4d552e.manifest
                                      C:\Windows\winsxs\Manifests\amd64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_5ec90 957e1a8fe95.manifest
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 01.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 01.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 02.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 02.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 03.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 03.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 04.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 04.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 05.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 05.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 06.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 06.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 07.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 07.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 08.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 08.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 09.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 09.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 10.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 10.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 11.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 11.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 12.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 12.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 13.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 13.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 14.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 14.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 15.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 15.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d201.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d201.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d202.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d202.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d203.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d203.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d204.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d204.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d205.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d205.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d206.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d206.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d207.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d207.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d208.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d208.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d209.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d209.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d210.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d210.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d211.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d211.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d212.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d212.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d213.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d213.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d214.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d214.mp3
                                      D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d215.mp3
                                      F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d215.mp3
                                      C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLog ger\AutoLogger-Diagtrack-Listener.etl
                                      C:\ProgramData\Microsoft\Diagnosis\ETLLogs\Shutdow nLogger\AutoLogger-Diagtrack-Listener.etl
                                      C:\Windows\winsxs\Temp\PendingRenames\bdbc199ebe3d d2011e0d0000d8048807.$$_system32_wdi_perftrack_e59 04ddd3f58b556.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\bdbc199ebe3d d2011f0d0000d8048807.$$_system32_wdi_perftrack_tra ces_0af2b48360b94cec.cdf-ms
                                      C:\Program Files (x86)\Microsoft Office\Templates\1033\BloodPressureTracker.xltx
                                      C:\Windows\winsxs\Temp\PendingRenames\c2d2d110bd3d d201fc0e0000a407b007.$$_system32_wdi_perftrack_e59 04ddd3f58b556.cdf-ms
                                      D:\Securities\0Forex\CCT-Edward.James\CCT-Live.Training.Events\CCT_Trade_Tracker.spreadsheet .xlsm
                                      F:\D_full_files\Securities\0Forex\CCT-Edward.James\CCT-Live.Training.Events\CCT_Trade_Tracker.spreadsheet .xlsm
                                      D:\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet\CCT_Trade_T racker.xlsm
                                      F:\D_full_files\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet\CCT_Trade_T racker.xlsm
                                      D:\Securities\1Options\Cohen, Guy\Cohen.Guy-Trend.Reversals.Dojis.RR.tracks.avi
                                      F:\D_full_files\Securities\1Options\Cohen, Guy\Cohen.Guy-Trend.Reversals.Dojis.RR.tracks.avi
                                      C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c 8281d64919b46\Core-Fundamentals-ClientPerformance-Perftrack.ptxml
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e82 2d0c3e5b060cb\diagtrack.dll
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84 d120fe590d4d7\diagtrack.dll
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f 7003efe9645d3\diagtrack.dll
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5 f71db043ad\diagtrack.dll
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847 a11d97ed01\diagtrack.dll
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78 f236dc8149\diagtrack.dll
                                      C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea 9c36c42a9d\diagtrack.dll
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e82 2d0c3e5b060cb\diagtrackrunner.exe
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84 d120fe590d4d7\diagtrackrunner.exe
                                      C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f 7003efe9645d3\diagtrackrunner.exe
                                      C:\Windows\winsxs\amd64_microsoft-windows-d..cking-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_817cd4dab042e1f5\DistributedLinkTracking.adml
                                      C:\Windows\winsxs\amd64_microsoft-windows-d..tedlinktracking-adm_31bf3856ad364e35_6.1.7600.16385_none_9f07bdbfc dd751fe\DistributedLinkTracking.admx
                                      C:\Windows\winsxs\Temp\PendingRenames\fade2fb0d43d d2011e0d0000f407a002.$$_system32_wdi_perftrack_e59 04ddd3f58b556.cdf-ms
                                      C:\Windows\winsxs\Temp\PendingRenames\fade2fb0d43d d2011f0d0000f407a002.$$_system32_wdi_perftrack_tra ces_0af2b48360b94cec.cdf-ms
                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Fi leTracker.dll
                                      C:\Windows\Microsoft.NET\Framework\v4.0.30319\File Tracker.dll
                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\10 33\FileTrackerUI.dll
                                      C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033 \FileTrackerUI.dll
                                      C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkap kpjkkb\1.68.1_0\images\mailtrack-crx-sprite_2x.png
                                      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk
                                      D:\Securities\0Forex\fxKnight\Trading_Spreadshts\M onthly_Performance_Tracker.xls
                                      F:\D_full_files\Securities\0Forex\fxKnight\Trading _Spreadshts\Monthly_Performance_Tracker.xls
                                      C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c13d58e431d898bb\PerformancePerftrack.adml
                                      C:\Windows\winsxs\amd64_microsoft-windows-p..rmanceperftrack-adm_31bf3856ad364e35_6.1.7600.16385_none_0e4964a57 8d4a5cc\PerformancePerftrack.admx
                                      C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c 8281d64919b46\perftrack.dll
                                      C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7601.18713_none_b9f 8289f61811978\perftrack.dll
                                      C:\Windows\winsxs\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.1 6385_en-us_a0eb2900bcd92bf3\perftrack.dll.mui
                                      C:\Windows\winsxs\amd64_microsoft-windows-c..rmance-powertracker_31bf3856ad364e35_6.1.7601.18713_none_ 838b9f400b1ebc7f\powertracker.dll
                                      C:\Program Files (x86)\Opera\server_tracking_data
                                      C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp
                                      C:\Program Files (x86)\TechSmith\Snagit 12\Trackerbird.dll
                                      C:\System Volume Information\tracking.log
                                      D:\System Volume Information\tracking.log
                                      F:\System Volume Information\tracking.log
                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQ L\en\Tracking_Logic.sql
                                      C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\en\Tracking_Logic.sql
                                      C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ en\Tracking_Logic.sql
                                      C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.1.7600.16 385_en-us_bb39ab2582dc79f6\Tracking_Logic.sql
                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQ L\en\Tracking_Schema.sql
                                      C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\en\Tracking_Schema.sql
                                      C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\ en\Tracking_Schema.sql
                                      C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.1.7600.16 385_en-us_bb39ab2582dc79f6\Tracking_Schema.sql
                                      D:\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet\Trade.Track er.spreadsheet.Tutorial_2016_02_28.avi
                                      F:\D_full_files\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet\Trade.Track er.spreadsheet.Tutorial_2016_02_28.avi
                                      D:\0BTMM_Mauro.Steve\1Trades\Wkly_Tracking_Spreads heet.xls
                                      F:\D_full_files\0BTMM_Mauro.Steve\1Trades\Wkly_Tra cking_Spreadsheet.xls
                                      C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_ en-us_25cb0eedc2efe3f8.manifest
                                      C:\Windows\winsxs\Manifests\x86_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_02aa6 dd4294b8d5f.manifest

                                      [/COLOR]                                      [COLOR=rgb(0, 0, 255)][/color]

                                        Comment

                                        • Malnutrition
                                          PCHF Moderator
                                          • Jul 2016
                                          • 7041
                                          #11
                                          Do you use COMODO BackUp? If not then uninstall it, as you already have backup software. Disable all of your startups with ccleaner except these two. Also make sure and disable your scheduled task.

                                          HKLM...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
                                          HKLM-x32...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)

                                          Ccleaner To disable Useless Startups.

                                          Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

                                          CCleaner - Free Download - Piriform
                                          [MEDIA=imgur]kwLN4uv[/MEDIA]

                                          Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up then under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task. Only disable items under the windows tab and scheduled task tab!

                                          [MEDIA=imgur]GjWwvEu[/MEDIA]

                                          Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

                                          To do this:

                                          [ul]
                                          [li]Hit options.[/li][li]Settings.[/li][li]Place a tick to run Ccleaner when the computer starts.[/li][/ul]
                                          [MEDIA=imgur]Lxioao1[/MEDIA]

                                          Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

                                          [MEDIA=imgur]SnqZ2JW[/MEDIA]

                                          Reboot the machine after.

                                          Also, I apologize but diag track should have been searched together in everything tool. You can also uninstall Loaris with Force mode in Geek Uninstaller. Now please post fresh FRST logs.

                                            Comment

                                            • paulwb
                                              PCHF Member
                                              • Nov 2016
                                              • 159
                                              #12
                                              Here is the Everything Search Engine diag track report

                                              diag track scan

                                              C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLog ger\AutoLogger-Diagtrack-Listener.etl
                                              C:\ProgramData\Microsoft\Diagnosis\ETLLogs\Shutdow nLogger\AutoLogger-Diagtrack-Listener.etl
                                              C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e82 2d0c3e5b060cb\diagtrack.dll
                                              C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84 d120fe590d4d7\diagtrack.dll
                                              C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f 7003efe9645d3\diagtrack.dll
                                              C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5 f71db043ad\diagtrack.dll
                                              C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847 a11d97ed01\diagtrack.dll
                                              C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78 f236dc8149\diagtrack.dll
                                              C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea 9c36c42a9d\diagtrack.dll
                                              C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e82 2d0c3e5b060cb\diagtrackrunner.exe
                                              C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84 d120fe590d4d7\diagtrackrunner.exe
                                              C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f 7003efe9645d3\diagtrackrunner.exe

                                                Comment

                                                • paulwb
                                                  PCHF Member
                                                  • Nov 2016
                                                  • 159
                                                  #13
                                                  OK, Comodo Backup & Loaris successfully removed. As specified, Start up programs & Scheduled Tasks disabled, cCleaner settings all set up.

                                                  FRST logs …

                                                  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
                                                  Ran by Owner (administrator) on PS-CORSAIR (18-11-2016 21:02:15)
                                                  Running from C:\Users\Owner\Desktop
                                                  Loaded Profiles: Owner (Available Profiles: Owner)
                                                  Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
                                                  Internet Explorer Version 11 (Default browser: Chrome)
                                                  Boot Mode: Normal
                                                  Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

                                                  ==================== Processes (Whitelisted) =================

                                                  (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

                                                  (AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
                                                  (Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
                                                  (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
                                                  (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
                                                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
                                                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe
                                                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
                                                  (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
                                                  (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
                                                  (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
                                                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                                                  (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
                                                  (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
                                                  (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                                                  (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
                                                  (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
                                                  (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

                                                  ==================== Registry (Whitelisted) ====================

                                                  (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

                                                  HKLM-x32...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
                                                  HKU\S-1-5-21-3707217111-3059912600-4169917813-1000...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)

                                                  ==================== Internet (Whitelisted) ====================

                                                  (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

                                                  Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
                                                  Tcpip..\Interfaces{49B9C919-AC6C-48B4-B3F1-BAE2AAC57837}: [DhcpNameServer] 192.168.2.1
                                                  [HEADING=1]Internet Explorer:[/HEADING]
                                                  SearchScopes: HKU\S-1-5-21-3707217111-3059912600-4169917813-1000 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
                                                  BHO: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
                                                  BHO: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
                                                  BHO: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
                                                  BHO-x32: Lync Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
                                                  BHO-x32: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
                                                  BHO-x32: Office Document Cache Handler → {B4F3A835-0E21-4959-BA22-42B3008E02FF} → C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
                                                  BHO-x32: Microsoft SkyDrive Pro Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
                                                  BHO-x32: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)
                                                  [HEADING=1]FireFox:[/HEADING]
                                                  FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_ 169.dll [2015-05-07] ()
                                                  FF Plugin: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
                                                  FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_ 169.dll [2015-05-07] ()
                                                  FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-26] (Intel Corporation)
                                                  FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-26] (Intel Corporation)
                                                  FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 → C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1. dll [2015-01-23] (Oracle Corporation)
                                                  FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 → C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
                                                  FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 → C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
                                                  FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
                                                  FF Plugin-x32: @nvidia.com/3DVision → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
                                                  FF Plugin-x32: @nvidia.com/3DVisionStreaming → C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
                                                  FF Plugin-x32: @tools.google.com/Google Update;version=3 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
                                                  FF Plugin-x32: @tools.google.com/Google Update;version=9 → C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
                                                  FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
                                                  FF Plugin HKU\S-1-5-21-3707217111-3059912600-4169917813-1000: @citrixonline.com/appdetectorplugin → C:\Users\Owner\AppData\Local\Citrix\Plugins\104\np appdetector.dll [2014-07-23] (Citrix Online)
                                                  FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npa tgpc.dll [2016-10-29] (Cisco WebEx LLC)
                                                  [HEADING=1]Chrome:[/HEADING]
                                                  CHR HomePage: Default → hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&co ntinue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui %3Dhtml%26zy

                                                  %3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplca che=2&hl=en
                                                  CHR StartupUrls: Default → “hxxps://www.startpage.com/
                                                  CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-11-18]
                                                  CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-11-15]
                                                  CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-11-15]
                                                  CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-11-15]
                                                  CHR Extension: (TV) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfe mbdimh [2016-11-15]
                                                  CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn [2016-11-15]
                                                  CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-11-15]
                                                  CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabak ieebci [2016-11-15]
                                                  CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmk mefihe [2016-11-15]
                                                  CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfna hhhglp [2016-11-15]
                                                  CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigj hfkhdj [2016-11-15]
                                                  CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-11-15]
                                                  CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-11-15]
                                                  CHR Extension: (Save to Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeaba ddhgne [2016-11-15]
                                                  CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegb jmfnfh [2016-11-15]
                                                  CHR Extension: (Mailvelope) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambc ijhkke [2016-11-15]
                                                  CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkf gopppd [2016-11-15]
                                                  CHR Extension: (Yesware Reports) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamk jnolhg [2016-11-15]
                                                  CHR Extension: (Boomerang for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekbl gmpdll [2016-11-15]
                                                  CHR Extension: (Vend) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdeba jikafa [2016-11-15]
                                                  CHR Extension: (Mailtrack for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkap kpjkkb [2016-11-15]
                                                  CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2016-11-15]
                                                  CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmede ngocbn [2016-11-15]
                                                  CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-11-15]
                                                  CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2016-11-15]
                                                  CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoo cbcmaj [2016-11-15]
                                                  CHR Extension: (Streak CRM for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnn jojfik [2016-11-15]
                                                  [HEADING=1]Opera:[/HEADING]
                                                  OPR Extension: (HTTPS Everywhere) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2016-11-10]
                                                  OPR Extension: (uBlock Origin) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-11-05]

                                                  ==================== Services (Whitelisted) ====================

                                                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                                                  R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-03-19] (AOMEI Tech Co., Ltd.) [File not signed]
                                                  R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2014-07-20] (Arainia Solutions)
                                                  R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
                                                  R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
                                                  S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
                                                  R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
                                                  R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
                                                  R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
                                                  S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
                                                  R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Containe r.exe [458176 2016-10-25] (NVIDIA Corporation)
                                                  R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
                                                  R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
                                                  R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
                                                  R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
                                                  R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)

                                                  ===================== Drivers (Whitelisted) ======================

                                                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                                                  R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] () [File not signed]
                                                  R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] () [File not signed]
                                                  R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] () [File not signed]
                                                  S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
                                                  R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2014-07-20] (Arainia Solutions LLC)
                                                  S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
                                                  R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
                                                  R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
                                                  R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
                                                  R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
                                                  R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
                                                  R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
                                                  S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
                                                  R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
                                                  R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
                                                  R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
                                                  R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
                                                  R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
                                                  R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
                                                  R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
                                                  U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
                                                  R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-11-13] (Zemana Ltd.)
                                                  R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-11-13] (Zemana Ltd.)
                                                  S3 vdbus; system32\DRIVERS\vdbus.sys

                                                  ==================== NetSvcs (Whitelisted) ===================

                                                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                                                  ==================== One Month Created files and folders ========

                                                  (If an entry is included in the fixlist, the file/folder will be moved.)

                                                  2016-11-18 21:02 - 2016-11-18 21:02 - 00017772 _____ C:\Users\Owner\Desktop\FRST.txt
                                                  2016-11-18 20:57 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
                                                  2016-11-18 15:48 - 2016-11-16 18:15 - 02494976 _____ C:\Users\Owner\Desktop\ZHPCleaner.exe
                                                  2016-11-18 15:48 - 2016-11-16 18:15 - 01631928 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe
                                                  2016-11-18 13:10 - 2016-11-18 20:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Everything
                                                  2016-11-18 13:10 - 2016-11-18 13:10 - 00001018 _____ C:\Users\Owner\Desktop\Search Everything.lnk
                                                  2016-11-18 13:10 - 2016-11-18 13:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Everything
                                                  2016-11-18 13:10 - 2016-11-18 13:10 - 00000000 ____D C:\Program Files\Everything
                                                  2016-11-18 12:54 - 2016-11-18 12:54 - 00000000 ____D C:\SecurityCheck
                                                  2016-11-18 11:45 - 2016-11-18 20:44 - 00000000 ____D C:\ProgramData\Loaris
                                                  2016-11-18 10:02 - 2016-11-18 10:02 - 00507938 _____ (glax24 (safezone.cc)) C:\Users\Owner\Desktop\SecurityCheck.exe
                                                  2016-11-17 23:23 - 2016-11-18 12:41 - 00000000 ____D C:\Program Files\9-lab
                                                  2016-11-17 23:23 - 2016-11-18 10:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\9-lab
                                                  2016-11-17 23:23 - 2016-11-18 10:47 - 00000000 ____D C:\ProgramData\9-lab
                                                  2016-11-17 23:15 - 2016-11-17 23:23 - 00000000 ____D C:\Users\Owner\Desktop\EEK
                                                  2016-11-17 22:41 - 2016-11-17 22:43 - 259408136 _____ C:\Users\Owner\Desktop\EmsisoftEmergencyKit.exe
                                                  2016-11-17 21:36 - 2016-11-17 21:36 - 00000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
                                                  2016-11-16 20:49 - 2016-11-16 20:49 - 00001177 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
                                                  2016-11-16 20:49 - 2016-11-16 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
                                                  2016-11-16 20:49 - 2016-11-16 20:49 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
                                                  2016-11-16 20:21 - 2016-11-16 20:21 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
                                                  2016-11-16 20:21 - 2016-11-16 20:21 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
                                                  2016-11-16 20:08 - 2016-11-16 20:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ZHP
                                                  2016-11-15 23:07 - 2016-11-18 20:57 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
                                                  2016-11-15 23:07 - 2016-11-18 20:57 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
                                                  2016-11-15 23:07 - 2016-11-18 20:50 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
                                                  2016-11-15 23:07 - 2016-11-18 20:50 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
                                                  2016-11-15 23:07 - 2016-11-15 23:07 - 00002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
                                                  2016-11-15 22:35 - 2016-11-15 22:35 - 00013036 _____ C:\Users\Owner\Desktop\Fixlog.M.txt
                                                  2016-11-15 19:41 - 2016-11-15 22:32 - 00022336 _____ C:\Users\Owner\Desktop\INFO.txt
                                                  2016-11-15 13:33 - 2016-11-15 13:33 - 00000000 ____D C:\zoek
                                                  2016-11-15 13:24 - 2016-11-15 13:34 - 00003148 _____ C:\runcheck.txt
                                                  2016-11-15 13:24 - 2016-11-15 13:34 - 00000000 ____D C:\zoek_backup
                                                  2016-11-15 12:45 - 2016-11-17 21:36 - 02412032 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
                                                  2016-11-15 11:47 - 2016-11-15 11:47 - 01309184 _____ C:\Users\Owner\Desktop\zoek.exe
                                                  2016-11-15 11:34 - 2016-11-15 11:34 - 00000078 _____ C:\Users\Owner\Desktop\Zoek.Code.txt
                                                  2016-11-14 21:34 - 2016-11-14 21:34 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill_2.8.4.0.exe
                                                  2016-11-14 12:50 - 2016-11-14 12:56 - 00219198 _____ C:\TDSSKiller.3.1.0.12_14.11.2016_12.50.13_log.txt
                                                  2016-11-14 12:48 - 2016-11-18 21:02 - 00000000 ____D C:\FRST
                                                  2016-11-14 12:00 - 2016-11-14 12:00 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Owner\Desktop\tdsskiller.exe
                                                  2016-11-13 16:14 - 2016-11-18 21:02 - 00044539 _____ C:\Windows\ZAM.krnl.trace
                                                  2016-11-13 16:14 - 2016-11-18 21:02 - 00013861 _____ C:\Windows\ZAM_Guard.krnl.trace
                                                  2016-11-13 16:14 - 2016-11-13 16:14 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
                                                  2016-11-13 16:14 - 2016-11-13 16:14 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
                                                  2016-11-13 16:14 - 2016-11-13 16:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Zemana
                                                  2016-11-13 15:54 - 2016-11-18 14:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
                                                  2016-11-13 15:54 - 2016-11-13 15:54 - 00001131 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
                                                  2016-11-13 15:54 - 2016-11-13 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
                                                  2016-11-13 15:54 - 2016-11-13 15:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
                                                  2016-11-13 15:54 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
                                                  2016-11-13 15:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
                                                  2016-11-13 15:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
                                                  2016-11-13 15:25 - 2016-11-18 15:34 - 00000000 ____D C:\AdwCleaner
                                                  2016-11-13 14:54 - 2016-11-13 14:54 - 03910208 _____ C:\Users\Owner\Desktop\adwcleaner_6.030.exe
                                                  2016-11-13 14:03 - 2016-11-13 14:30 - 00000000 ____D C:\Users\Owner\Desktop\PandaCloudCleaner
                                                  2016-11-13 13:17 - 2016-11-13 13:17 - 00000000 ____D C:\Quarantine
                                                  2016-11-13 13:04 - 2016-11-13 13:22 - 00000000 ____D C:\Program Files (x86)\stinger
                                                  2016-11-13 11:46 - 2016-11-13 14:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
                                                  2016-11-13 10:51 - 2016-11-13 10:51 - 00748192 _____ (TechGuy, Inc.) C:\Users\Owner\Downloads\SysInfo.exe
                                                  2016-11-13 00:07 - 2016-11-13 00:07 - 00000000 ____D C:\ProgramData\Malwarebytes
                                                  2016-11-12 23:41 - 2016-11-12 23:41 - 00524248 _____ (F-Secure Corporation) C:\Users\Owner\Desktop\F-SecureOnlineScanner.exe
                                                  2016-11-12 23:35 - 2016-11-12 23:35 - 00021464 _____ C:\ComboFix.txt
                                                  2016-11-12 23:08 - 2016-11-12 23:08 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Owner\Desktop\esetonlinescanner_enu.exe
                                                  2016-11-12 22:24 - 2016-11-18 11:01 - 00000000 ____D C:\Users\Owner\AppData\Local\FSDART
                                                  2016-11-12 22:24 - 2016-11-13 11:36 - 00000000 ____D C:\ProgramData\F-Secure
                                                  2016-11-12 22:24 - 2016-11-12 22:24 - 00000000 ____D C:\Users\Owner\AppData\Local\F-Secure
                                                  2016-11-12 22:14 - 2016-11-12 22:14 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET
                                                  2016-11-07 20:45 - 2016-10-25 15:00 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
                                                  2016-11-07 20:42 - 2016-10-25 20:06 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
                                                  2016-11-07 20:42 - 2016-10-25 20:06 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 40123840 _____ C:\Windows\system32\nvcompiler.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 35224632 _____ C:\Windows\SysWOW64\nvcompiler.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 34701760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 28138552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 17429080 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 17348752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 14397272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 14033976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 10912232 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 10773504 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 10324400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 09113296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 08913512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 08716056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 03628992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 03193912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437570.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437570.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 01037248 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00945208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00897080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00439864 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
                                                  2016-11-07 20:42 - 2016-10-25 16:39 - 00000669 _____ C:\Windows\system32\nv-vk64.json
                                                  2016-11-07 20:35 - 2016-10-25 15:21 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
                                                  2016-11-07 20:35 - 2016-10-25 15:21 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
                                                  2016-11-07 20:35 - 2016-10-25 15:21 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
                                                  2016-11-02 10:42 - 2016-11-02 10:42 - 00001004 _____ C:\Users\Owner\Desktop\TOU_Winter - Shortcut.lnk
                                                  2016-11-02 10:38 - 2016-11-02 10:38 - 00001004 _____ C:\Users\Owner\Desktop\TOU_Summer - Shortcut.lnk
                                                  2016-10-27 13:44 - 2016-10-27 13:44 - 04965616 _____ (Interactive Brokers LLC) C:\Users\Owner\Downloads\tws-latest-windows-x86.exe
                                                  2016-10-27 13:44 - 2016-10-27 13:44 - 00001427 _____ C:\Users\Public\Desktop\Trader Workstation.lnk

                                                  ==================== One Month Modified files and folders ========

                                                  (If an entry is included in the fixlist, the file/folder will be moved.)

                                                  2016-11-18 21:01 - 2009-07-14 00:13 - 00915794 _____ C:\Windows\system32\PerfStringBackup.INI
                                                  2016-11-18 21:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
                                                  2016-11-18 20:57 - 2016-03-08 21:29 - 00000000 ____D C:\Program Files\COMODO
                                                  2016-11-18 20:57 - 2015-06-11 19:00 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job
                                                  2016-11-18 20:57 - 2014-07-23 17:37 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job
                                                  2016-11-18 20:57 - 2014-02-11 00:50 - 00000000 __D C:\ProgramData\NVIDIA
                                                  2016-11-18 20:57 - 2009-07-14 00:08 - 00000006 H C:\Windows\Tasks\SA.DAT
                                                  2016-11-18 20:50 - 2016-10-09 22:37 - 00003600 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon                                                  {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
                                                  2016-11-18 20:50 - 2016-09-11 19:51 - 00003838 _____ C:\Windows\System32\Tasks\NvTmRep                                                  {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
                                                  2016-11-18 20:50 - 2016-09-11 19:51 - 00003838 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily                                                  {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
                                                  2016-11-18 20:50 - 2016-09-11 19:51 - 00003788 _____ C:\Windows\System32\Tasks\NvNodeLauncher                                                  {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
                                                  2016-11-18 20:50 - 2016-09-11 19:51 - 00003776 _____ C:\Windows\System32\Tasks\NvTmMon                                                  {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
                                                  2016-11-18 20:50 - 2016-09-11 19:51 - 00003540 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon                                                  {B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
                                                  2016-11-18 20:50 - 2016-08-29 16:04 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1472504661
                                                  2016-11-18 20:50 - 2015-06-11 19:00 - 00003690 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000
                                                  2016-11-18 20:50 - 2014-07-23 17:37 - 00003594 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000
                                                  2016-11-18 20:50 - 2014-07-20 17:31 - 00003810 _____ C:\Windows\System32\Tasks\TechSmith Updater
                                                  2016-11-18 20:50 - 2014-07-20 16:41 - 00004000 _____ C:\Windows\System32\Tasks{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}
                                                  2016-11-18 20:50 - 2014-03-03 15:49 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
                                                  2016-11-18 20:49 - 2014-12-26 12:00 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
                                                  2016-11-18 20:06 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
                                                  2016-11-18 20:06 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
                                                  2016-11-18 13:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
                                                  2016-11-18 03:46 - 2014-03-25 23:05 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
                                                  2016-11-18 02:24 - 2014-02-10 00:09 - 00000000 ____D C:\Users\Owner
                                                  2016-11-16 19:56 - 2016-09-20 20:40 - 00000000 ____D C:\Users\Owner\Downloads\CFix
                                                  2016-11-16 10:06 - 2014-08-25 21:25 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
                                                  2016-11-15 23:33 - 2016-09-18 13:06 - 00000066 ___SH C:\Users\Owner\3824700-18.cbr
                                                  2016-11-15 23:33 - 2014-02-10 00:09 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
                                                  2016-11-15 23:07 - 2014-03-03 16:06 - 00000000 ____D C:\Program Files (x86)\Google
                                                  2016-11-15 23:07 - 2014-02-11 00:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
                                                  2016-11-15 22:58 - 2014-07-20 20:08 - 00000028 _____ C:\Windows\ODBC.INI
                                                  2016-11-15 22:57 - 2014-05-13 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
                                                  2016-11-15 22:57 - 2014-03-19 17:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
                                                  2016-11-15 22:57 - 2014-03-19 17:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla
                                                  2016-11-15 22:54 - 2016-08-29 16:03 - 00000000 ____D C:\Program Files (x86)\Opera
                                                  2016-11-15 12:51 - 2016-02-28 13:24 - 00000000 ___SD C:\Users\Owner\AppData\LocalLow\Temp
                                                  2016-11-15 12:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
                                                  2016-11-13 13:49 - 2016-06-10 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXDD Malta - MetaTrader 4-1
                                                  2016-11-13 13:26 - 2014-10-18 21:31 - 00001311 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
                                                  2016-11-13 12:08 - 2010-11-20 22:24 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
                                                  2016-11-12 23:34 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
                                                  2016-11-12 23:32 - 2016-08-29 12:51 - 00000000 ____D C:\Windows\erdnt
                                                  2016-11-12 23:11 - 2009-07-14 00:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
                                                  2016-11-12 21:22 - 2014-03-03 16:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
                                                  2016-11-12 21:21 - 2014-03-03 16:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
                                                  2016-11-09 09:34 - 2016-02-23 18:29 - 06948888 _____ (Geek Uninstaller) C:\Users\Owner\Desktop\geek.exe
                                                  2016-11-08 20:38 - 2014-02-11 00:52 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA Corporation
                                                  2016-11-07 20:46 - 2014-02-11 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
                                                  2016-11-07 20:46 - 2014-02-11 00:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
                                                  2016-11-07 20:45 - 2016-03-21 08:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
                                                  2016-11-07 20:44 - 2014-02-11 00:50 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
                                                  2016-11-07 20:44 - 2014-02-11 00:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
                                                  2016-11-07 20:35 - 2016-09-11 19:51 - 00001441 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
                                                  2016-11-06 08:56 - 2015-12-18 22:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
                                                  2016-11-02 07:37 - 2014-03-03 09:20 - 00000000 ____D C:\Jts
                                                  2016-11-02 06:00 - 2016-02-23 18:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
                                                  2016-10-29 16:47 - 2016-01-12 12:00 - 00000000 ____D C:\Users\Owner\AppData\Local\WebEx
                                                  2016-10-29 16:46 - 2016-01-12 12:00 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\WebEx
                                                  2016-10-27 13:44 - 2016-09-20 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trader Workstation
                                                  2016-10-26 16:29 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
                                                  2016-10-25 20:06 - 2016-08-06 22:26 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
                                                  2016-10-25 16:39 - 2014-02-11 00:49 - 19925152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
                                                  2016-10-25 16:39 - 2014-02-11 00:49 - 03933968 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
                                                  2016-10-25 16:39 - 2014-02-11 00:49 - 03473368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
                                                  2016-10-25 16:39 - 2014-02-11 00:49 - 00041344 _____ C:\Windows\system32\nvinfo.pb
                                                  2016-10-25 15:21 - 2016-09-11 19:51 - 01854008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
                                                  2016-10-25 15:21 - 2016-09-11 19:51 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
                                                  2016-10-25 15:21 - 2016-09-11 19:51 - 01454136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
                                                  2016-10-25 15:21 - 2016-09-11 19:51 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
                                                  2016-10-25 15:21 - 2016-09-11 19:51 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
                                                  2016-10-25 15:17 - 2016-01-22 21:23 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
                                                  2016-10-25 15:17 - 2016-01-22 21:23 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
                                                  2016-10-25 15:17 - 2015-02-04 11:23 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
                                                  2016-10-25 15:17 - 2014-02-11 00:50 - 06386232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
                                                  2016-10-25 15:17 - 2014-02-11 00:50 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
                                                  2016-10-25 15:17 - 2014-02-11 00:50 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
                                                  2016-10-25 15:17 - 2014-02-11 00:50 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
                                                  2016-10-25 15:13 - 2016-09-11 19:51 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
                                                  2016-10-24 01:31 - 2014-02-11 00:50 - 07507695 _____ C:\Windows\system32\nvcoproc.bin
                                                  2016-10-19 18:20 - 2014-03-03 15:49 - 00001004 _____ C:\Users\Public\Desktop\CCleaner.lnk

                                                  ==================== Files in the root of some directories =======

                                                  2014-03-02 23:54 - 2014-03-02 23:54 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
                                                  2014-02-10 12:17 - 2014-02-10 12:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

                                                  ==================== Bamital & volsnap ======================

                                                  (There is no automatic fix for files that do not pass verification.)

                                                  C:\Windows\system32\winlogon.exe => File is digitally signed
                                                  C:\Windows\system32\wininit.exe => File is digitally signed
                                                  C:\Windows\SysWOW64\wininit.exe => File is digitally signed
                                                  C:\Windows\explorer.exe => File is digitally signed
                                                  C:\Windows\SysWOW64\explorer.exe => File is digitally signed
                                                  C:\Windows\system32\svchost.exe => File is digitally signed
                                                  C:\Windows\SysWOW64\svchost.exe => File is digitally signed
                                                  C:\Windows\system32\services.exe => File is digitally signed
                                                  C:\Windows\system32\User32.dll => File is digitally signed
                                                  C:\Windows\SysWOW64\User32.dll => File is digitally signed
                                                  C:\Windows\system32\userinit.exe => File is digitally signed
                                                  C:\Windows\SysWOW64\userinit.exe => File is digitally signed
                                                  C:\Windows\system32\rpcss.dll => File is digitally signed
                                                  C:\Windows\system32\dnsapi.dll => File is digitally signed
                                                  C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
                                                  C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

                                                  LastRegBack: 2016-11-14 10:25

                                                  ==================== End of FRST.txt ============================
                                                  [HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
                                                  Ran by Owner (18-11-2016 21:02:27)
                                                  Running from C:\Users\Owner\Desktop
                                                  Windows 7 Professional Service Pack 1 (X64) (2014-02-10 05:09:30)
                                                  Boot Mode: Normal[/HEADING]
                                                  ==================== Accounts: =============================

                                                  Administrator (S-1-5-21-3707217111-3059912600-4169917813-500 - Administrator - Disabled)
                                                  Guest (S-1-5-21-3707217111-3059912600-4169917813-501 - Limited - Disabled)
                                                  Owner (S-1-5-21-3707217111-3059912600-4169917813-1000 - Administrator - Enabled) => C:\Users\Owner

                                                  ==================== Security Center ========================

                                                  (If an entry is included in the fixlist, it will be removed.)

                                                  AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
                                                  AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
                                                  AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                                                  FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

                                                  ==================== Installed Programs ======================

                                                  (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

                                                  7-Zip 9.20 (x64 edition) (HKLM...{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
                                                  Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
                                                  Adobe Flash Player 17 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
                                                  Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
                                                  AOMEI Backupper Standard Edition 2.5 (HKLM-x32...{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
                                                  Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32...{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.4.0 - Asmedia Technology)
                                                  BTMM Software (HKLM-x32...\BTMM Software) (Version: - )
                                                  BTMM WSM Viewer 3.7 (HKLM-x32...{64F8E2C6-A88D-4C0A-BA07-93F9FFA11A8E}}_is1) (Version: 3.7 - Beat the Market Maker)
                                                  CCleaner (HKLM...\CCleaner) (Version: 4.17 - Piriform)
                                                  Citrix Online Launcher (HKLM-x32...{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
                                                  Debut Video Capture Software (HKLM-x32...\Debut) (Version: - NCH Software)
                                                  Everything 1.3.4.686 (x64) (HKLM...\Everything) (Version: - )
                                                  FXDD Malta - MetaTrader 4 (HKLM-x32...\FXDD Malta - MetaTrader 4) (Version: 6.00 - MetaQuotes Software Corp.)
                                                  FXDD Malta - MetaTrader 4 (HKLM-x32...\FXDD Malta - MetaTrader 4-1) (Version: 4.00 - MetaQuotes Software Corp.)
                                                  Gizmo Central (HKLM-x32...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
                                                  Google Chrome (HKLM-x32...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
                                                  Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
                                                  Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
                                                  GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-3707217111-3059912600-4169917813-1000...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
                                                  GWX Control Panel (HKLM-x32...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
                                                  Intel(R) Management Engine Components (HKLM-x32...{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
                                                  Intel(R) Rapid Storage Technology (HKLM...{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
                                                  Java 8 Update 25 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
                                                  Java 8 Update 31 (HKLM-x32...{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
                                                  Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
                                                  Microsoft .NET Framework 4.6.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
                                                  Microsoft Office Professional Plus 2013 (HKLM-x32...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
                                                  Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
                                                  Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
                                                  Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
                                                  Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32...{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
                                                  Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
                                                  Network Recording Player (HKLM-x32...{D64DFCA4-1AEC-4B6A-8A3A-6C2E1B2E16BD}) (Version: 29.11.3.4862 - Cisco WebEx LLC)
                                                  NVIDIA 3D Vision Controller Driver 369.04 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
                                                  NVIDIA 3D Vision Driver 375.70 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
                                                  NVIDIA GeForce Experience 3.1.0.52 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
                                                  NVIDIA Graphics Driver 375.70 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
                                                  NVIDIA HD Audio Driver 1.3.34.17 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
                                                  NVIDIA PhysX System Software 9.16.0318 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
                                                  NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
                                                  NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
                                                  Opera Stable 41.0.2353.56 (HKLM-x32...\Opera 41.0.2353.56) (Version: 41.0.2353.56 - Opera Software)
                                                  Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
                                                  Panda Cloud Cleaner (HKLM-x32...{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.9 - Panda Security)
                                                  Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden
                                                  Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
                                                  Panda Free Antivirus (HKLM-x32...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
                                                  Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
                                                  Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
                                                  SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
                                                  SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
                                                  Snagit 12 (HKLM-x32...{a8dbd220-0251-433a-8cc0-8b2e0d67053b}) (Version: 12.1.0.1322 - TechSmith Corporation)
                                                  Snagit 12 (x32 Version: 12.1.0 - TechSmith Corporation) Hidden
                                                  Trader Workstation (HKLM-x32...\5889-6375-8446-2021) (Version: latest (959.1d) 20161026 17:20:13 - Interactive Brokers LLC)
                                                  VLC media player (HKLM...\VLC media player) (Version: 2.2.4 - VideoLAN)
                                                  Vulkan Run Time Libraries 1.0.26.0 (HKLM...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
                                                  Vulkan Run Time Libraries 1.0.3.0 (HKLM...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
                                                  WinRAR 5.00 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
                                                  Zemana AntiMalware (HKLM-x32...{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

                                                  ==================== Custom CLSID (Whitelisted): ==========================

                                                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                                                  CustomCLSID: HKU\S-1-5-21-3707217111-3059912600-4169917813-1000_Classes\CLSID{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 → C:\Users\Owner\AppData\Local\Citrix\GoToMeeting

                                                  \5808\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

                                                  ==================== Scheduled Tasks (Whitelisted) =============

                                                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                                                  Task: {054DF6B1-C0C5-477B-BA36-8E596BB7F10D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
                                                  Task: {3EE4F2EC-8A45-43C6-854A-2EDE6113F277} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
                                                  Task: {43B908A7-34DE-469C-8EC9-FDA7D168F818} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)
                                                  Task: {515FADEF-C8DA-41A6-88DD-A4E851464711} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
                                                  Task: {5CF539C9-8EE4-4387-88D3-CBD3C540261C} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2014-03-25] (NCH Software)
                                                  Task: {627D4F51-9196-43DF-A04D-B872C8B6DEFF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA

                                                  Corporation)
                                                  Task: {63ADC1E8-0A62-4658-A9D2-935AEEBC35B9} - System32\Tasks\Opera scheduled Autoupdate 1472504661 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-07] (Opera Software)
                                                  Task: {78CB52C6-2420-4117-BC17-944F2415D339} - System32\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\58 08\g2mupdate.exe [2016-11

                                                  -01] (Citrix Online, a division of Citrix Systems, Inc.)
                                                  Task: {79B5E9B1-7893-4DBD-B013-FBFE5FE0E7E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
                                                  Task: {7ED220D2-3F34-41E5-A3D0-1F5E1A517E5E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25]

                                                  (NVIDIA Corporation)
                                                  Task: {A33DAEBA-F917-4160-98A5-F3F9E7D33C27} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA

                                                  Corporation)
                                                  Task: {C32994E5-1867-4194-ADB3-B2BEAD9904EB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe

                                                  [2016-10-25] (NVIDIA Corporation)
                                                  Task: {C4551982-7BEC-4243-9194-74FB6DFE6175} - System32\Tasks{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2014-07-20] (Arainia Solutions)
                                                  Task: {D0BEEEBF-CD17-4AE2-A56B-EB783685BEC7} - System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\58 08\g2mupload.exe [2016-11

                                                  -01] (Citrix Online, a division of Citrix Systems, Inc.)
                                                  Task: {DBECA225-BEA2-4E24-824D-407830BC8221} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe

                                                  [2016-10-25] (NVIDIA Corporation)
                                                  Task: {E3DC60B8-AECD-43D0-8EB1-960DF854E78E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAge ntFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
                                                  Task: {E72EC86B-3D23-4084-BDD8-881206C004F4} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
                                                  Task: {E76D5133-5A44-4F50-BE32-F47E52A983BA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25]

                                                  (NVIDIA Corporation)
                                                  Task: {FB9C88AE-0821-4A9A-A3EC-E2081441377F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)

                                                  (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

                                                  Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\58 08\g2mupdate.exe
                                                  Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\58 08\g2mupload.exe
                                                  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
                                                  Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

                                                  ==================== Shortcuts =============================

                                                  (The entries could be listed to be restored or removed.)

                                                  Shortcut: C:\Users\Owner\Favorites\NCH Software Download Site.lnk → hxxp://www.nchsoftware.com/index.html

                                                  ==================== Loaded Modules (Whitelisted) ==============

                                                  2016-09-11 19:51 - 2016-10-25 15:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
                                                  2016-09-11 19:51 - 2016-10-25 15:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
                                                  2016-09-11 19:51 - 2016-10-25 15:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem_nvspse rviceplugin64.dll
                                                  2014-02-11 00:50 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
                                                  2014-01-21 19:07 - 2014-01-21 19:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00224984 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00286424 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00966360 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00278232 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00110296 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00675544 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
                                                  2015-04-21 21:00 - 2015-03-19 17:57 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
                                                  2015-04-21 21:00 - 2015-02-25 23:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
                                                  2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
                                                  2016-09-11 19:51 - 2016-10-25 15:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
                                                  2014-02-11 00:50 - 2013-07-26 12:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

                                                  ==================== Alternate Data Streams (Whitelisted) =========

                                                  (If an entry is included in the fixlist, only the ADS will be removed.)

                                                  AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [130]
                                                  AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\nvdispco6434725.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\nvdispco6434752.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\nvdispgenco6434725.dll:$CmdTcI D [64]
                                                  AlternateDataStreams: C:\Windows\system32\nvdispgenco6434752.dll:$CmdTcI D [64]
                                                  AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
                                                  AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdT cID [64]
                                                  AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [130]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdT cID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Users\Owner\Desktop\fxddmalta4setup_build610.ex e:$CmdTcID [64]
                                                  AlternateDataStreams: C:\Users\Owner\Downloads\nbr2player.msi:$CmdZnID [26]

                                                  ==================== Safe Mode (Whitelisted) ===================

                                                  (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

                                                  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\NanoServiceMain => “”=“Service”
                                                  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\PSUAService => “”=“Service”
                                                  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\NanoServiceMain => “”=“Service”
                                                  HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\PSUAService => “”=“Service”

                                                  ==================== Association (Whitelisted) ===============

                                                  (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

                                                  ==================== Internet Explorer trusted/restricted ===============

                                                  (If an entry is included in the fixlist, it will be removed from the registry.)

                                                  ==================== Hosts content: ===============================

                                                  (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

                                                  2009-07-13 21:34 - 2016-11-15 22:35 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

                                                  ==================== Other Areas ============================

                                                  (Currently there is no automatic fix for this section.)

                                                  HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\Control Panel\Desktop\Wallpaper → C:\Users\Owner\AppData\Roaming\Microsoft\Windows\T hemes\TranscodedWallpaper.jpg
                                                  DNS Servers: 192.168.2.1
                                                  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
                                                  Windows Firewall is enabled.

                                                  ==================== MSCONFIG/TASK MANAGER disabled items ==

                                                  MSCONFIG\startupreg: GizmoDriveDelegate => “C:\Program Files (x86)\Gizmo\gizmo.exe” /RemountStartupImages
                                                  MSCONFIG\startupreg: GwxControlPanelMonitor => “C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe” /traymode
                                                  MSCONFIG\startupreg: IAStorIcon => “C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe” “C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe” 60
                                                  MSCONFIG\startupreg: IMSS => “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe”
                                                  MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
                                                  MSCONFIG\startupreg: RTHDVCPL => “C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe” -s
                                                  MSCONFIG\startupreg: ShadowPlay => “C:\Windows\system32\rundll32.exe” C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSyst emStart
                                                  MSCONFIG\startupreg: ZAM => “C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe” /minimized

                                                  ==================== FirewallRules (Whitelisted) ===============

                                                  (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

                                                  FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
                                                  FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
                                                  FirewallRules: [{B1D29FB0-35CB-4D16-A4C5-607D778F7EB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

                                                  ==================== Restore Points =========================

                                                  15-11-2016 12:50:53 Restore Point Created by FRST
                                                  15-11-2016 13:25:34 zoek.exe restore point
                                                  15-11-2016 22:35:17 Restore Point Created by FRST
                                                  15-11-2016 22:58:47 Removed Privatefirewall 7.0
                                                  16-11-2016 19:59:58 JRT Pre-Junkware Removal
                                                  18-11-2016 10:47:09 Windows Defender Checkpoint

                                                  ==================== Faulty Device Manager Devices =============

                                                  ==================== Event log errors: =========================
                                                  [HEADING=1]Application errors:[/HEADING]
                                                  Error: (11/18/2016 08:58:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
                                                  Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in

                                                  namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                                                  Error: (11/18/2016 07:58:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
                                                  Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in

                                                  namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                                                  Error: (11/18/2016 03:35:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
                                                  Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in

                                                  namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                                                  Error: (11/18/2016 01:52:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
                                                  Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in

                                                  namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                                                  Error: (11/18/2016 01:16:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
                                                  Description: The program Everything.exe version 1.3.4.686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the

                                                  Action Center control panel.

                                                  Process ID: d60

                                                  Start Time: 01d241c7494a24c9

                                                  Termination Time: 3

                                                  Application Path: C:\Program Files\Everything\Everything.exe

                                                  Report Id: 12bc9f87-adbb-11e6-b2d8-bcee7b9eb32d

                                                  Error: (11/18/2016 12:53:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
                                                  Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the

                                                  Action Center control panel.

                                                  Process ID: 14b0

                                                  Start Time: 01d241c3a2b993d9

                                                  Termination Time: 0

                                                  Application Path: C:\Users\Owner\AppData\Local\Temp_iu14D2N.tmp

                                                  Report Id:

                                                  Error: (11/18/2016 12:42:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
                                                  Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in

                                                  namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                                                  Error: (11/18/2016 09:49:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
                                                  Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in

                                                  namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                                                  Error: (11/18/2016 02:24:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
                                                  Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in

                                                  namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

                                                  Error: (11/18/2016 01:54:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
                                                  Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in

                                                  namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
                                                  [HEADING=1]System errors:[/HEADING]
                                                  Error: (11/18/2016 08:57:21 PM) (Source: volmgr) (EventID: 46) (User: )
                                                  Description: Crash dump initialization failed!

                                                  Error: (11/18/2016 07:57:54 PM) (Source: volmgr) (EventID: 46) (User: )
                                                  Description: Crash dump initialization failed!

                                                  Error: (11/18/2016 03:35:00 PM) (Source: volmgr) (EventID: 46) (User: )
                                                  Description: Crash dump initialization failed!

                                                  Error: (11/18/2016 03:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
                                                  Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

                                                  Error: (11/18/2016 03:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
                                                  Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

                                                  Error: (11/18/2016 03:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
                                                  Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart

                                                  the service.

                                                  Error: (11/18/2016 03:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
                                                  Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

                                                  Error: (11/18/2016 03:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
                                                  Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

                                                  Error: (11/18/2016 03:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
                                                  Description: The COMODO BackUp Service service terminated unexpectedly. It has done this 1 time(s).

                                                  Error: (11/18/2016 03:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
                                                  Description: The COMODO Online Storage Service service terminated unexpectedly. It has done this 1 time(s).
                                                  [HEADING=1]CodeIntegrity:[/HEADING]
                                                  Date: 2016-08-29 13:55:26.876
                                                  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software

                                                  change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

                                                  Date: 2016-08-29 13:55:26.844
                                                  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software

                                                  change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

                                                  Date: 2014-12-16 20:53:38.146
                                                  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdvrt64. dll because the set of per-page image hashes could not be found on the

                                                  system.

                                                  ==================== Memory info ===========================

                                                  Processor: Intel(R) Core™ i7-4930K CPU @ 3.40GHz
                                                  Percentage of memory in use: 15%
                                                  Total physical RAM: 14276.8 MB
                                                  Available physical RAM: 12094.17 MB
                                                  Total Virtual: 14274.98 MB
                                                  Available Virtual: 11826.95 MB

                                                  ==================== Drives ================================

                                                  Drive c: (Kingston HyperX SSD 240GB) (Fixed) (Total:223.47 GB) (Free:153.13 GB) NTFS
                                                  Drive d: (2TB.Seagate.Barracuda) (Fixed) (Total:1863.01 GB) (Free:1242.64 GB) NTFS
                                                  Drive f: (2TB.WD.Black.Caviar) (Fixed) (Total:1863.01 GB) (Free:1382.13 GB) NTFS

                                                  ==================== MBR & Partition Table ==================

                                                  ================================================== ======
                                                  Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: CB504B49)
                                                  Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
                                                  Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

                                                  ================================================== ======
                                                  Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CB504B42)
                                                  Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

                                                  ================================================== ======
                                                  Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F47551AD)
                                                  Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

                                                  ==================== End of Addition.txt ============================

                                                    Comment

                                                    • Malnutrition
                                                      PCHF Moderator
                                                      • Jul 2016
                                                      • 7041
                                                      #14
                                                      Alright, this is a good bit of information to go over, so I will have a FRST fix for you tomorrow.

                                                      Can you tell me what issues remain with the machine?

                                                      Also, Download AUtoruns, and disable – untick all items under scheduled task, so long as they do not relate to Panda and then reboot.

                                                        Comment

                                                        • paulwb
                                                          PCHF Member
                                                          • Nov 2016
                                                          • 159
                                                          #15
                                                          The PC is running great. Browsers and programs are no longer freezing or crashing, all loading very quickly. The HDD indicator light has quieted down a lot.
                                                          1. What about the VulkanRT file that shows up as a BrowserModifier? Should it be deleted?
                                                          2. Windows Updates stall during download
                                                          3. I noticed just now that my total RAM is 14, and should be 16.

                                                          [ATTACH]836[/ATTACH]

                                                            Comment

                                                            Previous 1 2 3 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree