• Hi there and welcome to PC Help Forum (PCHF), a more effective way to get the Tech Support you need!
    We have Experts in all areas of Tech, including Malware Removal, Crash Fixing and BSOD's , Microsoft Windows, Computer DIY and PC Hardware, Networking, Gaming, Tablets and iPads, General and Specific Software Support and so much more.

    Why not Click Here To Sign Up and start enjoying great FREE Tech Support.

    This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Solved EXE Files Won't Run, Browsers, PC Crash

Status
Not open for further replies.
paulwb

paulwb

PCHF Member
PCHF Donator
Nov 14, 2016
159
27
59
Toronto Canada
#1
@Malnutrition

Good evening, need your expertise again.... the master blaster of malware :cool:

RE: System Manufacturer/Model Number > Custom Build February 23, 2014
OS > Windows 7 Pro SP1 64 bit
CPU > Intel Core i7-4930K @ 3.40GHz
Motherboard > ASUS P9X79 LE Quad Channel DDR3 2400
Memory > 16 GB G Skill Ripjaws Z DDR3 1866MHz
Graphics Card > ASUS GeForce GTX 770 2GB X 2
Browsers > Chrome, Mozilla, Opera
Antivirus > Panda AV, Privatefirewall

Below are the FRST files .... full PC specs at bottom of post.

I've run Panda AV, & ComboFix in Safe Mode but problem persists.
Tried to run FSecure & ESET online scanners but database updates stall.
Ran sfc/ scannow in Safe Mode and process stalls.
Windows Defender alerts shows the following:

2016.11.12_Browser.Modifier_Win32.SupTabblnk.JPG

2016.11.12_Browser.Modifier_Win32.SupTabblnk_VulkanRT.JPG


Apply action to disinfect which shows Successful, but alert reappears.
Tried running Windows Defender because Microsoft says it will remove Browser Modifier but get error message shown below.

2016.11.12_Error.Code.800106ba.JPG

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by Owner (administrator) on PS-CORSAIR (17-11-2016 21:36:44)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\COSService.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(COMODO Security Solutions) C:\Program Files\COMODO\COMMON\SynchronizationService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7204568 2013-11-04] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-07-26] (Intel Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\...\Run: [GizmoDriveDelegate] => C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2014-07-20] (Arainia Solutions)
ShellIconOverlayIdentifiers: [COSDriveIconOverlay] -> {5FDACB62-6B7B-4116-9403-C5E0D3852A57} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemInSyncIconOverlay] -> {68F287EF-DA6D-4595-AF52-90FF6CE52AFE} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemModifiedIconOverlay] -> {AE67D273-7253-4236-B55E-D40055B305D6} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemNewIconOverlay] -> {022F23E9-DA0F-4A86-A728-CAF6150C0B63} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)
ShellIconOverlayIdentifiers: [COSSyncItemUnsynchronizedIconOverlay] -> {4D7EE7CF-E7A1-45FE-8F80-3A37574918D7} => C:\Program Files\COMODO\COMMON\ShellExtension.dll [2014-10-07] (C-O-M-O-D-O)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{49B9C919-AC6C-48B4-B3F1-BAE2AAC57837}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3707217111-3059912600-4169917813-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-26] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3707217111-3059912600-4169917813-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-23] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-10-29] (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en
CHR StartupUrls: Default -> "hxxps://www.startpage.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-11-17]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-15]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-15]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-15]
CHR Extension: (TV) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2016-11-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-15]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2016-11-15]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2016-11-15]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfnahhhglp [2016-11-15]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj [2016-11-15]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-15]
CHR Extension: (Save to Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-11-15]
CHR Extension: (Send Anywhere (File Transfer)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihbikoooaenkpdooehgemieligjejcb [2016-11-15]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegbjmfnfh [2016-11-15]
CHR Extension: (Mailvelope) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-11-15]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2016-11-15]
CHR Extension: (Yesware Reports) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2016-11-15]
CHR Extension: (Boomerang for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-11-15]
CHR Extension: (Vend) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdebajikafa [2016-11-15]
CHR Extension: (Mailtrack for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-15]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2016-11-15]
CHR Extension: (Streak CRM for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-11-15]

Opera:
=======
OPR Extension: (HTTPS Everywhere) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2016-11-10]
OPR Extension: (uBlock Origin) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-11-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-03-19] (AOMEI Tech Co., Ltd.) [File not signed]
R2 COSService.exe; C:\Program Files\COMODO\COMMON\COSService.exe [3550400 2014-10-07] (COMODO Security Solutions)
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2014-07-20] (Arainia Solutions)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 SynchronizationService.exe; C:\Program Files\COMODO\COMMON\SynchronizationService.exe [2575552 2014-10-07] (COMODO Security Solutions)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] () [File not signed]
R0 bdisk; C:\Windows\System32\DRIVERS\bdisk.sys [85488 2014-10-07] (COMODO Security Solutions Inc.)
R0 CBUFS; C:\Windows\System32\DRIVERS\CBUFS.sys [230712 2014-10-07] (COMODO Security Solutions Inc.)
R0 cbvd; C:\Windows\System32\DRIVERS\cbvd.sys [677744 2014-10-07] (COMODO Security Solutions Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2014-07-20] (Arainia Solutions LLC)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R0 Reparse; C:\Windows\System32\DRIVERS\CBReparse.sys [674160 2014-10-07] (COMODO Security Solutions Inc.)
R3 vdbus; C:\Windows\System32\DRIVERS\vdbus.sys [826040 2014-10-07] (COMODO Security Solutions Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-11-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-11-13] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-17 21:36 - 2016-11-17 21:36 - 00021160 _____ C:\Users\Owner\Desktop\FRST.txt
2016-11-17 21:36 - 2016-11-17 21:36 - 00000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2016-11-17 08:00 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-11-16 20:49 - 2016-11-16 20:49 - 00001177 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-16 20:49 - 2016-11-16 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-16 20:49 - 2016-11-16 20:49 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-16 20:21 - 2016-11-16 20:21 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-11-16 20:21 - 2016-11-16 20:21 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-11-16 20:08 - 2016-11-16 20:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ZHP
2016-11-16 20:07 - 2016-11-16 20:07 - 00164692 _____ C:\Windows\ntbtlog.txt
2016-11-15 23:10 - 2016-11-15 23:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-11-15 23:07 - 2016-11-17 21:12 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 23:07 - 2016-11-17 08:00 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-15 23:07 - 2016-11-15 23:07 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-15 23:07 - 2016-11-15 23:07 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-15 23:07 - 2016-11-15 23:07 - 00002296 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-15 23:07 - 2016-11-15 23:07 - 00002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 22:35 - 2016-11-15 22:35 - 00013036 _____ C:\Users\Owner\Desktop\Fixlog.M.txt
2016-11-15 19:41 - 2016-11-15 22:32 - 00022336 _____ C:\Users\Owner\Desktop\INFO.txt
2016-11-15 13:33 - 2016-11-15 13:33 - 00000000 ____D C:\zoek
2016-11-15 13:24 - 2016-11-15 13:34 - 00003148 _____ C:\runcheck.txt
2016-11-15 13:24 - 2016-11-15 13:34 - 00000000 ____D C:\zoek_backup
2016-11-15 12:45 - 2016-11-17 21:36 - 02412032 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-11-15 11:47 - 2016-11-15 11:47 - 04186040 _____ C:\Users\Owner\Desktop\zoek.zip
2016-11-15 11:47 - 2016-11-15 11:47 - 01309184 _____ C:\Users\Owner\Desktop\zoek.exe
2016-11-15 11:34 - 2016-11-15 11:34 - 00000078 _____ C:\Users\Owner\Desktop\Zoek.Code.txt
2016-11-14 21:34 - 2016-11-14 21:34 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill_2.8.4.0.exe
2016-11-14 12:50 - 2016-11-14 12:56 - 00219198 _____ C:\TDSSKiller.3.1.0.12_14.11.2016_12.50.13_log.txt
2016-11-14 12:48 - 2016-11-17 21:36 - 00000000 ____D C:\FRST
2016-11-14 12:00 - 2016-11-14 12:00 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Owner\Desktop\tdsskiller.exe
2016-11-13 16:14 - 2016-11-17 21:36 - 00137055 _____ C:\Windows\ZAM.krnl.trace
2016-11-13 16:14 - 2016-11-17 21:36 - 00115261 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-13 16:14 - 2016-11-13 16:14 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-11-13 16:14 - 2016-11-13 16:14 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-11-13 16:14 - 2016-11-13 16:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Zemana
2016-11-13 15:54 - 2016-11-16 18:19 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 15:54 - 2016-11-13 15:54 - 00001131 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-13 15:54 - 2016-11-13 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-13 15:54 - 2016-11-13 15:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-13 15:54 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-13 15:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-13 15:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-13 15:25 - 2016-11-16 19:44 - 00000000 ____D C:\AdwCleaner
2016-11-13 14:54 - 2016-11-13 14:54 - 03910208 _____ C:\Users\Owner\Desktop\adwcleaner_6.030.exe
2016-11-13 14:03 - 2016-11-13 14:30 - 00000000 ____D C:\Users\Owner\Desktop\PandaCloudCleaner
2016-11-13 13:23 - 2016-11-13 13:23 - 37786232 _____ (Panda Security ) C:\Users\Owner\Desktop\PandaCloudCleaner.exe
2016-11-13 13:17 - 2016-11-13 13:17 - 00000000 ____D C:\Quarantine
2016-11-13 13:04 - 2016-11-13 13:22 - 00000000 ____D C:\Program Files (x86)\stinger
2016-11-13 11:46 - 2016-11-13 14:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-11-13 10:51 - 2016-11-13 10:51 - 00748192 _____ (TechGuy, Inc.) C:\Users\Owner\Downloads\SysInfo.exe
2016-11-13 00:07 - 2016-11-13 00:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-12 23:41 - 2016-11-12 23:41 - 00524248 _____ (F-Secure Corporation) C:\Users\Owner\Desktop\F-SecureOnlineScanner.exe
2016-11-12 23:35 - 2016-11-12 23:35 - 00021464 _____ C:\ComboFix.txt
2016-11-12 23:08 - 2016-11-12 23:08 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Owner\Desktop\esetonlinescanner_enu.exe
2016-11-12 22:24 - 2016-11-13 14:31 - 00000000 ____D C:\Users\Owner\AppData\Local\FSDART
2016-11-12 22:24 - 2016-11-13 11:36 - 00000000 ____D C:\ProgramData\F-Secure
2016-11-12 22:24 - 2016-11-12 22:24 - 00000000 ____D C:\Users\Owner\AppData\Local\F-Secure
2016-11-12 22:14 - 2016-11-12 22:14 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET
2016-11-07 20:45 - 2016-10-25 15:00 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-11-07 20:42 - 2016-10-25 20:06 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-11-07 20:42 - 2016-10-25 20:06 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 40123840 _____ C:\Windows\system32\nvcompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 35224632 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 34701760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 28138552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 17429080 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 17348752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 14397272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 14033976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-07 20:42 - 2016-10-25 16:39 - 10912232 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 10773504 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 10324400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 09113296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 08913512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 08716056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 03628992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 03193912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437570.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437570.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 01037248 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00945208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00897080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00439864 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-11-07 20:42 - 2016-10-25 16:39 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-11-07 20:35 - 2016-10-25 15:21 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-07 20:35 - 2016-10-25 15:21 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-07 20:35 - 2016-10-25 15:21 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-02 10:42 - 2016-11-02 10:42 - 00001004 _____ C:\Users\Owner\Desktop\TOU_Winter - Shortcut.lnk
2016-11-02 10:38 - 2016-11-02 10:38 - 00001004 _____ C:\Users\Owner\Desktop\TOU_Summer - Shortcut.lnk
2016-10-27 13:44 - 2016-10-27 13:44 - 04965616 _____ (Interactive Brokers LLC) C:\Users\Owner\Downloads\tws-latest-windows-x86.exe
2016-10-27 13:44 - 2016-10-27 13:44 - 00001427 _____ C:\Users\Public\Desktop\Trader Workstation.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-17 21:23 - 2014-07-23 17:37 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job
2016-11-17 20:30 - 2015-06-11 19:00 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job
2016-11-17 08:08 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-17 08:08 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-17 08:05 - 2009-07-14 00:13 - 00915794 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-17 08:05 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-17 08:01 - 2014-02-10 00:09 - 00000000 ____D C:\Users\Owner
2016-11-17 08:00 - 2014-02-11 00:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-17 08:00 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-16 19:56 - 2016-09-20 20:40 - 00000000 ____D C:\Users\Owner\Downloads\CFix
2016-11-16 15:55 - 2014-03-25 23:05 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-11-16 10:06 - 2014-08-25 21:25 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-11-15 23:33 - 2016-09-18 13:06 - 00000066 ___SH C:\Users\Owner\3824700-18.cbr
2016-11-15 23:33 - 2014-02-10 00:09 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2016-11-15 23:07 - 2014-03-03 16:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-15 23:07 - 2014-02-11 00:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-11-15 22:58 - 2014-07-20 20:08 - 00000028 _____ C:\Windows\ODBC.INI
2016-11-15 22:57 - 2014-05-13 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-15 22:57 - 2014-03-19 17:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-11-15 22:57 - 2014-03-19 17:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla
2016-11-15 22:54 - 2016-08-29 16:04 - 00003840 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1472504661
2016-11-15 22:54 - 2016-08-29 16:03 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-15 12:51 - 2016-02-28 13:24 - 00000000 ___SD C:\Users\Owner\AppData\LocalLow\Temp
2016-11-15 12:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-11-13 13:49 - 2016-06-10 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXDD Malta - MetaTrader 4-1
2016-11-13 13:26 - 2014-10-18 21:31 - 00001311 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2016-11-13 12:08 - 2010-11-20 22:24 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2016-11-12 23:34 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-11-12 23:32 - 2016-08-29 12:51 - 00000000 ____D C:\Windows\erdnt
2016-11-12 23:11 - 2009-07-14 00:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-12 21:22 - 2014-03-03 16:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
2016-11-12 21:21 - 2014-03-03 16:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2016-11-09 11:37 - 2014-12-26 12:00 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-09 09:34 - 2016-02-23 18:29 - 06948888 _____ (Geek Uninstaller) C:\Users\Owner\Desktop\geek.exe
2016-11-08 20:38 - 2014-02-11 00:52 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA Corporation
2016-11-07 20:46 - 2014-02-11 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-07 20:46 - 2014-02-11 00:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-07 20:45 - 2016-03-21 08:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-07 20:44 - 2014-02-11 00:50 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-07 20:44 - 2014-02-11 00:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-07 20:35 - 2016-10-09 22:37 - 00003598 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003836 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003836 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003786 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003774 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00003538 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-07 20:35 - 2016-09-11 19:51 - 00001441 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-06 08:56 - 2015-12-18 22:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 07:37 - 2014-03-03 09:20 - 00000000 ____D C:\Jts
2016-11-02 06:00 - 2016-02-23 18:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-11-01 07:11 - 2015-06-11 19:00 - 00003688 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000
2016-11-01 07:11 - 2014-07-23 17:37 - 00003592 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000
2016-10-29 16:47 - 2016-01-12 12:00 - 00000000 ____D C:\Users\Owner\AppData\Local\WebEx
2016-10-29 16:46 - 2016-01-12 12:00 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\WebEx
2016-10-27 13:44 - 2016-09-20 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trader Workstation
2016-10-26 16:29 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-25 20:06 - 2016-08-06 22:26 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 19925152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 03933968 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 03473368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-10-25 15:21 - 2016-09-11 19:51 - 01854008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 01454136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-10-25 15:17 - 2016-01-22 21:23 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-10-25 15:17 - 2016-01-22 21:23 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-10-25 15:17 - 2015-02-04 11:23 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 06386232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-10-25 15:13 - 2016-09-11 19:51 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-10-24 01:31 - 2014-02-11 00:50 - 07507695 _____ C:\Windows\system32\nvcoproc.bin
2016-10-19 18:20 - 2014-03-03 15:49 - 00001004 _____ C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======

2014-03-02 23:54 - 2014-03-02 23:54 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-02-10 12:17 - 2014-02-10 12:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\geek_x64.exe
C:\Users\Owner\AppData\Local\Temp\libeay32.dll
C:\Users\Owner\AppData\Local\Temp\msvcr120.dll
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\sys50bf.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-14 10:25

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Owner (17-11-2016 21:37:14)
Running from C:\Users\Owner\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-02-10 05:09:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3707217111-3059912600-4169917813-500 - Administrator - Disabled)
Guest (S-1-5-21-3707217111-3059912600-4169917813-501 - Limited - Disabled)
Owner (S-1-5-21-3707217111-3059912600-4169917813-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Disabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Disabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
AOMEI Backupper Standard Edition 2.5 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.4.0 - Asmedia Technology)
BTMM Software (HKLM-x32\...\BTMM Software) (Version: - )
BTMM WSM Viewer 3.7 (HKLM-x32\...\{64F8E2C6-A88D-4C0A-BA07-93F9FFA11A8E}}_is1) (Version: 3.7 - Beat the Market Maker)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
COMODO BackUp (HKLM\...\{B79E9FF2-D932-4FD5-BCAF-4DE6F2FBE521}) (Version: 4.4.1.23 - COMODO)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: - NCH Software)
FXDD Malta - MetaTrader 4 (HKLM-x32\...\FXDD Malta - MetaTrader 4) (Version: 6.00 - MetaQuotes Software Corp.)
FXDD Malta - MetaTrader 4 (HKLM-x32\...\FXDD Malta - MetaTrader 4-1) (Version: 4.00 - MetaQuotes Software Corp.)
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Network Recording Player (HKLM-x32\...\{D64DFCA4-1AEC-4B6A-8A3A-6C2E1B2E16BD}) (Version: 29.11.3.4862 - Cisco WebEx LLC)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Opera Stable 41.0.2353.56 (HKLM-x32\...\Opera 41.0.2353.56) (Version: 41.0.2353.56 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.9 - Panda Security)
Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Snagit 12 (HKLM-x32\...\{a8dbd220-0251-433a-8cc0-8b2e0d67053b}) (Version: 12.1.0.1322 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.1.0 - TechSmith Corporation) Hidden
Trader Workstation (HKLM-x32\...\5889-6375-8446-2021) (Version: latest (959.1d) 20161026 17:20:13 - Interactive Brokers LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3707217111-3059912600-4169917813-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054DF6B1-C0C5-477B-BA36-8E596BB7F10D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {3EE4F2EC-8A45-43C6-854A-2EDE6113F277} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {43B908A7-34DE-469C-8EC9-FDA7D168F818} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)
Task: {515FADEF-C8DA-41A6-88DD-A4E851464711} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {627D4F51-9196-43DF-A04D-B872C8B6DEFF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {63ADC1E8-0A62-4658-A9D2-935AEEBC35B9} - System32\Tasks\Opera scheduled Autoupdate 1472504661 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-07] (Opera Software)
Task: {78CB52C6-2420-4117-BC17-944F2415D339} - System32\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {79B5E9B1-7893-4DBD-B013-FBFE5FE0E7E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {7ED220D2-3F34-41E5-A3D0-1F5E1A517E5E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {A33DAEBA-F917-4160-98A5-F3F9E7D33C27} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {B79E76B8-8CD9-4FD4-9812-3DCEFB0056F8} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2014-03-25] (NCH Software)
Task: {C32994E5-1867-4194-ADB3-B2BEAD9904EB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {C4551982-7BEC-4243-9194-74FB6DFE6175} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2014-07-20] (Arainia Solutions)
Task: {D0BEEEBF-CD17-4AE2-A56B-EB783685BEC7} - System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DBECA225-BEA2-4E24-824D-407830BC8221} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {E3DC60B8-AECD-43D0-8EB1-960DF854E78E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {E72EC86B-3D23-4084-BDD8-881206C004F4} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
Task: {E76D5133-5A44-4F50-BE32-F47E52A983BA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {FB9C88AE-0821-4A9A-A3EC-E2081441377F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html

ShortcutWithArgument: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Send Anywhere (File Transfer).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=hihbikoooaenkpdooehgemieligjejcb

==================== Loaded Modules (Whitelisted) ==============

2016-09-11 19:51 - 2016-10-25 15:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-03-08 21:29 - 2014-10-07 05:55 - 01508032 _____ () C:\Program Files\COMODO\COMMON\LIBEAY32.dll
2016-03-08 21:29 - 2014-10-07 05:55 - 00338112 _____ () C:\Program Files\COMODO\COMMON\SSLEAY32.dll
2014-02-11 00:50 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-21 19:07 - 2014-01-21 19:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-20 16:41 - 2014-07-20 16:41 - 00367528 _____ () C:\Program Files (x86)\Gizmo\gshell-x64.dll
2016-11-16 20:49 - 2016-11-16 20:49 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00224984 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00286424 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00966360 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00278232 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00110296 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00675544 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2015-04-21 21:00 - 2015-02-25 23:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-09-11 19:51 - 2016-10-25 14:57 - 00506424 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-09-11 19:51 - 2016-10-25 14:57 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-09-11 19:51 - 2016-10-25 14:57 - 02808256 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-09-11 19:51 - 2016-10-25 15:21 - 00901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 03776056 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-11 19:51 - 2016-10-25 14:57 - 00246840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-09-11 19:51 - 2016-10-25 14:57 - 00436792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-09-11 19:51 - 2016-10-25 14:57 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-09-11 19:51 - 2016-10-25 14:57 - 00968248 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2014-02-11 00:50 - 2013-07-26 12:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Owner\Desktop\fxddmalta4setup_build610.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Owner\Downloads\nbr2player.msi:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-11-15 22:35 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B1D29FB0-35CB-4D16-A4C5-607D778F7EB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-11-2016 12:50:53 Restore Point Created by FRST
15-11-2016 13:25:34 zoek.exe restore point
15-11-2016 22:35:17 Restore Point Created by FRST
15-11-2016 22:58:47 Removed Privatefirewall 7.0
16-11-2016 19:59:58 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/17/2016 08:55:04 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (11/17/2016 08:55:04 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=2350}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (11/17/2016 08:00:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 08:35:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 08:14:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 08:09:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 07:46:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/16/2016 03:58:06 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (11/16/2016 03:58:06 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4300}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (11/16/2016 03:51:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/17/2016 07:59:54 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/16/2016 08:34:33 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/16/2016 08:13:31 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/16/2016 08:07:30 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/16/2016 08:07:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/16/2016 08:07:29 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/16/2016 08:07:28 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/16/2016 08:07:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/16/2016 08:07:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (11/16/2016 08:07:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
GizmoDrv
NNSALPC
NNSHTTP
NNSHTTPS
NNSIDS
NNSPICC
NNSPIHSW
NNSPOP3
NNSPROT
NNSPRV
NNSSMTP
NNSSTRM
NNSTLSC
PSINKNC
spldr
Wanarpv6


CodeIntegrity:
===================================
Date: 2016-08-29 13:55:26.876
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-29 13:55:26.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-16 20:53:38.146
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdvrt64.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 18%
Total physical RAM: 14276.8 MB
Available physical RAM: 11621.34 MB
Total Virtual: 14274.98 MB
Available Virtual: 11571.96 MB

==================== Drives ================================

Drive c: (Kingston HyperX SSD 240GB) (Fixed) (Total:223.47 GB) (Free:162.59 GB) NTFS
Drive d: (2TB.Seagate.Barracuda) (Fixed) (Total:1863.01 GB) (Free:1242.65 GB) NTFS
Drive f: (2TB.WD.Black.Caviar) (Fixed) (Total:1863.01 GB) (Free:1382.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: CB504B49)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CB504B42)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F47551AD)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

PC Specs
Computer Type > PC/Desktop
System Manufacturer/Model Number > Custom Build February 23, 2014
OS > Windows 7 Pro SP1 64 bit
CPU > Intel Core i7-4930K @ 3.40GHz
Motherboard > ASUS P9X79 LE Quad Channel DDR3 2400
Memory > 16 GB G Skill Ripjaws Z DDR3 1866MHz
Graphics Card > ASUS GeForce GTX 770 2GB X 2
Sound Card > Realtek ALC892 8-channel High Def Audio
Monitor(s) Displays > 23 inch ASUS LCDs X 2
Keyboard > Logitech K800
Mouse > Logitech G9X
PSU > Seasonic X-850 Gold 850 W
Case > Corsair Carbide Series 330R Mid Tower ATX
Cooling > Cooler Master Hyper 212 EVO CPU cooler
Hard Drives > 240 GB Kingston Hyper X SSD and 2TB Seagate HDD
Internet Speed > 15 Mbps DOWN - 2 Mbps UP
Browsers > Chrome, Mozilla, Opera
Antivirus > Panda AV, Privatefirewall
 
#2
Emsisoft Emergency Kit Scan

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program, this may take some time
  • Click on 2. Scan
  • Click Yes to detecting Potentially Unwanted Programs
  • Click Malware Scan
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste or attach the report to your reply
  • Close the program then click Close

9-Lab Scan.

  • Download 9-Lab Removal Tool.
  • CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
  • Install the program onto your computer, then right click the icon run as administrator.
  • Update the program and then run a full scan!
  • Make sure the program updates, might be better to install it update reboot and check for updates again.
  • You need to make sure the database updates!!!
  • Upon Scan Completion Click on Show Results.
  • Then Click On Clean
  • Then Click on Save Log.
  • Save it to your desktop, copy and paste the contents of the log here in your next reply.
 
  • Like
Reactions: paulwb
#5
Also, I see that you have Zemana installed. Let's run a deep scan with it.

Zemana Deep Scan.

  • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: Into the area of Zemana that reads Drag and drop files here to scan them.
  • bOVO6lY.png
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.
 
Last edited:
#6
9-Lab stalled again.

Here is the Emsisoft report ...
Emsisoft Emergency Kit - Version 11.9
Last update: 17/11/2016 11:17:28 PM
User account: PS-CORSAIR\Owner
Computer name: PS-CORSAIR
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 17/11/2016 11:20:11 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-3707217111-3059912600-4169917813-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)

Scanned 74991
Found 3

Scan end: 17/11/2016 11:20:51 PM
Scan time: 0:00:40

Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Setting.NoRun (A)
Value: HKEY_USERS\S-1-5-21-3707217111-3059912600-4169917813-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Setting.NoRun (A)

Quarantined 2


Here is the Zeman report ....

Zemana AntiMalware 2.60.2.1 (Installed)

-------------------------------------------------------
Scan Result : Completed
Scan Date : 2016/11/18
Operating System : Windows 7 64-bit
Processor : 12X Intel(R) Core(TM) i7-4930K CPU @ 3.40GHz
BIOS Mode : Legacy
CUID : 12643313D681278AC1EB11
Scan Type : Custom Scan
Duration : 12m 8s
Scanned Objects : 192081
Detected Objects : 1
Excluded Objects : 3
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

PandaSecurityTb.exe
Status : Scanned
Object : %programfiles%\panda security\panda security protection\tools\pandasecuritytb.exe
MD5 : 6B349A684970E51ABD8823846A6EFD41
Publisher : Visicom Media Inc.
Size : 4903664
Version : 4.3.1.9
Detection : Adware:Win32/VisicomToolbar!Ep
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\panda security\panda security protection\tools\pandasecuritytb.exe

䎤̘䏌̘妌̙䏴̘䐜̘쓼̗䑄̘䑬̘䒔̘妼̙姬̙씜̗셬̧灄̢씼̗앜̗̤야̗䒼̘얜̗얼̗娜̙範̣솴̧灼̢婌̙䓤̘䯬̣䰬̣䱬̣쇼̧炴̢烬̢䲬̣䳬̣엜̗염̗∌̨쉄̧䔌̘옜̗옼̗왜̗왼̗䔴̘䕜̘焤̢煜̢婼̙媬̙嫜̙䖄̘쳼̡䴬̣嬌̙̤욜̗嬼̙熔̢䖬̘䗔̘燌̢䵬̣욼̗䗼̘웜̗孬̙宜̙웼̗爄̢爼̢富̙导̙尬̙屜̙윜̗岌̙으̗岼̙읜̗䘤̘䙌̘牴̢일̗잜̗잼̗䙴̘䚜̘峬̙崜̙嵌̙嵼̙䛄̘嶬̙巜̙䛬̘希̙犬̢狤̢䜔̘䜼̘䝤̘䞌̘帼̙䶬̣䞴̘䟜̘幬̙䠄̘府̙廌̙䠬̘쟜̗廼̙䡔̘̤䡼̘䢤̘䣌̘䣴̘쟼̗䤜̘䥄̘猜̢獔̢제̗젼̗졜̗졼̗좜̗좼̗죜̗주̗줜̗줼̗쥜̗쥼̗즜̗즼̗짜̗짼̗䥬̘쨜̗̤쨼̗쩜̗䦔̘䦼̘
 
#7
Run a quick scan with 9-Lab if it stalls again uninstall it and forget it.

Full Scan with Loaris Trojan Remover.

Note: This is a trial software... -- Even if you are given the option to remove threats, do not do so. Let me choose if they need to go or not.

  • Download Loaris Trojan Remover
  • Install the program.
  • Go to settings -- Scan Options.
  • Make sure Heuristics is set to High.
  • Make sure Deep Scan Slow it ticked.
  • Then Click Update -- Update virus signature database.
  • Go to scan, then select Full Scan.
  • When the scan is complete -- go to log files.
  • Double click on the red writing where it says detected items.
  • A notepad will open.
  • Click on edit --- Select All.
  • Right click and select Copy.
  • Paste the contents of that log here in your next reply.
  • Close the program & Uninstall it.
Security Check Scan


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the scan completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
Removing M$ Spyware

Lets remove the GWX Folder and M$ Telemetry from your machine, those are basically M$ spyware and those also will slow your machine.

Get the Everything Search Engine
Install Program, Right Click Run As Admin. Type GWX into search window.
Then Click Edit.
Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.
Now repeat the above process for the following words, one at a time.


Telemetry DiagTrack

Please also see the links below to disable M$ Spying.

http://www.ghacks.net/2015/05/12/how-to-disable-the-diagnostics-tracking-service-in-windows/
http://www.kjrnet.com/Info/Windows 7 Hidden Settings 2.html
 
Last edited:
  • Like
Reactions: paulwb
#8
It's baaaaaaaaccckkk..... !!!
9-Lab froze again. While uninstalling with geek, the original Win Defender alert popups reappeared again.
I apply the action to disinfect, and it reappears. Previously, it took 7-8 tries before it worked. But now it's back ....
The vulkanRT file is appears to be connected with NVIDIA drivers. Many have come across this before.
https://forums.geforce.com/default/...vered-in-the-latest-driver-download/?offset=4
Some say false positive but Win Defender shows alerts, other posts refer to so-called telemetry aka tracking malware from Nvidia
I do see a NVIDIA new driver update.....
There is a youtube video on How to remove VulkanInfo.exe ....

I'll be continuing with the scans you recommended in the last post.

2016.11.18_Browser.Mod.Appeared.Again1.JPG


2016.11.18_Browser.Mod.Appeared.Again2JPG.JPG


2016.11.18_Browser.Mod.Appeared.Again3JPG.JPG


It reappears after applying action and file supposedly removed.
2016.11.18_Browser.Mod.Appeared.Again5JPG.JPG


2016.11.18_vulkanRT.Uninstalled.JPG


2016.11.18_vulkanRT.Uninstalled1.JPG


 
Last edited:
#9
Hi M,
RE the Everthing Search Engine, you said " Now repeat the above process for the following words, one at a time."
Which following words? Is there suppose to be a list of words below that sentence?

** OK, I see the words, thought they referred to the info below them
- 1. Telemetry 2. Diag 3. Track ( I assume 2 & 3 are separate words )

** Also, cannot uninstall Loaris using geek, stalls.


Malnutrition said:
Run a quick scan with 9-Lab if it stalls again uninstall it and forget it.

Full Scan with Loaris Trojan Remover.

Note: This is a trial software... -- Even if you are given the option to remove threats, do not do so. Let me choose if they need to go or not.

  • Download Loaris Trojan Remover
  • Install the program.
  • Go to settings -- Scan Options.
  • Make sure Heuristics is set to High.
  • Make sure Deep Scan Slow it ticked.
  • Then Click Update -- Update virus signature database.
  • Go to scan, then select Full Scan.
  • When the scan is complete -- go to log files.
  • Double click on the red writing where it says detected items.
  • A notepad will open.
  • Click on edit --- Select All.
  • Right click and select Copy.
  • Paste the contents of that log here in your next reply.
  • Close the program & Uninstall it.
Security Check Scan


  • Download Security Check to your desktop.
  • Right click it run as administrator.
  • When the scan completes, the tool will automatically open a log file.
  • Please post that log here in your next post.
Removing M$ Spyware

Lets remove the GWX Folder and M$ Telemetry from your machine, those are basically M$ spyware and those also will slow your machine.

Get the Everything Search Engine
Install Program, Right Click Run As Admin. Type GWX into search window.
Then Click Edit.
Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.
Now repeat the above process for the following words, one at a time.


Telemetry DiagTrack

Please also see the links below to disable M$ Spying.

http://www.ghacks.net/2015/05/12/how-to-disable-the-diagnostics-tracking-service-in-windows/
http://www.kjrnet.com/Info/Windows 7 Hidden Settings 2.html
Click to expand...
 
Last edited:
#10
Below are the Loaris, Security Check & Everything Search logs ..... also, followed intrux as per disabling M$ spying links.

Trojan Remover v.2.0.24
Report file date: 18/11/2016 11:50:52 AM
Last update: 18/11/2016 11:50:02 AM

Scanning for 802183 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Windows 7 Professional x64 (version 6.1)
Username: Owner
Computer name: PS-CORSAIR

Starting the file scan:

Full Scan started
Scanning process...
----- c:\users\owner\appdata\roaming\ZHP\Quarantine\hosts ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: 90C8F3BA7DB5CB3562298C2E11C97C52:35


----- c:\users\owner\appdata\roaming\ZHP\Quarantine\https_d10lpsik1i8c69.cloudfront.net_0.localstorage ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: D57C6746BC79C1FA0C36094806225735:9216


----- c:\users\owner\appdata\roaming\ZHP\Quarantine\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: D41D8CD98F00B204E9800998ECF8427E:0


----- c:\users\owner\appdata\roaming\ZHP\Quarantine\wix{89AFB053-A343-46EF-97E4-D593AD7184E6}.SchedServiceConfig.rmi ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: 907A88D2BEDDBC4EAEBF6E0186A01E5B:288


----- c:\users\owner\appdata\roaming\ZHP\Tempo.txt ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: D41D8CD98F00B204E9800998ECF8427E:0


----- c:\users\owner\appdata\roaming\ZHP\Trace.txt ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: AC3F85DF9467ED96080254F38EB1F1EB:6308


----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner-[R]-16112016-20_10_52.txt ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: D2A6DD03776777B5C4180DF647C36BC1:1947


----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner--16112016-20_09_36.txt ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: 95E758CF44D7DAA70B3144E2A17F00D3:1832


----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner.exe ---- General Threat
Trojan.FPL.Rotbrow.vl
ProdVer: 3.3.14.0
FileVer: 2016.11.16.195
Signature verification: False
MD5: 65DA4274EB286028A8FEE696B75C4A8E:2494976
RIC: 23FDB51BA5FFEC20F1EDCE89A13CAFB0:76778
RFH: 1536:qExbsaPmYq4SiGgpR2xbHDtyEIVl0Ij236K31gRJ:qrJJi5UHDtyE8V236K30d
SUBS: Win32 GUI
PE: x86
EP: E8B5D00000E97FFEFFFFCCCCCCCCCCCCCCCCCC57568B7424108B4C24148B7C240C8BC18BD103C63BFE76083BF80F82680300000FBA25FC314C00017307F3A4E917
EPSEC: 0
EPRVA: 00027DCD
IBASE: 00400000
SEC:
.text:60000020:D28A820A1D9FF26CDA02D12B888BA4B4:581120
.rdata:40000040:79B14B254506B0DBC8CD0AD67FB70AD9:188928
.data:C0000040:9F9D6F746F1A415A63DE45F8B7983D33:20992
.rsrc:40000040:F64BEB6D6F6B3C0AACB60FC3E4306DAB:1673728
.reloc:42000040:6FCAE3CBBF6BFBABF5EC5BBE7CF612C3:29184


----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner.txt ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: 70A1F1AC1568D4EBA45E042C84C72B78:2288


----- c:\users\owner\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: 7B5E1D30E89E0EF1C86FECB977131673:38


----- c:\users\owner\appdata\roaming\ZHP\ZHPQ_Files.txt ---- General Threat
Trojan.FPL.Rotbrow.vl
MD5: 0E886B96B0D035DA127C56B347790044:875


----- c:\users\owner\appdata\roaming\ZHP\ ---- General Threat
Trojan.FPL.Rotbrow.vl


----- C:\$RECYCLE.BIN\S-1-5-21-3707217111-3059912600-4169917813-1000\$RF65RGY.zip ---- General Threat
Malware.Win32.Gen.sm
MD5: 4DBB21E5A883B50C408239E05D927BCB:4186040


----- C:\$RECYCLE.BIN\S-1-5-21-3707217111-3059912600-4169917813-1000\$RF65RGY.zip\zoek.exe ---- General Threat
Malware.Win32.Gen.sm
ProdVer: 5,0,0,1
FileVer: 5,0,0,1
Name: Zoek
Company: http:\/\/www.hijackthis.nl\/smeenk
Signature verification: False
NAC: 99299E80F7DAFE4C9D43DB5F58B173DC:35
MD5: 7EA0260488F304D68067A50B33A23AC2:1309184
RIC: FF6424C8D4F0AFF46A767882C86EC867:10032
RFH: 192:LE888JDcbZ4888KYPyr3ll/X1LA9ZdZSFv2IgTwoq+V:xiZxyr1l/FOgE1qo
SUBS: Win32 GUI
PE: x86
EP: 60BE157057008DBEEB9FE8FF5789E58D9C2480C1FFFF31C05039DC75FB4646536888092B005783C30453683CB813005683C3045350C70303000200909090909055
EPSEC: 1
EPRVA: 002B2860
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:9839E904B19A2AF8BAAA28DD22AFB553:1295360
.rsrc:C0000040:18D0905753B2A68E2D13659DC807AF14:13312


----- D:\.Corsair.Software_Downloads\FXCM_Scripts-Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip ---- General Threat
Malware.Win32.Gen.D704.sm!ff
MD5: E6545AA60E57359C2BDDEBFEC208CDB4:73076


----- D:\.Corsair.Software_Downloads\FXCM_Scripts-Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip\DailyFX News\Setup.exe ---- General Threat
Malware.Win32.Gen.D704.sm!ff
Signature verification: False
MD5: 5C5F36F22BE17E3A2BCA376C6118E421:96940
FUZ: 1536:SpgpHzb9dZVX9fHMvG0D3XJiPYXnj3WCW2EW58A4Romu/T2Fn7kuNmjkcLxWCfBF:QgXdZt9P6D3XJznj3WCW2EW5x45DZ7p+
RIC: 102242B9CA8463C70811C15C226B34E1:23424
RFH: 384:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96BlPNdi7znj3WUxW2EW5GzmVID:bZ/MZew/ig4RoBlldi7znj3WUxW2EW5g
SUBS: Win32 GUI
PE: x86
EP: 81EC8001000053555633DB57895C2418C74424106091400033F6C644241420FF15307040006801800000FF15B070400053FF157C7240006A08A318EC4200E8F12B
EPSEC: 0
EPRVA: 000030FA
IBASE: 00400000
SEC:
.text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:EDF58F8464AFD5BEF21628E6ED6A633B:26624


----- D:\.Corsair.Software_Downloads\FXCM_Scripts-Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip ---- General Threat
Malware.Win32.Gen.89AA.sm!ff
MD5: 4E775C4C984CAA2ADA230734A200220D:897465


----- D:\.Corsair.Software_Downloads\FXCM_Scripts-Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip\Risk Manager\setup.exe ---- General Threat
Malware.Win32.Gen.89AA.sm!ff
FileVer: 1.0.0.0
Name: FXCM Risk Management
Signature verification: False
NAC: 5FF6B545D28486EE4F43CB554385537F:20
MD5: 40B46FE7807D9B87C7DF9AAADF90313C:64991
FUZ: 1536:OpgpHzb9dZVX9fHMvG0D3XJG4Romu/nNWO7ztV/Xy4:UgXdZt9P6D3XJG458lb/Xy4
RIC: 58B43C26C3B5FE1C5B8EEACEC149D37E:13784
RFH: 192:6kZgHox9ZP2RqOSRMPCiBzxBc2BQQemDYa7/yI6kKh6M1hZ+0FAE8Sn2arNL6S:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96
SUBS: Win32 GUI
PE: x86
EP: 81EC8001000053555633DB57895C2418C74424106091400033F6C644241420FF15307040006801800000FF15B070400053FF157C7240006A08A318EC4200E8F12B
EPSEC: 0
EPRVA: 000030FA
IBASE: 00400000
SEC:
.text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:84EC7D2209E289BAC50ECCD1142B801C:17920


----- D:\.Corsair.Software_Downloads\Utilities\ultradefrag-7.0.0.bin.amd64.exe ---- General Threat
Malware.Win32.Gen.sm
FileVer: 7.0.0
Name: Ultra Defragmenter
Company: UltraDefrag Development Team
Signature verification: False
NAC: 581CBEB0101E48C3ECD756937DC066A2:46
MD5: B946C0C1EA7A1530E7DC588E310BD34F:2387006
RIC: 83631C6EE60CB4FD09321EACFD478F66:57714
RFH: 1536:rm+KmEWqG72KmGfkTcwSETgJYIWlyGKU8:rm+KmEWqG72Km1/Kg
SUBS: Win32 GUI
PE: x86
EP: 60BE00C043008DBE0050FCFF57EB0B908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF75098B1E83EEFC11
EPSEC: 1
EPRVA: 00040600
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:2914C76B87882DC1CD2DC8B386631D94:18432
.rsrc:C0000040:4D76D5F6DD794AC30F1EA7A9CFAF91B5:61440


----- D:\.Corsair.Software_Downloads\TechSmith Snagit v12.1.0 build 1322 Incl Keygen-TSZ [TorDigger]\keygen-tsz\Keygen.exe ---- General Threat
Malware.Win32.Gen.cs1
Signature verification: False
MD5: 377444369B7BD18E6D1C25A8750D35C5:83968
FUZ: 1536:WHoruMnw3SyNWHyWTCeu72TJJtyTbn+Vi6QTYYJ1nouy8EX:Wwuay4NTLu2lJQf+/MtoutET
RIC: D1EB2B45E19FC9CDC69F8FBBD8227CB9:7224
RFH: 48:lHkqh3sfnt4ujq2Epu8metqPrIXHimU7yxvVK666y22bs69YtnJgG3bagif+LqaD:ZCt4ujOUpACaHynLIn9TNNHOIO/bVg
SUBS: Win32 GUI
PE: x86
EP: 60BE00E041008DBE0030FEFF5789E58D9C2480C1FFFF31C05039DC75FB464653681EDD02005783C3045368FF1701005683C3045350C70303000000909090909055
EPSEC: 1
EPRVA: 0002F810
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:932AFEE10E547482DC70137792EA1736:74752
.rsrc:C0000040:2A21009FFBAF1E417AC5CF8B7969E732:8192


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Auto.Restart\FXBlueAuto-RestartSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 2EE63AFB09B5D99B0BA4AE6314813728:366299


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Auto.Restart\FXBlueAuto-RestartSetup.zip\FX Blue Auto-Restart Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 91E0D1F91C0A46DAC3885CB7CE4EFB08:367667
FUZ: 6144:0z9B57WTB0DDGnR5ahqAjuEBHpy6lZJH3fh5BMnHrfjKgg4VVGpQ:y9X7WThXahq6NJy0hcDumVGpQ
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorReceiverSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 9EBE948491F8C87DB27FD8F7B2A17AC8:912938


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorReceiverSetup.zip\FX Blue Trade Mirror Receiver Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 039443FF8582C0B16FFEBA66536650DE:671099
FUZ: 12288:y9X7WThQ46jwzXnoBn7ROsxOmLpk4fLtHCtxF5nhcDumVGpA:y9CThQ4hX4ROsxXLpk4RKhii2GpA
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorSenderSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 2B135F1B9485B209DBB2EA3033DB3A2A:754238


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorSenderSetup.zip\FX Blue Trade Mirror Sender Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 6A0D0A38C1484D1984F40D081B9B6647:569011
FUZ: 12288:y9X7WThIb2XqqAO2vg5vyF7eeNjGhgnu5qhkbDhcDumVGp2:y9CTh62XuO2MvylTq5Xii2Gp2
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue PL Manager\FXBluePLManagerSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 537EF0293760785EA24A1F5F722C101C:324776


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue PL Manager\FXBluePLManagerSetup.zip\FX Blue PL Manager Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 1C21D9E9F43F4C91DCC7A54D5ABC64D0:319670
FUZ: 6144:0z9B57WTB0DDGnISCiqs58cX9hXHYPlZJH3fh5BMnHrfjKgg4VVGpv:y9X7WTh9+knPXAhcDumVGpv
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Personal.Trade.Copier\FXBluePersonalTradeCopierSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: D23987C5BA06B905C9DCBC5B5CBBF7B8:1592610


----- D:\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Personal.Trade.Copier\FXBluePersonalTradeCopierSetup.zip\FX Blue Personal Trade Copier Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 496515538FA084784BDBD10C188744FC:1120959
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- C:\Users\Owner\Desktop\zoek.exe ---- General Threat
Malware.Win32.Gen.sm
ProdVer: 5,0,0,1
FileVer: 5,0,0,1
Name: Zoek
Company: http:\/\/www.hijackthis.nl\/smeenk
Signature verification: False
NAC: 99299E80F7DAFE4C9D43DB5F58B173DC:35
MD5: 7EA0260488F304D68067A50B33A23AC2:1309184
RIC: FF6424C8D4F0AFF46A767882C86EC867:10032
RFH: 192:LE888JDcbZ4888KYPyr3ll/X1LA9ZdZSFv2IgTwoq+V:xiZxyr1l/FOgE1qo
SUBS: Win32 GUI
PE: x86
EP: 60BE157057008DBEEB9FE8FF5789E58D9C2480C1FFFF31C05039DC75FB4646536888092B005783C30453683CB813005683C3045350C70303000200909090909055
EPSEC: 1
EPRVA: 002B2860
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:9839E904B19A2AF8BAAA28DD22AFB553:1295360
.rsrc:C0000040:18D0905753B2A68E2D13659DC807AF14:13312


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Auto.Restart\FXBlueAuto-RestartSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 2EE63AFB09B5D99B0BA4AE6314813728:366299


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Auto.Restart\FXBlueAuto-RestartSetup.zip\FX Blue Auto-Restart Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 91E0D1F91C0A46DAC3885CB7CE4EFB08:367667
FUZ: 6144:0z9B57WTB0DDGnR5ahqAjuEBHpy6lZJH3fh5BMnHrfjKgg4VVGpQ:y9X7WThXahq6NJy0hcDumVGpQ
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorReceiverSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 9EBE948491F8C87DB27FD8F7B2A17AC8:912938


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorReceiverSetup.zip\FX Blue Trade Mirror Receiver Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 039443FF8582C0B16FFEBA66536650DE:671099
FUZ: 12288:y9X7WThQ46jwzXnoBn7ROsxOmLpk4fLtHCtxF5nhcDumVGpA:y9CThQ4hX4ROsxXLpk4RKhii2GpA
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorSenderSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 2B135F1B9485B209DBB2EA3033DB3A2A:754238


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue Internet Trade Mirror\FXBlueTradeMirrorSenderSetup.zip\FX Blue Trade Mirror Sender Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 6A0D0A38C1484D1984F40D081B9B6647:569011
FUZ: 12288:y9X7WThIb2XqqAO2vg5vyF7eeNjGhgnu5qhkbDhcDumVGp2:y9CTh62XuO2MvylTq5Xii2Gp2
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue PL Manager\FXBluePLManagerSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: 537EF0293760785EA24A1F5F722C101C:324776


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\FX Blue PL Manager\FXBluePLManagerSetup.zip\FX Blue PL Manager Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 1C21D9E9F43F4C91DCC7A54D5ABC64D0:319670
FUZ: 6144:0z9B57WTB0DDGnISCiqs58cX9hXHYPlZJH3fh5BMnHrfjKgg4VVGpv:y9X7WTh9+knPXAhcDumVGpv
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Personal.Trade.Copier\FXBluePersonalTradeCopierSetup.zip ---- General Threat
Malware.Win32.Gen.sm!s1
MD5: D23987C5BA06B905C9DCBC5B5CBBF7B8:1592610


----- F:\D_full_files\0BTMM_Mauro.Steve\Indicators-Scripts-Custom\FX.Blue\Personal.Trade.Copier\FXBluePersonalTradeCopierSetup.zip\FX Blue Personal Trade Copier Setup.exe ---- General Threat
Malware.Win32.Gen.sm!s1
ProdVer: 1.0.1.0
FileVer: 1.0.1.0
Name: ExeWrapp Application
Signature verification: False
NAC: DF235A11E37E0218E38CF3594413B63B:20
MD5: 496515538FA084784BDBD10C188744FC:1120959
RIC: 3C458FCEF58355285BD0FA0D02BC1E41:18632
RFH: 192:mW+v1vR+RkcNTj/ErtDINynT+v1TshhS6zsVK9CKONEv5jvuyi4+09kCk9eGUqFM:mWQCk+/EBSCYKPU109xk9eG/dCqO6s
SUBS: Win32 GUI
PE: x86
EP: E866490000E978FEFFFF8BFF558BEC81EC28030000A388714100890D84714100891580714100891D7C714100893578714100893D74714100668C15A0714100668C
EPSEC: 0
EPRVA: 00005EDC
IBASE: 00400000
SEC:
.text:60000020:C070BAA688ACC05647A4B5A80E6223BA:59392
.rdata:40000040:2BC1935D809C6A04D7FC61339ABC0F54:23040
.data:C0000040:453A11DB6036D36D234F3F14CF8A4C1F:4608
.rsrc:40000040:C8442ACBB7F5D815CAC8A87351FACF66:20992
.reloc:42000040:84BD6202F7B90E6EB945E790EB26057A:6144


----- F:\D_full_files\Downloads.on.D.Drive\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip ---- General Threat
Malware.Win32.Gen.D704.sm!ff
MD5: E6545AA60E57359C2BDDEBFEC208CDB4:73076


----- F:\D_full_files\Downloads.on.D.Drive\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip\DailyFX News\Setup.exe ---- General Threat
Malware.Win32.Gen.D704.sm!ff
Signature verification: False
MD5: 5C5F36F22BE17E3A2BCA376C6118E421:96940
FUZ: 1536:SpgpHzb9dZVX9fHMvG0D3XJiPYXnj3WCW2EW58A4Romu/T2Fn7kuNmjkcLxWCfBF:QgXdZt9P6D3XJznj3WCW2EW5x45DZ7p+
RIC: 102242B9CA8463C70811C15C226B34E1:23424
RFH: 384:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96BlPNdi7znj3WUxW2EW5GzmVID:bZ/MZew/ig4RoBlldi7znj3WUxW2EW5g
SUBS: Win32 GUI
PE: x86
EP: 81EC8001000053555633DB57895C2418C74424106091400033F6C644241420FF15307040006801800000FF15B070400053FF157C7240006A08A318EC4200E8F12B
EPSEC: 0
EPRVA: 000030FA
IBASE: 00400000
SEC:
.text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:EDF58F8464AFD5BEF21628E6ED6A633B:26624


----- F:\D_full_files\Downloads.on.D.Drive\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip ---- General Threat
Malware.Win32.Gen.89AA.sm!ff
MD5: 4E775C4C984CAA2ADA230734A200220D:897465


----- F:\D_full_files\Downloads.on.D.Drive\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip\Risk Manager\setup.exe ---- General Threat
Malware.Win32.Gen.89AA.sm!ff
FileVer: 1.0.0.0
Name: FXCM Risk Management
Signature verification: False
NAC: 5FF6B545D28486EE4F43CB554385537F:20
MD5: 40B46FE7807D9B87C7DF9AAADF90313C:64991
FUZ: 1536:OpgpHzb9dZVX9fHMvG0D3XJG4Romu/nNWO7ztV/Xy4:UgXdZt9P6D3XJG458lb/Xy4
RIC: 58B43C26C3B5FE1C5B8EEACEC149D37E:13784
RFH: 192:6kZgHox9ZP2RqOSRMPCiBzxBc2BQQemDYa7/yI6kKh6M1hZ+0FAE8Sn2arNL6S:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96
SUBS: Win32 GUI
PE: x86
EP: 81EC8001000053555633DB57895C2418C74424106091400033F6C644241420FF15307040006801800000FF15B070400053FF157C7240006A08A318EC4200E8F12B
EPSEC: 0
EPRVA: 000030FA
IBASE: 00400000
SEC:
.text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:84EC7D2209E289BAC50ECCD1142B801C:17920


----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Software\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip ---- General Threat
Malware.Win32.Gen.D704.sm!ff
MD5: E6545AA60E57359C2BDDEBFEC208CDB4:73076


----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Software\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\dailyfx-news.zip\DailyFX News\Setup.exe ---- General Threat
Malware.Win32.Gen.D704.sm!ff
Signature verification: False
MD5: 5C5F36F22BE17E3A2BCA376C6118E421:96940
FUZ: 1536:SpgpHzb9dZVX9fHMvG0D3XJiPYXnj3WCW2EW58A4Romu/T2Fn7kuNmjkcLxWCfBF:QgXdZt9P6D3XJznj3WCW2EW5x45DZ7p+
RIC: 102242B9CA8463C70811C15C226B34E1:23424
RFH: 384:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96BlPNdi7znj3WUxW2EW5GzmVID:bZ/MZew/ig4RoBlldi7znj3WUxW2EW5g
SUBS: Win32 GUI
PE: x86
EP: 81EC8001000053555633DB57895C2418C74424106091400033F6C644241420FF15307040006801800000FF15B070400053FF157C7240006A08A318EC4200E8F12B
EPSEC: 0
EPRVA: 000030FA
IBASE: 00400000
SEC:
.text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:EDF58F8464AFD5BEF21628E6ED6A633B:26624


----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Software\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip ---- General Threat
Malware.Win32.Gen.89AA.sm!ff
MD5: 4E775C4C984CAA2ADA230734A200220D:897465


----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Software\FXCM Scripts, Indies\only compatible with FXCM Trading Station Desktop software\risk-manager.zip\Risk Manager\setup.exe ---- General Threat
Malware.Win32.Gen.89AA.sm!ff
FileVer: 1.0.0.0
Name: FXCM Risk Management
Signature verification: False
NAC: 5FF6B545D28486EE4F43CB554385537F:20
MD5: 40B46FE7807D9B87C7DF9AAADF90313C:64991
FUZ: 1536:OpgpHzb9dZVX9fHMvG0D3XJG4Romu/nNWO7ztV/Xy4:UgXdZt9P6D3XJG458lb/Xy4
RIC: 58B43C26C3B5FE1C5B8EEACEC149D37E:13784
RFH: 192:6kZgHox9ZP2RqOSRMPCiBzxBc2BQQemDYa7/yI6kKh6M1hZ+0FAE8Sn2arNL6S:bZgHoEQMp7e2BQHex/yvkKSO8SnRr96
SUBS: Win32 GUI
PE: x86
EP: 81EC8001000053555633DB57895C2418C74424106091400033F6C644241420FF15307040006801800000FF15B070400053FF157C7240006A08A318EC4200E8F12B
EPSEC: 0
EPRVA: 000030FA
IBASE: 00400000
SEC:
.text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:84EC7D2209E289BAC50ECCD1142B801C:17920


----- F:\D_full_files\Downloads.on.D.Drive\zCorsair.Software\TechSmith Snagit v12.1.0 build 1322 Incl Keygen-TSZ [TorDigger]\keygen-tsz\Keygen.exe ---- General Threat
Malware.Win32.Gen.cs1
Signature verification: False
MD5: 377444369B7BD18E6D1C25A8750D35C5:83968
FUZ: 1536:WHoruMnw3SyNWHyWTCeu72TJJtyTbn+Vi6QTYYJ1nouy8EX:Wwuay4NTLu2lJQf+/MtoutET
RIC: D1EB2B45E19FC9CDC69F8FBBD8227CB9:7224
RFH: 48:lHkqh3sfnt4ujq2Epu8metqPrIXHimU7yxvVK666y22bs69YtnJgG3bagif+LqaD:ZCt4ujOUpACaHynLIn9TNNHOIO/bVg
SUBS: Win32 GUI
PE: x86
EP: 60BE00E041008DBE0030FEFF5789E58D9C2480C1FFFF31C05039DC75FB464653681EDD02005783C3045368FF1701005683C3045350C70303000000909090909055
EPSEC: 1
EPRVA: 0002F810
IBASE: 00400000
SEC:
UPX0:E0000080:00000000000000000000000000000000:0
UPX1:E0000040:932AFEE10E547482DC70137792EA1736:74752
.rsrc:C0000040:2A21009FFBAF1E417AC5CF8B7969E732:8192


Scan completed

Scan result: 51 detected items
Scan completed in: Scan completed in 43 minute(s) 7 sec.
Files were scanned: 47169
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16]
WebSite: www.safezone.cc
DateLog: 18.11.2016 12:54:23
Path starting: C:\Users\Owner\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Owner
VersionXML: 3.51is-12.11.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) Professional Lang: English(0409)
Installation date OS: 10.02.2014 05:09:30
LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [223.5 Gb] Used: [67.1 Gb] Free: [156.4 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18426 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Notify before download
Date install updates: 2016-11-05 01:53:58
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2013 x86 v.15.0.4569.1506
---------------------------- [ Antivirus_WMI ] ----------------------------
Panda Free Antivirus (disabled)
---------------------------- [ Firewall_WMI ] -----------------------------
Panda Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Panda Free Antivirus (disabled)
Windows Defender (disabled and out of date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Panda Free Antivirus v.8.04.00.0000
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware version 2.2.1.1043 v.2.2.1.1043
Zemana AntiMalware v.2.60.1
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player v.2.2.4
WinRAR 5.00 (64-bit) v.5.00.0 Warning! Download Update
7-Zip 9.20 (x64 edition) v.9.20.00.0 Warning! Download Update
Uninstall old version and install new one.
Microsoft Silverlight v.5.1.30214.0 Warning! Download Update
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 25 v.8.0.250 Warning! Download Update
Uninstall old version and install new one (jre-8u112-windows-i586.exe).
Java 8 Update 31 v.8.0.310 Warning! Download Update
Uninstall old version and install new one (jre-8u112-windows-i586.exe).
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 17 NPAPI v.17.0.0.169 Warning! Download Update
Adobe Acrobat Reader DC v.15.020.20042
------------------------------- [ Browser ] -------------------------------
Google Chrome v.54.0.2840.99
Opera Stable 41.0.2353.56 v.41.0.2353.56
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe v.4.0.0.646
Panda Protection Service (NanoServiceMain) - The service has stopped
Panda Product Service (PSUAService) - The service has stopped
Panda Devices Agent (PandaAgent) - The service has stopped
Windows Defender (WinDefend) - The service has stopped
ZAM Controller Service (ZAMSvc) - The service is running
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe v.0.0.0.0
---------------------------- [ UnwantedApps ] -----------------------------
Loaris Trojan Remover 2.0.24 v.2.0.24 Warning! Suspected demo version of anti-spyware or optimization program - scareware or badware. Uninstallation recommended. Possible you became a victim of fraud or social engineering.
----------------------------- [ End of Log ] ------------------------------

GWX
C:\Windows\winsxs\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23396_none_ba1ea7c6f4920e24
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036
C:\Users\Owner\AppData\Local\GWX
C:\Windows\Logs\Gwx
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231
C:\Windows\winsxs\FileMaps\$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\FileMaps\$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\01b7a421073ed201ee1200009c07a807.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\01b7a421073ed201ef1200009c07a807.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1213d599d03dd2013141000078078407.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
D:\.Corsair.Software_Downloads\0AV.Alerts.Popups\2016.05.04_GWXUX.popup.JPG
C:\Windows\winsxs\Temp\PendingRenames\22605a9ad03dd2013c41000078078407.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ed120000f407a002.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ee120000f407a002.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ef120000f407a002.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6478674ed03dd201e912000078078407.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7c7a2417bd3dd201e9120000a407b007.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9398de99d03dd2013341000078078407.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a055a221073ed201ed1200009c07a807.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a1c7c079d03dd201aa2e000078078407.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-ins_31bf3856ad364e35_6.1.7601.23396_none_a8be71bc81a2397b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23396_none_ba1ea7c6f4920e24.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036.manifest
C:\Windows\winsxs\Temp\PendingRenames\c1fe579ad03dd2013b41000078078407.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e47c4ed03dd201ee12000078078407.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e47c4ed03dd201ef12000078078407.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d5f9c54d073ed201a72e00009c07a807.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\dee63917bd3dd201ee120000a407b007.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\dee63917bd3dd201ef120000a407b007.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fc0e68e4d43dd201a02e0000f407a002.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\GWX Control Panel User Guide.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\GWX Control Panel.lnk
C:\Users\Public\Desktop\GWX Control Panel.lnk
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWX.exe
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231\GWX.exe
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GWX.post.fix.Results.Asus.Corsair.JPG
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GWX.Results.Asus.Corsair.JPG
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXConfigManager.exe
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GwxControlPanelLog.txt
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GwxControlPanelSetup.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXDetector.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f\GWXGC.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXMig.inf
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUI.dll
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUX.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUXWorker.exe
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\Uninstall GWX Control Panel.lnk
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231.manifest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Telemetry

C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18503_none_e5dbf9380fee0247
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18551_none_e5a3e90810185b4e
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18653_none_e5a5eb8210168b23
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e5857bbe102edef6
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18742_none_e5afbd0a100f5302
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e659ab392914c3fe
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18503_none_66539d3060961036
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18653_none_661d8f7a60be9912
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18683_none_65fd1fb660d6ece5
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18742_none_6627610260b760f1
C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry
C:\Program Files\NVIDIA Corporation\NvTelemetry
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry
C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry
C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry
C:\Users\Owner\AppData\Roaming\Microsoft\Microsoft Security Client\Telemetry
C:\Windows\AppCompat\Appraiser\Telemetry
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft Security Client\Telemetry
C:\Windows\winsxs\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\092ebd43d03dd201c10b000078078407.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8132cd16073ed201c10b00009c07a807.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\88a47eaed43dd201c10b0000f407a002.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b5830cbd3dd201c10b0000a407b007.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18503_none_e5dbf9380fee0247.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18551_none_e5a3e90810185b4e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18653_none_e5a5eb8210168b23.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e5857bbe102edef6.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18742_none_e5afbd0a100f5302.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e659ab392914c3fe.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18503_none_66539d3060961036.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18551_none_661b8d0060c0693d.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18653_none_661d8f7a60be9912.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18683_none_65fd1fb660d6ece5.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18742_none_6627610260b760f1.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23412_none_66d14f3179bcd1ed.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d.manifest
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline.bin
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-inventory.data_31bf3856ad364e35_6.1.7601.23412_none_b7bb39c6464eeaab\Appraiser_TelemetryRunList.xml
C:\Windows\winsxs\Temp\PendingRenames\b48ea09bbe3dd201c10b0000d8048807.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\CompatTelemetry.inf
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-301-0.sqm
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-302-0.sqm
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-303-0.sqm
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-304-0.sqm
C:\Program Files (x86)\Microsoft Office\Office15\msotelemetry.dll
C:\Program Files (x86)\Microsoft Office\Office15\1033\msotelemetryintl.dll
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User\NvTelemetry.dll
C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NvTelemetry.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NVI2\NvTelemetry.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetry.dll
C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry\nvtelemetry.log
C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry\nvtelemetry.log.bak
C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}\NvTelemetry.nvi
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetry.nvi
C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}\NvTelemetry.NVX
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvTelemetryAPI.js
C:\ProgramData\NVIDIA Corporation\Downloader\latest\nodejs\NvTelemetryAPI.js
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI32.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetryAPI32.dll
C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI64.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetryAPI64.dll
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack
C:\Windows\System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\telemetry.ASM-WindowsDefault.json
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk
C:\Program Files (x86)\Microsoft Office\Office15\1033\TelemetryDashboard.xltx
C:\Program Files (x86)\Microsoft Office\Office15\1033\TelemetryLog.xltx
C:\Users\Owner\AppData\Local\GWX\TelemetryStore.xml
C:\Users\Owner\AppData\Local\GWX\TelemetryStore.xml.lock
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diag

C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06
C:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_365b53d91b3ce4ff
C:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc
C:\Windows\winsxs\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_36c870f2346f4f0e
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_36a0dee2348e195e
C:\Windows\winsxs\amd64_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_501611cee0eb67c8
C:\Windows\winsxs\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311
C:\Windows\winsxs\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351
C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45
C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874
C:\Windows\winsxs\amd64_microsoft-windows-diagcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_640f478eb91d197a
C:\Windows\winsxs\amd64_microsoft-windows-diagcpl_31bf3856ad364e35_6.1.7601.17514_none_38e0b39aee9579c3
C:\Windows\winsxs\amd64_microsoft-windows-diskdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_b8b9f3bcc473892a
C:\Windows\winsxs\amd64_microsoft-windows-dispdiag_31bf3856ad364e35_6.1.7600.16385_none_a0d95afc49c833b6
C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.16428_none_f246234dd65241b6
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17041_none_f27404efd62f4e60
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17126_none_f266c287d639b7c8
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17239_none_f25cae8dd64139f3
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17501_none_f239f42bd65b74b9
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17633_none_f231f78dd6610ff1
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18282_none_f262515dd63c0266
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18314_none_f25051dbd64aa038
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18349_none_f252e0d1d6486c62
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18426_none_f24654a9d65208c2
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18449_none_f24810e5d6508853
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18499_none_f24d1257d64c0706
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_94807fb08c727921
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_94ae61528c4f85cb
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_94a11eea8c59ef33
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_94970af08c61715e
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_9474508e8c7bac24
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_946c53f08c81475c
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_949cadc08c5c39d1
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_948aae3e8c6ad7a3
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_948d3d348c68a3cd
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_9480b10c8c72402d
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_94826d488c70bfbe
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_94876eba8c6c3e71
C:\Windows\winsxs\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc
C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0
C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224
C:\Windows\winsxs\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c
C:\Windows\winsxs\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.1.7600.16385_none_84db2473005c51cb
C:\Windows\winsxs\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.1.7601.17514_none_f1fca1ab90570e8a
C:\Windows\winsxs\amd64_microsoft-windows-m..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_15f0d2a592fd0ac2
C:\Windows\winsxs\amd64_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_ba9155a54beaf1c2
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006
C:\Windows\winsxs\amd64_microsoft-windows-p..ancediagnostics-adm_31bf3856ad364e35_6.1.7600.16385_none_bbee9da8b0773714
C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa
C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e
C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554
C:\Windows\winsxs\amd64_microsoft-windows-r..ance-diag.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0aa841d0afc8562e
C:\Windows\winsxs\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_b70694aa97134f37
C:\Windows\winsxs\amd64_microsoft-windows-remoteassistance-diag_31bf3856ad364e35_6.1.7600.16385_none_0f7601a1f6f55d23
C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98
C:\Windows\winsxs\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50
C:\Windows\winsxs\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f
C:\Windows\winsxs\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2
C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0
C:\Windows\winsxs\amd64_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_2d12dfd1b218fe11
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_fa0b58d89010ee0a
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_e33eb23ea9b767b8
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17514_none_f5ecee5ec06d0cf0
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17966_none_f5f1c1b0c068c029
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18523_none_f5ee0756c06c09cd
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18532_none_f5ef1e68c06b0983
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22126_none_df201cf2da13b521
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22733_none_df2160bcda12837b
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22743_none_df226106da119cd2
C:\ProgramData\Microsoft\Diagnosis
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
C:\PerfLogs\System\Diagnostics
C:\Users\Owner\AppData\Local\Diagnostics
C:\Windows\diagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
C:\Users\Owner\AppData\Local\ElevatedDiagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
C:\Windows\assembly\GAC_64\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop
C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics
C:\Windows\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Diagnostics.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.Resources
C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine
C:\Windows\assembly\GAC_64\Microsoft.Windows.Diagnosis.SDEngine
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.SDHost.Resources
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack
C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack.Resources
C:\Windows\winsxs\msil_microsoft.powershel..ommands.diagnostics_31bf3856ad364e35_6.1.7601.17514_none_35339da6e2cf3848
C:\Windows\winsxs\msil_microsoft.windows.d..diaginput.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a1ca5dc4d29b78b
C:\Windows\winsxs\msil_microsoft.windows.d..ds.updatediagreport_31bf3856ad364e35_6.1.7600.16385_none_b52cef29a48aa15f
C:\Windows\winsxs\msil_microsoft.windows.d..mmands.getdiaginput_31bf3856ad364e35_6.1.7600.16385_none_6d8cb854e89282b8
C:\Windows\winsxs\msil_microsoft.windows.d..s.writediagprogress_31bf3856ad364e35_6.1.7600.16385_none_e38c01a0031da2a2
C:\Windows\winsxs\msil_microsoft.windows.d..updatediagrootcause_31bf3856ad364e35_6.1.7600.16385_none_8aa80511ddf38090
C:\Windows\winsxs\msil_microsoft.windows.diagnosis.sdhost_31bf3856ad364e35_6.1.7600.16385_none_65a203c8a2dd2bc2
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17514_none_72eeb0016ca58ae6
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17966_none_72f383536ca13e1f
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18523_none_72efc8f96ca487c3
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18532_none_72f0e00b6ca38779
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22126_none_5c21de95864c3317
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22733_none_5c23225f864b0171
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22743_none_5c2422a9864a1ac8
C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDiagnostics
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics
C:\Windows\assembly\GAC_MSIL\SMDiagnostics
C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics
C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Contracts
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Debug
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tools
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing
C:\Windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_da3cb85562df73c9
C:\Windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_da1934b762fa8f86
C:\Windows\winsxs\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_daa9d56e7c11ddd8
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_da82435e7c30a828
C:\Windows\winsxs\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_25cb021dbc0611db
C:\Windows\winsxs\x86_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_362ce835fe42421b
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_3861e42cd41507eb
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_388fc5ced3f21495
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_38828366d3fc7dfd
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_38786f6cd4040028
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_3855b50ad41e3aee
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_384db86cd423d626
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_387e123cd3fec89b
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_386c12bad40d666d
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_386ea1b0d40b3297
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_38621588d414cef7
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_3863d1c4d4134e88
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_3868d336d40ecd3b
C:\Windows\winsxs\x86_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_5e72ba21938d808c
C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01
C:\Windows\winsxs\x86_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_d0f4444df9bb8cdb
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_41b88fafa48d1710
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_2aebe915be3390be
C:\Windows\winsxs\FileMaps\$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\FileMaps\$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\011658c8d43dd201681c0000f407a002.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\011658c8d43dd201691c0000f407a002.$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Program Files (x86)\TechSmith\Snagit 12\Stamps\Windows Interface\023 Disclosure Arrow Diagonal Right.pdf
C:\Program Files (x86)\TechSmith\Snagit 12\Stamps\Windows Interface\024 Disclosure Arrow Diagonal Down.pdf
C:\Windows\winsxs\Temp\PendingRenames\0293ef55d03dd2010419000078078407.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\08e61831073ed2016d1c00009c07a807.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\08e61831073ed2016e1c00009c07a807.$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\092ebd43d03dd201c20b000078078407.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\092ebd43d03dd201c30b000078078407.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\09e3f021073ed201591300009c07a807.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\09e3f021073ed2015a1300009c07a807.$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\0a321748d03dd201fe0e000078078407.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\0a321748d03dd201ff0e000078078407.$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\0bd31e2abd3dd201aa1e0000a407b007.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1ba74132bd3dd20139240000a407b007.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1ba74132bd3dd2013a240000a407b007.$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1fbb3a30bd3dd201e3220000a407b007.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1fbb3a30bd3dd201e4220000a407b007.programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21ba43d4d43dd20134240000f407a002.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21ba43d4d43dd20135240000f407a002.$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21ba43d4d43dd20136240000f407a002.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21be9927bd3dd201531d0000a407b007.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\21d7511d073ed201bb1000009c07a807.programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\25ce3cd2d43dd201e1220000f407a002.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\25ce3cd2d43dd201e2220000f407a002.programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\263ef0b4d43dd201bb100000f407a002.programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\26d49e69d03dd2013824000078078407.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\29e0e35ed03dd201531d000078078407.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2ae89767d03dd201e322000078078407.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2ae89767d03dd201e422000078078407.programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2c5dd743d03dd201c60b000078078407.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2c5dd743d03dd201c70b000078078407.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2c5dd743d03dd201c80b000078078407.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2c5dd743d03dd201c90b000078078407.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2ca02a3d073ed201342400009c07a807.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2ca02a3d073ed201352400009c07a807.$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\2eab3d3d073ed2013a2400009c07a807.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\32296317073ed201350c00009c07a807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\32dca766073ed201ad3c00009c07a807.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\358d7d48d03dd201670f000078078407.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\369d0ac9d43dd201e31c0000f407a002.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\371fbd9bbe3dd201c80b0000d8048807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\371fbd9bbe3dd201c90b0000d8048807.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3823adc3d43dd2017f1a0000f407a002.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\392b3c5dd03dd201fe1b000078078407.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\392b3c5dd03dd201ff1b000078078407.$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3d4b6426bd3dd2016a1c0000a407b007.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3d4b6426bd3dd2016b1c0000a407b007.$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3f7c3836073ed201961f00009c07a807.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\3fbf504fd03dd2012714000078078407.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\43df575ad03dd201f51a000078078407.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\43df575ad03dd201f61a000078078407.$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\45ea8fc9d43dd201511d0000f407a002.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\46f470d4d43dd2013f240000f407a002.$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\47662c4ad03dd201bb10000078078407.programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\4877559cbe3dd201390c0000d8048807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\4aaf3d32073ed2014f1d00009c07a807.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\4b97b731bd3dd201cc230000a407b007.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\4cc4313d073ed201382400009c07a807.$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\51da573d073ed2013f2400009c07a807.$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5334b221bd3dd201811a0000a407b007.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\534d6a17073ed201390c00009c07a807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5435e8c7d43dd201fc1b0000f407a002.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5435e8c7d43dd201fd1b0000f407a002.$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\54ac190dbd3dd201350c0000a407b007.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\54dee829073ed2016a1900009c07a807.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\57f3dc34073ed201a81e00009c07a807.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5ac35044d03dd201350c000078078407.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5ae43c32bd3dd20136240000a407b007.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5ae43c32bd3dd20137240000a407b007.$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5ae43c32bd3dd20138240000a407b007.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5b56fc58d03dd201811a000078078407.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\5cdfc662d03dd201981f000078078407.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\62f4f155d03dd2010519000078078407.$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6372e047d03dd201f80e000078078407.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6372e047d03dd201f90e000078078407.$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\671cad69d03dd2013b24000078078407.$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6791b55dd03dd2016f1c000078078407.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6791b55dd03dd201701c000078078407.$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6b34212abd3dd201ab1e0000a407b007.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6dbcf026bd3dd201de1c0000a407b007.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6eb34111bd3dd201660f0000a407b007.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6eb34111bd3dd201670f0000a407b007.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6fafc64ed03dd2015b13000078078407.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6fafc64ed03dd2015c13000078078407.$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e12200009c07a807.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e22200009c07a807.programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e32200009c07a807.programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e42200009c07a807.programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e52200009c07a807.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6ff11e3b073ed201e62200009c07a807.programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\72d21627bd3dd201e51c0000a407b007.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\75d0200dbd3dd201390c0000a407b007.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\76de3a5ed03dd201de1c000078078407.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7894a031073ed201dc1c00009c07a807.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7a1e9d30073ed201fc1b00009c07a807.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7a1e9d30073ed201fd1b00009c07a807.$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7af4605ed03dd201e51c000078078407.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7be75744d03dd201390c000078078407.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7c25562c073ed2017f1a00009c07a807.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7caac631073ed201e31c00009c07a807.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f148927bd3dd201511d0000a407b007.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e5220000a407b007.programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e6220000a407b007.programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e7220000a407b007.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e8220000a407b007.programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7f1c3d30bd3dd201e9220000a407b007.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\801e6a32bd3dd20141240000a407b007.$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\808cf012bd3dd201bb100000a407b007.programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8132cd16073ed201c20b00009c07a807.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8132cd16073ed201c30b00009c07a807.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\829b61c8d43dd2016d1c0000f407a002.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\829b61c8d43dd2016e1c0000f407a002.$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e3220000f407a002.programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e4220000f407a002.programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e5220000f407a002.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e6220000f407a002.programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\852f3fd2d43dd201e7220000f407a002.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\87600f31073ed201681c00009c07a807.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\87600f31073ed201691c00009c07a807.$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8836d35ed03dd201511d000078078407.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\88a47eaed43dd201c20b0000f407a002.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\88a47eaed43dd201c30b0000f407a002.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e522000078078407.programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e622000078078407.programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e722000078078407.programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e822000078078407.programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8a499a67d03dd201e922000078078407.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8c012d3d073ed201362400009c07a807.$$_diagnostics_system_windowsmediaplayermedialibrary_64611465e9119df8.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\906017ccd43dd201a81e0000f407a002.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\916149c1d43dd2016a190000f407a002.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\92e8e6c8d43dd201dc1c0000f407a002.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\957a7261d03dd201aa1e000078078407.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9ab57f22073ed201251400009c07a807.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9b42a430073ed201fe1b00009c07a807.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9b42a430073ed201ff1b00009c07a807.$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9c110bbad43dd20125140000f407a002.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9e22a5c0d43dd20102190000f407a002.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9e22a5c0d43dd20103190000f407a002.$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a1dc3f29073ed201021900009c07a807.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a1dc3f29073ed201031900009c07a807.$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3407fc9d43dd2014f1d0000f407a002.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b5830cbd3dd201c20b0000a407b007.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b5830cbd3dd201c30b0000a407b007.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b9dd10bd3dd201fe0e0000a407b007.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b9dd10bd3dd201ff0e0000a407b007.$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a461e716073ed201c60b00009c07a807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a461e716073ed201c70b00009c07a807.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a461e716073ed201c80b00009c07a807.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a461e716073ed201c90b00009c07a807.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\abd398aed43dd201c60b0000f407a002.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\abd398aed43dd201c70b0000f407a002.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\abd398aed43dd201c80b0000f407a002.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\abd398aed43dd201c90b0000f407a002.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ad724e1fbd3dd2016c190000a407b007.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AdoNetDiag.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AdoNetDiag.dll
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77\AdoNetDiag.dll
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_fa0b58d89010ee0a\AdoNetDiag.dll
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_e33eb23ea9b767b8\AdoNetDiag.dll
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d\AdoNetDiag.dll
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_41b88fafa48d1710\AdoNetDiag.dll
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_2aebe915be3390be\AdoNetDiag.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\adonetdiag.mof
C:\Windows\Microsoft.NET\Framework\v4.0.30319\adonetdiag.mof
C:\Windows\winsxs\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77\adonetdiag.mof
C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d\adonetdiag.mof
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\adonetdiag.mof.uninstall
C:\Windows\Microsoft.NET\Framework\v4.0.30319\adonetdiag.mof.uninstall
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\AeroDiagnostic.xml
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_365b53d91b3ce4ff.manifest
C:\Windows\winsxs\Backup\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc.manifest
C:\Windows\winsxs\Backup\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_3637d03b1b5800bc_memtest.efi_01d7fdbb
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_36c870f2346f4f0e.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_36a0dee2348e195e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_36a0dee2348e195e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_501611cee0eb67c8.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_81e99da174638311.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_924b83b9b69fb351.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-diagcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_640f478eb91d197a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-diagcpl_31bf3856ad364e35_6.1.7601.17514_none_38e0b39aee9579c3.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-disk-failure-diagnosis_31bf3856ad364e35_6.1.7600.16385_none_47858f39be748ba7.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-diskdiagnosis-events_31bf3856ad364e35_6.1.7600.16385_none_f3940ccd09208b7d.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-diskdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_b8b9f3bcc473892a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-dispdiag_31bf3856ad364e35_6.1.7600.16385_none_a0d95afc49c833b6.manifest
C:\Windows\winsxs\Backup\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_7e4dec9f1cbf5d0f_werdiagcontroller.dll_208f2db3
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.16428_none_f246234dd65241b6.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17041_none_f27404efd62f4e60.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17126_none_f266c287d639b7c8.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17239_none_f25cae8dd64139f3.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17501_none_f239f42bd65b74b9.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17633_none_f231f78dd6610ff1.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18282_none_f262515dd63c0266.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18314_none_f25051dbd64aa038.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18349_none_f252e0d1d6486c62.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18426_none_f24654a9d65208c2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18449_none_f24810e5d6508853.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18499_none_f24d1257d64c0706.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18499_none_f24d1257d64c0706.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_94807fb08c727921.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_94ae61528c4f85cb.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_94a11eea8c59ef33.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_94970af08c61715e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_9474508e8c7bac24.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_946c53f08c81475c.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_949cadc08c5c39d1.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_948aae3e8c6ad7a3.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_948d3d348c68a3cd.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_9480b10c8c72402d.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_94826d488c70bfbe.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_94876eba8c6c3e71.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_94876eba8c6c3e71.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-m..-diagnostic-results_31bf3856ad364e35_6.1.7600.16385_none_84db2473005c51cb.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.1.7601.17514_none_f1fca1ab90570e8a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-m..e-diagnostic-module_31bf3856ad364e35_6.1.7600.16385_none_15f0d2a592fd0ac2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_ba9155a54beaf1c2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-p..ancediagnostics-adm_31bf3856ad364e35_6.1.7600.16385_none_bbee9da8b0773714.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..ance-diag.resources_31bf3856ad364e35_6.1.7600.16385_en-us_0aa841d0afc8562e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..diagnostic-settings_31bf3856ad364e35_6.1.7600.16385_none_be61cec8a576ed5f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_b70694aa97134f37.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..k-diagnostic-events_31bf3856ad364e35_6.1.7600.16385_none_b24e85b5510ae61f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-r..rce-leak-diagnostic_31bf3856ad364e35_6.1.7600.16385_none_e49e4b3cc6f25195.manifest
C:\Windows\winsxs\Backup\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ba0c82eccf526351_rasdiag.dll.mui_15cb4ec4
C:\Windows\winsxs\Backup\amd64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_6c066d50910ecf5a_rasdiag.dll_341d4299
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-remoteassistance-diag_31bf3856ad364e35_6.1.7600.16385_none_0f7601a1f6f55d23.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..diagnosticspackages_31bf3856ad364e35_6.1.7601.17514_none_0485b783573cc1d2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..diagnosticsprovider_31bf3856ad364e35_6.1.7600.16385_none_fb4d7799a5f0c114.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..eddiagnosticsengine_31bf3856ad364e35_6.1.7601.17514_none_4bff7c9e90a2eca7.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-scripteddiagnostics_31bf3856ad364e35_6.1.7601.17514_none_6cd6b2604244f82d.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_2d12dfd1b218fe11.manifest
C:\Windows\winsxs\Manifests\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_fa35325c8fbaaa77.manifest
C:\Windows\winsxs\Manifests\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_fa0b58d89010ee0a.manifest
C:\Windows\winsxs\Manifests\amd64_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_e33eb23ea9b767b8.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17514_none_f5ecee5ec06d0cf0.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17966_none_f5f1c1b0c068c029.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18523_none_f5ee0756c06c09cd.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18532_none_f5ef1e68c06b0983.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22126_none_df201cf2da13b521.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22733_none_df2160bcda12837b.manifest
C:\Windows\winsxs\Manifests\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22743_none_df226106da119cd2.manifest
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\AudioDiagnosticSnapIn.dll
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\AudioPlaybackDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\AudioRecordingDiagnostic.xml
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl
C:\Windows\winsxs\Temp\PendingRenames\b10bbcd3d43dd201ca230000f407a002.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b4033fb3d43dd201660f0000f407a002.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b4033fb3d43dd201670f0000f407a002.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b48ea09bbe3dd201c20b0000d8048807.programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b48ea09bbe3dd201c30b0000d8048807.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b6251769d03dd201cc23000078078407.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b7221018bd3dd20127140000a407b007.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b754df34073ed201a91e00009c07a807.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\b754df34073ed201aa1e00009c07a807.$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ba33aa1ebd3dd20104190000a407b007.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ba33aa1ebd3dd20105190000a407b007.$$_diagnostics_scheduled_maintenance_en-us_1c00802b579d904e.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ba568192d03dd201b03c000078078407.$$_diagnostics_index_6f9ad1a80c4f7ad6.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bab0455dd03dd201001c000078078407.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bab0455dd03dd201011c000078078407.$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bc5dfc1a073ed201f80e00009c07a807.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bc5dfc1a073ed201f90e00009c07a807.$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bcf1a23c073ed201ca2300009c07a807.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bed06d26bd3dd2016f1c0000a407b007.$$_diagnostics_system_printer_22190c3ab8798fd9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bed06d26bd3dd201701c0000a407b007.$$_diagnostics_system_printer_en-us_211a053df7b8c611.cdf-ms
C:\Windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
C:\Windows\winsxs\Temp\PendingRenames\c04a06c5d43dd201f31a0000f407a002.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c04a06c5d43dd201f41a0000f407a002.$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c36354d4d43dd20139240000f407a002.$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c36354d4d43dd2013a240000f407a002.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c37e351b073ed201fe0e00009c07a807.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c37e351b073ed201ff0e00009c07a807.$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c40fb42d073ed201f31a00009c07a807.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c40fb42d073ed201f41a00009c07a807.$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c5729c69d03dd2013624000078078407.$$_diagnostics_system_windowsmediaplayerconfiguration_537e287f67955d9f.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c5729c69d03dd2013724000078078407.$$_diagnostics_system_windowsmediaplayerconfiguration_en-us_b557b88758a93acd.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e49d0cbd3dd201c60b0000a407b007.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e49d0cbd3dd201c70b0000a407b007.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e49d0cbd3dd201c80b0000a407b007.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e49d0cbd3dd201c90b0000a407b007.$$_diagnostics_system_aero_en-us_1a668ac520a43d24.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c7f14b9cbe3dd201350c0000d8048807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c87daf69d03dd2013c24000078078407.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\cc0181b9d43dd20159130000f407a002.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\cc0181b9d43dd2015a130000f407a002.$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\cc95232abd3dd201ac1e0000a407b007.$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ce493b3d073ed201392400009c07a807.$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_AvailableDiagnosticService.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticCompletionRecord.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticRecord.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResult.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultForMSE.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultForTest.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticResultInPackage.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticService.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticServiceCapabilities.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticServiceRecord.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSetting.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSettingForTest.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticSettingRecord.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticsLog.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTest.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTestForMSE.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\cim_schema\System\CIM_DiagnosticTestInPackage.mof
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\html\CIM_Schema_inheritance_classes_Diagram.jpg
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\CL_RunDiagnosticScript.ps1
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\CL_RunDiagnosticScript.ps1
D:\0BTMM_Mauro.Steve\0Benchmark\Confirmed Reset Diagram.PNG
D:\0BTMM_Mauro.Steve\0Daily.Routine\Confirmed Reset Diagram.PNG
C:\Windows\winsxs\Temp\PendingRenames\d052213b073ed201e72200009c07a807.programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d052213b073ed201e82200009c07a807.programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d052213b073ed201e92200009c07a807.programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d0a7ef25bd3dd201fe1b0000a407b007.$$_diagnostics_system_performance_d48bf95b5c828123.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d0a7ef25bd3dd201ff1b0000a407b007.$$_diagnostics_system_performance_en-us_0e192682c5b12037.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d237732bbd3dd201981f0000a407b007.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d52b7b48d03dd201660f000078078407.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d6baf1c7d43dd201fe1b0000f407a002.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d6baf1c7d43dd201ff1b0000f407a002.$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d7bdba9bbe3dd201c60b0000d8048807.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d7bdba9bbe3dd201c70b0000d8048807.$$_diagnostics_system_audio_en-us_9fb258d76056760d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d93912afd43dd201350c0000f407a002.$$_diagnostics_system_audio_9d2751b7c84ca0f1.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\db5b0b23bd3dd201f51a0000a407b007.$$_diagnostics_system_networking_29c6b61ce45e9171.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\db5b0b23bd3dd201f61a0000a407b007.$$_diagnostics_system_networking_en-us_9db86426234993c3.cdf-ms
C:\Windows\System32\ddodiag.exe
C:\Windows\SysWOW64\ddodiag.exe
C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\DeviceCenterDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\DeviceDiagnostic.xml
C:\Windows\System32\DiagCpl.dll
C:\Windows\winsxs\amd64_microsoft-windows-diagcpl.resources_31bf3856ad364e35_6.1.7600.16385_en-us_640f478eb91d197a\DiagCpl.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-troubleshooting-events_31bf3856ad364e35_6.1.7600.16385_none_fe9f911694295023\DiagCpl.Events.ptxml
C:\Windows\winsxs\x86_microsoft-windows-troubleshooting-events_31bf3856ad364e35_6.1.7600.16385_none_a280f592dbcbdeed\DiagCpl.Events.ptxml
C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\diagER.dll
C:\Windows\Panther\diagerr.xml
C:\Windows\Panther\UnattendGC\diagerr.xml
C:\Windows\System32\sysprep\Panther\IE\diagerr.xml
C:\Windows\winsxs\amd64_microsoft-windows-setup-component_31bf3856ad364e35_6.1.7601.17514_none_905283bdc3e1d2d8\diagnostic.dll
C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\Diagnostics.Format.ps1xml
C:\Windows\winsxs\wow64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_65ab62a5f1bba14b\Diagnostics.Format.ps1xml
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18499_none_290c390015737af6\DiagnosticsHub.DataWarehouse.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18449_none_2907378e1577fc43\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.16428_none_290549f61579b5a6\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17041_none_29332b981556c250\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17126_none_2925e93015612bb8\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17239_none_291bd5361568ade3\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17501_none_28f91ad41582e8a9\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.17633_none_28f11e36158883e1\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18282_none_2921780615637656\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18314_none_290f788415721428\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18349_none_2912077a156fe052\DiagnosticsHub.DataWarehouse.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-datawarehouse_31bf3856ad364e35_11.2.9600.18426_none_29057b5215797cb2\DiagnosticsHub.DataWarehouse.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18499_none_3e39dfc180657d6d\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18449_none_3e34de4f8069feba\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17041_none_3e60d2598048c4c7\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17126_none_3e538ff180532e2f\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17239_none_3e497bf7805ab05a\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17501_none_3e26c1958074eb20\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.17633_none_3e1ec4f7807a8658\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18282_none_3e4f1ec7805578cd\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18314_none_3e3d1f458064169f\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18349_none_3e3fae3b8061e2c9\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..riptedsandboxplugin_31bf3856ad364e35_11.2.9600.18426_none_3e332213806b7f29\DiagnosticsHub.ScriptedSandboxPlugin.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18499_none_f24d1257d64c0706\DiagnosticsHub_is.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18449_none_f24810e5d6508853\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.16428_none_f246234dd65241b6\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17041_none_f27404efd62f4e60\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17126_none_f266c287d639b7c8\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17239_none_f25cae8dd64139f3\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17501_none_f239f42bd65b74b9\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.17633_none_f231f78dd6610ff1\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18282_none_f262515dd63c0266\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18314_none_f25051dbd64aa038\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18349_none_f252e0d1d6486c62\DiagnosticsHub_is.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-diagnosticshubis_31bf3856ad364e35_11.2.9600.18426_none_f24654a9d65208c2\DiagnosticsHub_is.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_94876eba8c6c3e71\DiagnosticsTap.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_3868d336d40ecd3b\DiagnosticsTap.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_94826d488c70bfbe\DiagnosticsTap.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_3863d1c4d4134e88\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_94807fb08c727921\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_94ae61528c4f85cb\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_94a11eea8c59ef33\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_94970af08c61715e\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_9474508e8c7bac24\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_946c53f08c81475c\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_949cadc08c5c39d1\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_948aae3e8c6ad7a3\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_948d3d348c68a3cd\DiagnosticsTap.dll
C:\Windows\winsxs\amd64_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_9480b10c8c72402d\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_3861e42cd41507eb\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_388fc5ced3f21495\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_38828366d3fc7dfd\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_38786f6cd4040028\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_3855b50ad41e3aee\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_384db86cd423d626\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_387e123cd3fec89b\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_386c12bad40d666d\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_386ea1b0d40b3297\DiagnosticsTap.dll
C:\Windows\winsxs\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_38621588d414cef7\DiagnosticsTap.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18499_en-us_6d583c6ff9da2358\DiagnosticsTap.dll.mui
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18499_en-us_1139a0ec417cb222\DiagnosticsTap.dll.mui
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18449_en-us_6d533afdf9dea4a5\DiagnosticsTap.dll.mui
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18449_en-us_11349f7a4181336f\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.16428_en-us_6d514d65f9e05e08\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17041_en-us_6d7f2f07f9bd6ab2\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17126_en-us_6d71ec9ff9c7d41a\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17239_en-us_6d67d8a5f9cf5645\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17501_en-us_6d451e43f9e9910b\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17633_en-us_6d3d21a5f9ef2c43\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18282_en-us_6d6d7b75f9ca1eb8\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18314_en-us_6d5b7bf3f9d8bc8a\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18349_en-us_6d5e0ae9f9d688b4\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18426_en-us_6d517ec1f9e02514\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.16428_en-us_1132b1e24182ecd2\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17041_en-us_11609384415ff97c\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17126_en-us_1153511c416a62e4\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17239_en-us_11493d224171e50f\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17501_en-us_112682c0418c1fd5\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.17633_en-us_111e86224191bb0d\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18282_en-us_114edff2416cad82\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18314_en-us_113ce070417b4b54\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18349_en-us_113f6f664179177e\DiagnosticsTap.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-i..osticstap.resources_31bf3856ad364e35_11.2.9600.18426_en-us_1132e33e4182b3de\DiagnosticsTap.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0\DiagPackage.diagpkg
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-devicecenterdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_68ab4bc1ef499c45\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-devicediagnostic_31bf3856ad364e35_6.1.7600.16385_none_451a033a54709874\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-w..erplaydvddiagnostic_31bf3856ad364e35_6.1.7600.16385_none_f7d9878fca745b50\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-w..ialibrarydiagnostic_31bf3856ad364e35_6.1.7600.16385_none_84e2cbaa81e2c10f\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-w..igurationdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_425e0b40ea226db2\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0\DiagPackage.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_4570dd9fe024ca48\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-a..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_74a07663e30b3b7f\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_2320293c6dab889f\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_d39af25d080ac5ca\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-h..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_431397faaea66ab1\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_50a23c79de28d447\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_c854a35629be53ad\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-m..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e42d49001c40300e\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-n..s-package.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fa4f858db62e951b\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_19328f568d3b4e53\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_3ef7df0351777007\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_63ace8212d64b345\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_8a0227acea6dfc9e\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-s..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e086c887cd65eb8f\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_6de46ea42ffb7c9c\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_91fe3cf51f1d527b\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_e0272d216c49ec0b\DiagPackage.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-w..iagnostic.resources_31bf3856ad364e35_6.1.7601.17514_en-us_fee1d678cfc147fb\DiagPackage.dll.mui
C:\Windows\System32\diagperf.dll
C:\Windows\winsxs\amd64_microsoft-windows-c..xperfcore.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a26b0ec1d7415253\diagperf.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrackrunner.exe
C:\Windows\Panther\diagwrn.xml
C:\Windows\Panther\UnattendGC\diagwrn.xml
C:\Windows\System32\sysprep\Panther\IE\diagwrn.xml
C:\Windows\winsxs\amd64_microsoft-windows-d..ostic-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_01c3f8226387e1a7\DiskDiagnostic.adml
C:\Windows\winsxs\amd64_microsoft-windows-diskdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_b8b9f3bcc473892a\DiskDiagnostic.admx
C:\Windows\System32\dispdiag.exe
C:\Windows\System32\dxdiag.exe
C:\Windows\SysWOW64\dxdiag.exe
C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ddf81a85f99d6d20\dxdiag.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81d97f02413ffbea\dxdiag.exe.mui
C:\Windows\System32\dxdiagn.dll
C:\Windows\SysWOW64\dxdiagn.dll
C:\Windows\winsxs\amd64_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ddf81a85f99d6d20\dxdiagn.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-d..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81d97f02413ffbea\dxdiagn.dll.mui
C:\Windows\winsxs\Temp\PendingRenames\e07d3f30bd3dd201ea220000a407b007.programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e07d3f30bd3dd201eb220000a407b007.programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e17c48d4d43dd20137240000f407a002.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e17c48d4d43dd20138240000f407a002.$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e2e8a1b2d43dd201f80e0000f407a002.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e2e8a1b2d43dd201f90e0000f407a002.$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e59041d2d43dd201e8220000f407a002.programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e59041d2d43dd201e9220000f407a002.programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e60bac5dd03dd2016a1c000078078407.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e60bac5dd03dd2016b1c000078078407.$$_diagnostics_system_power_en-us_721989d674f7bd04.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e696a369d03dd2013924000078078407.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e696a369d03dd2013a24000078078407.$$_diagnostics_system_windowsmediaplayerplaydvd_en-us_17d71967caf66a17.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e7128617bd3dd2015b130000a407b007.$$_diagnostics_system_homegroup_1909584eb21c73e3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e7128617bd3dd2015c130000a407b007.$$_diagnostics_system_homegroup_en-us_a38a598dd5f2b78b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e809dbb2d43dd201fe0e0000f407a002.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\e809dbb2d43dd201ff0e0000f407a002.$$_diagnostics_system_device_en-us_3d982204ee3c99ad.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\eaaa9c67d03dd201ea22000078078407.programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\eaaa9c67d03dd201eb22000078078407.programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ebacc969d03dd2014124000078078407.$$_diagnostics_system_windowsupdate_en-us_6dbfbf04647c43f3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ec584e32073ed201511d00009c07a807.$$_diagnostics_system_power_9d457dc1c7c54838.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\ec622f3d073ed201372400009c07a807.$$_diagnostics_system_windowsmediaplayerplaydvd_3aa04961f831b79d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\efd99b1b073ed201660f00009c07a807.$$_diagnostics_system_device_9d2d754600160183.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\efd99b1b073ed201670f00009c07a807.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
C:\Windows\winsxs\Temp\PendingRenames\f0c119ccd43dd201a91e0000f407a002.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f0c119ccd43dd201aa1e0000f407a002.$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f1cbf625bd3dd201001c0000a407b007.$$_diagnostics_system_pcw_2115168e47eaddb7.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f1cbf625bd3dd201011c0000a407b007.$$_diagnostics_system_pcw_en-us_30a9ef1c7976423b.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f4d19356d03dd2016c19000078078407.$$_diagnostics_scheduled_maintenance_6bb1b174b39bb442.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f5db7461d03dd201ab1e000078078407.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f5db7461d03dd201ac1e000078078407.$$_diagnostics_system_search_en-us_0b243b1f8544b909.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f76369cdd43dd201961f0000f407a002.$$_diagnostics_system_search_9d4b5385ff8f1ef3.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\f95d19afd43dd201390c0000f407a002.$$_diagnostics_system_aero_8b2c42561936b3f0.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fc8d4d32bd3dd2013b240000a407b007.$$_diagnostics_system_windowsmediaplayermedialibrary_en-us_90086ff8e09d3732.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fc8d4d32bd3dd2013c240000a407b007.$$_diagnostics_system_windowsupdate_0862ad88ff233b9d.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fdf9a610bd3dd201f80e0000a407b007.$$_diagnostics_system_devicecenter_0e1655bf357f4c22.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fdf9a610bd3dd201f90e0000a407b007.$$_diagnostics_system_devicecenter_en-us_63ad620434e90fd4.cdf-ms
C:\Windows\winsxs\amd64_microsoft-windows-iebrowsewebdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_829f3aa88408cea0\IEBrowseWebDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-ie-iediag_31bf3856ad364e35_11.2.9600.16428_none_f937400aa65f97cc\iediagcmd.exe
C:\Windows\winsxs\amd64_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_f28b13d21e65b224\IESecurityDiagnostic.xml
C:\Windows\System32\igdDiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-i..lperclass.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4f3598caae7a1724\igdDiag.dll.mui
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\MEWMIProv\ME\html\Intel_ME_defined_Classes_Diagram.jpg
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18499_none_26878ec7d2b96dac\jscript9diag.dll
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18499_none_30dc391a071a2fa7\jscript9diag.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18449_none_26828d55d2bdeef9\jscript9diag.dll
C:\Windows\SoftwareDistribution\Download\4a069bcdf4c5c2e879613a0c1a5667a9\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18449_none_30d737a8071eb0f4\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16428_none_26809fbdd2bfa85c\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16476_none_2685cebfd2baf3cd\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16518_none_2674cf87d2c8aaf6\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16521_none_26766f49d2c710e6\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17041_none_26ae815fd29cb506\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17126_none_26a13ef7d2a71e6e\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17239_none_26972afdd2aea099\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17501_none_2674709bd2c8db5f\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17633_none_266c73fdd2ce7697\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17640_none_266db89fd2cd430b\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18282_none_269ccdcdd2a9690c\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18314_none_268ace4bd2b806de\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18349_none_268d5d41d2b5d308\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18426_none_2680d119d2bf6f68\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16428_none_30d54a1007206a57\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16476_none_30da7912071bb5c8\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16518_none_30c979da07296cf1\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.16521_none_30cb199c0727d2e1\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17041_none_31032bb206fd7701\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17126_none_30f5e94a0707e069\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17239_none_30ebd550070f6294\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17501_none_30c91aee07299d5a\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17633_none_30c11e50072f3892\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.17640_none_30c262f2072e0506\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18282_none_30f17820070a2b07\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18314_none_30df789e0718c8d9\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18349_none_30e2079407169503\jscript9diag.dll
C:\Windows\winsxs\wow64_microsoft-windows-scripting-jscript9_31bf3856ad364e35_11.2.9600.18426_none_30d57b6c07203163\jscript9diag.dll
C:\Windows\winsxs\amd64_microsoft-windows-l..ostic-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_22d5fa3332fe3241\LeakDiagnostic.adml
C:\Windows\winsxs\amd64_microsoft-windows-leakdiagnostic-adm_31bf3856ad364e35_6.1.7600.16385_none_8bb4664fd3820c5c\LeakDiagnostic.admx
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\MaintenanceDiagnostic.xml
C:\Windows\System32\memdiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-m..ic-module.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6e8e7629e72640d3\memdiag.dll.mui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk
C:\Windows\winsxs\amd64_microsoft-windows-aerodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_4734ae48c8e465f5\MF_AERODiagnostic.ps1
C:\Windows\winsxs\amd64_microsoft-windows-audiodiagnostic_31bf3856ad364e35_6.1.7600.16385_none_1c7c64ad096a7b06\MF_AudioDiagnostic.ps1
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\MF_PrinterDiagnostic.ps1
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PCW%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scripted%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-ScriptedDiagnosticsProvider%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx
C:\Windows\servicing\Packages\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.cat
C:\Windows\servicing\Packages\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~en-US~6.1.7601.17514.mum
C:\Windows\servicing\Packages\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
C:\Windows\servicing\Packages\Microsoft-Windows-Disk-Diagnosis-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx
C:\Windows\winsxs\amd64_microsoft-windows-h...netlistmgr.interop_31bf3856ad364e35_6.1.7601.17514_none_3f569315a5a75cde\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft-Windows-H#\858a3b1ab7962ef166b260bdce4e7c34\Microsoft-Windows-HomeGroupDiagnostic.NetListMgr.Interop.ni.dll
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx
C:\Windows\servicing\Packages\Microsoft-Windows-NetworkDiagnostics-DirectAccessEntry-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
C:\Windows\System32\catroot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-NetworkDiagnostics-DirectAccessEntry-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat
C:\Windows\servicing\Packages\Microsoft-Windows-NetworkDiagnostics-DirectAccessEntry-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.mum
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WER-Diag%4Operational.evtx
C:\Windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.dll
C:\Windows\Microsoft.NET\DirectX for Managed Code\1.0.2902.0\Microsoft.DirectX.Diagnostics.xml
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Office.BusinessApplications.Diagnostics\v4.0_15.0.0.0__71e9bce111e9429c\microsoft.office.businessapplications.diagnostics.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Of2ff78c4#\f61174305afc86bc5589c5226eb8f830\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Of2ff78c4#\f61174305afc86bc5589c5226eb8f830\Microsoft.Office.BusinessApplications.Diagnostics.ni.dll.aux
C:\Windows\winsxs\msil_microsoft.powershel..ommands.diagnostics_31bf3856ad364e35_6.1.7601.17514_none_35339da6e2cf3848\Microsoft.PowerShell.Commands.Diagnostics.dll
C:\Windows\winsxs\amd64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_1da743febb1ea38d\Microsoft.PowerShell.Commands.Diagnostics.dll-Help.xml
C:\Windows\winsxs\wow64_microsoft-windows-p..ll-preloc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_27fbee50ef7f6588\Microsoft.PowerShell.Commands.Diagnostics.dll-Help.xml
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.PowerShel#\7465bd76552dc4a933c1cebb71af0f92\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.PowerShel#\07ca9c8c8a3158301917a170e64a3cde\Microsoft.PowerShell.Commands.Diagnostics.ni.dll
C:\Windows\winsxs\msil_microsoft.powershel..agnostics.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b02bed25d4c4a149\Microsoft.PowerShell.Commands.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ar\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\bg\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\cs\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\da\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\de\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\el\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\es\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\et\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\fi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\fr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\he\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\hi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\hr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\hu\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\id\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\it\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ja\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\kk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ko\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\lt\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\lv\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ms\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\nl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\no\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\pl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\pt\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\pt-PT\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ro\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\ru\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\sk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\sl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\sr-Latn-CS\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\sv\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\th\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\tr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\uk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\vi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\zh-CHS\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\Power View Excel Add-in\zh-CHT\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ar\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\bg\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\cs\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\da\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\de\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\el\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\es\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\et\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\fi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\fr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\he\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\hi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\hr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\hu\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\id\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\it\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ja\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\kk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ko\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\lt\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\lv\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ms\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\nl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\no\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\pl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\pt\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\pt-PT\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ro\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\ru\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\sk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\sl\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\sr-Latn-CS\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\sv\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\th\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\tr\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\uk\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\vi\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\zh-CHS\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\PowerPivot Excel Add-in\zh-CHT\Microsoft.ReportingServices.Diagnostics.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..mmands.getdiaginput_31bf3856ad364e35_6.1.7600.16385_none_6d8cb854e89282b8\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\623e191312fdde2102a1d12cc88931bf\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\095ce4afdf272159b47fb422a6c4ebb2\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..diaginput.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a1ca5dc4d29b78b\Microsoft.Windows.Diagnosis.Commands.GetDiagInput.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..ds.updatediagreport_31bf3856ad364e35_6.1.7600.16385_none_b52cef29a48aa15f\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\9ed76ae80008f2d3bf00c76886b3b78d\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\222d35dd90e861ae316a8dff3bedf9fe\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..iagreport.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e2fd0d125757040a\Microsoft.Windows.Diagnosis.Commands.UpdateDiagReport.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..updatediagrootcause_31bf3856ad364e35_6.1.7600.16385_none_8aa80511ddf38090\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\5d6949bf8e0e2eab249daf7eb385d5c2\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\48d972554b675018ac2fa7893b0eaab5\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..rootcause.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5b7a5a7744697513\Microsoft.Windows.Diagnosis.Commands.UpdateDiagRootcause.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..s.writediagprogress_31bf3856ad364e35_6.1.7600.16385_none_e38c01a0031da2a2\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\b712f39fdedf5cb6d879de4d9ee4d90d\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\58d5eb2a95879dd9d48d9311da375440\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..gprogress.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a3c603c86d812f2f\Microsoft.Windows.Diagnosis.Commands.WriteDiagProgress.resources.dll
C:\Windows\winsxs\amd64_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_2d12dfd1b218fe11\Microsoft.Windows.Diagnosis.SDEngine.dll
C:\Windows\winsxs\x86_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_d0f4444df9bb8cdb\Microsoft.Windows.Diagnosis.SDEngine.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\973f5ae958d8f60ef7224bab84e1d7ef\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\107517c9121e25668fe084d5e06e9cc9\Microsoft.Windows.Diagnosis.SDEngine.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.diagnosis.sdhost_31bf3856ad364e35_6.1.7600.16385_none_65a203c8a2dd2bc2\Microsoft.Windows.Diagnosis.SDHost.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\fa3e87e77c934a5c1e841890e1c80dc1\Microsoft.Windows.Diagnosis.SDHost.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\8fda7b02c28aeb302286ba7527ee37bb\Microsoft.Windows.Diagnosis.SDHost.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..is.sdhost.resources_31bf3856ad364e35_6.1.7601.17514_en-us_56bb5a7dc5566557\Microsoft.Windows.Diagnosis.SDHost.resources.dll
C:\Windows\winsxs\msil_microsoft.windows.d..troubleshootingpack_31bf3856ad364e35_6.1.7600.16385_none_d39c6eb26d6b6b96\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll
C:\Windows\winsxs\amd64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b69450ce148582ce\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll-Help.xml
C:\Windows\winsxs\wow64_microsoft.windows.d..ackmodule.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c0e8fb2048e644c9\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll-Help.xml
C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Windows.D#\3317a575aa9113562818b7ab18e3503f\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Microsoft.Windows.D#\5d9f5c2c5953a64a93b493c5c0c12e15\Microsoft.Windows.Diagnosis.TroubleshootingPack.ni.dll
C:\Windows\winsxs\msil_microsoft.windows.d..otingpack.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2d02ebf5719b16e1\Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll
C:\Windows\System32\msdadiag.dll
C:\Windows\SysWOW64\msdadiag.dll
C:\Windows\winsxs\Manifests\msil_microsoft.powershel..ommands.diagnostics_31bf3856ad364e35_6.1.7601.17514_none_35339da6e2cf3848.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..diaginput.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2a1ca5dc4d29b78b.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..ds.updatediagreport_31bf3856ad364e35_6.1.7600.16385_none_b52cef29a48aa15f.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..mmands.getdiaginput_31bf3856ad364e35_6.1.7600.16385_none_6d8cb854e89282b8.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..s.writediagprogress_31bf3856ad364e35_6.1.7600.16385_none_e38c01a0031da2a2.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.d..updatediagrootcause_31bf3856ad364e35_6.1.7600.16385_none_8aa80511ddf38090.manifest
C:\Windows\winsxs\Manifests\msil_microsoft.windows.diagnosis.sdhost_31bf3856ad364e35_6.1.7600.16385_none_65a203c8a2dd2bc2.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7600.16385_en-us_498f001b3ec8255f.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.17966_en-us_4968e0f13f1b1f4e.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.18523_en-us_496526973f1e68f2.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.18532_en-us_49663da93f1d68a8.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.22126_en-us_32973c3358c61446.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.22733_en-us_32987ffd58c4e2a0.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics.resources_b77a5c561934e089_6.1.7601.22743_en-us_3299804758c3fbf7.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17514_none_72eeb0016ca58ae6.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17966_none_72f383536ca13e1f.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18523_none_72efc8f96ca487c3.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18532_none_72f0e00b6ca38779.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22126_none_5c21de95864c3317.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22733_none_5c23225f864b0171.manifest
C:\Windows\winsxs\Manifests\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22743_none_5c2422a9864a1ac8.manifest
C:\Windows\winsxs\amd64_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.1.7601.17514_none_3a80c7b9f769c13d\netdiagfx.dll
C:\Windows\winsxs\x86_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.1.7601.17514_none_de622c363f0c5007\netdiagfx.dll
C:\Windows\winsxs\amd64_microsoft-windows-n..framework.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2699cd21ba909be6\netdiagfx.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-n..framework.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ca7b319e02332ab0\netdiagfx.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-nettrace-netsh-helper_31bf3856ad364e35_6.1.7600.16385_none_f72251fe8a04e1e5\NetTrace.PLA.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnostics_1_Web.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnostics_2_FileShare.xml
C:\Windows\winsxs\amd64_microsoft-windows-homegroupdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_eebe8ae2f626d85c\NetworkDiagnostics_3_HomeGroup.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnostics_4_NetworkAdapter.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnostics_5_Inbound.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..s-directaccessentry_31bf3856ad364e35_6.1.7600.16385_none_52b3ba1508e42ec5\NetworkDiagnostics_6_DA.xml
C:\Windows\winsxs\amd64_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.1.7601.17514_none_3a80c7b9f769c13d\NetworkDiagnosticsFramework.ptxml
C:\Windows\winsxs\x86_microsoft-windows-n..iagnosticsframework_31bf3856ad364e35_6.1.7601.17514_none_de622c363f0c5007\NetworkDiagnosticsFramework.ptxml
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnosticsResolve.ps1
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnosticsTroubleshoot.ps1
C:\Windows\winsxs\amd64_microsoft-windows-n..diagnostics-package_31bf3856ad364e35_6.1.7601.17514_none_1bde017f5d8d7006\NetworkDiagnosticsVerify.ps1
C:\Windows\winsxs\amd64_microsoft-windows-pcwdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_5120bf8b19591afa\PCWDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-performancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_bb8f9b1a5070de7e\PerformanceDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-p..stics-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_292dc3eeb5ddca39\PerformanceDiagnostics.adml
C:\Windows\winsxs\amd64_microsoft-windows-p..ancediagnostics-adm_31bf3856ad364e35_6.1.7600.16385_none_bbee9da8b0773714\PerformanceDiagnostics.admx
C:\Program Files (x86)\Panda Security\Panda Devices Agent\Plugins\Plugin_Diagnosis.dll
C:\Windows\winsxs\amd64_microsoft-windows-powerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_9654ef966755d06f\PowerDiagnostic.xml
C:\Windows\winsxs\amd64_microsoft-windows-printerdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_21b432d7b46a7554\PrinterDiagnostic.xml
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_af2ddc54e6a8e491.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_downloadedscenarios_995fa01e94b9ae39.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_downloadedsettings_f4a4d355cda0ca19.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_etllogs_autologger_91adf7c94bd2d1fa.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_etllogs_ffc0f561f3797ceb.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_etllogs_shutdownlogger_5ca7b57d60632f51.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_localtracestore_b69b398684e58a86.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_sideload_1bd7d65b4945242a.cdf-ms
C:\Windows\winsxs\FileMaps\programdata_microsoft_windows_power_efficiency_diagnostics_acddb9fca5769337.cdf-ms
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANModAdiag.dll
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psd1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psd1
C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\PSDiagnostics.psd1
C:\Windows\winsxs\wow64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_65ab62a5f1bba14b\PSDiagnostics.psd1
C:\Windows\System32\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psm1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psm1
C:\Windows\winsxs\amd64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_5b56b853bd5adf50\PSDiagnostics.psm1
C:\Windows\winsxs\wow64_microsoft-windows-powershell_31bf3856ad364e35_6.1.7601.17514_none_65ab62a5f1bba14b\PSDiagnostics.psm1
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAADiag.dll
C:\Windows\System32\rasdiag.dll
C:\Windows\SysWOW64\rasdiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ba0c82eccf526351\rasdiag.dll.mui
C:\Windows\winsxs\wow64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c4612d3f03b3254c\rasdiag.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_b70694aa97134f37\rdrleakdiag.exe
C:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01\rdrleakdiag.exe
C:\Windows\winsxs\amd64_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8a371f8237ce9694\rdrleakdiag.exe.mui
C:\Windows\winsxs\x86_microsoft-windows-r..iagnostic.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2e1883fe7f71255e\rdrleakdiag.exe.mui
C:\Windows\winsxs\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11b07c1bb446e787\Report.System.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\Report.System.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\Report.System.NetDiagFramework.xml
C:\Windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\Report.System.NetDiagFramework.xml
C:\Windows\System32\RpcDiag.dll
C:\Windows\SysWOW64\RpcDiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\RS_AdminDiagnosticHistory.ps1
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\RS_UserDiagnosticHistory.ps1
C:\Windows\winsxs\amd64_microsoft-windows-p..econsumer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_11b07c1bb446e787\Rules.System.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\Rules.System.Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-dot3svc.resources_31bf3856ad364e35_6.1.7600.16385_en-us_630d9bc151625afa\Rules.System.NetDiagFramework.xml
C:\Windows\winsxs\amd64_microsoft-windows-dot3svc_31bf3856ad364e35_6.1.7601.17514_none_c99214378a23d63b\Rules.System.NetDiagFramework.xml
C:\Program Files (x86)\NVIDIA Corporation\NvStreamSrv\rxdiag.dll
C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxdiag.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\amd64\server\rxdiag.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience.NvStreamSrv\x86\server\rxdiag.dll
C:\Windows\winsxs\amd64_microsoft-windows-s..ngine-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92ae7bc7fccaab93\sdiageng.adml
C:\Windows\winsxs\amd64_microsoft-windows-s..agnosticsengine-adm_31bf3856ad364e35_6.1.7600.16385_none_af31be1d191f101a\sdiageng.admx
C:\Windows\System32\sdiageng.dll
C:\Windows\SysWOW64\sdiageng.dll
C:\Windows\winsxs\amd64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a2f9e3d0e9db1d26\sdiageng.dll.mui
C:\Windows\winsxs\wow64_microsoft-windows-s..iveengine.resources_31bf3856ad364e35_6.1.7600.16385_en-us_ad4e8e231e3bdf21\sdiageng.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_761ad65676427bd9\sdiagnhost.exe
C:\Windows\winsxs\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_806f80a8aaa33dd4\sdiagnhost.exe
C:\Windows\winsxs\amd64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_8dd16b721c38eb8e\sdiagnhost.exe.mui
C:\Windows\winsxs\wow64_microsoft-windows-s..ativehost.resources_31bf3856ad364e35_6.1.7600.16385_en-us_982615c45099ad89\sdiagnhost.exe.mui
C:\Windows\System32\sdiagprv.dll
C:\Windows\SysWOW64\sdiagprv.dll
C:\Windows\winsxs\amd64_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6336f71e6582b89f\sdiagprv.dll.mui
C:\Windows\winsxs\x86_microsoft-windows-s..r-library.resources_31bf3856ad364e35_6.1.7600.16385_en-us_07185b9aad254769\sdiagprv.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-s..duled-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_5f8922af42048d70\sdiagschd.adml
C:\Windows\winsxs\amd64_microsoft-windows-s..lient-scheduled-adm_31bf3856ad364e35_6.1.7600.16385_none_67efddec4340e49d\sdiagschd.admx
C:\Windows\winsxs\amd64_microsoft-windows-s..icsclient-scheduled_31bf3856ad364e35_6.1.7600.16385_none_60a8c45de10f8eda\sdiagschd.dll
C:\Windows\winsxs\amd64_microsoft-windows-s..scheduled.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d918afc73126f9df\sdiagschd.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-searchdiagnostic_31bf3856ad364e35_6.1.7600.16385_none_8d9dc2260d0e1a98\SearchDiagnostic.xml
C:\Windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMDiagnostics.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMDiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17514_none_f5ecee5ec06d0cf0\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.17966_none_f5f1c1b0c068c029\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18523_none_f5ee0756c06c09cd\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.18532_none_f5ef1e68c06b0983\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22126_none_df201cf2da13b521\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22733_none_df2160bcda12837b\SMdiagnostics.dll
C:\Windows\winsxs\amd64_wcf-smdiagnostics_b03f5f7f11d50a3a_6.1.7601.22743_none_df226106da119cd2\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17514_none_72eeb0016ca58ae6\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.17966_none_72f383536ca13e1f\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18523_none_72efc8f96ca487c3\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.18532_none_72f0e00b6ca38779\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22126_none_5c21de95864c3317\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22733_none_5c23225f864b0171\SMdiagnostics.dll
C:\Windows\winsxs\msil_smdiagnostics_b77a5c561934e089_6.1.7601.22743_none_5c2422a9864a1ac8\SMdiagnostics.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\1d70f0cb319b4d459a7d837f5fa508b9\SMDiagnostics.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\SMDiagnostics\5742ab9e571c78e27c49a422ef962100\SMDiagnostics.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\32b270a7b4daf4731cf1c36ecd660297\SMDiagnostics.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\f9c76a0bdb7aaf37e5514c0cfe500231\SMDiagnostics.ni.dll
C:\Windows\assembly\temp\IPELQWE3OR\SMDiagnostics.ni.dll
C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\32b270a7b4daf4731cf1c36ecd660297\SMDiagnostics.ni.dll.aux
C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\f9c76a0bdb7aaf37e5514c0cfe500231\SMDiagnostics.ni.dll.aux
C:\Windows\assembly\temp\IPELQWE3OR\SMDiagnostics.ni.dll.aux
C:\Program Files (x86)\Microsoft Office\Office15\DCF\SpreadsheetIQ.Diagram.dll
C:\Program Files (x86)\Microsoft Office\Office15\DCF\en\SpreadsheetIQ.Diagram.Resources.dll
C:\Windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
C:\Windows\PLA\System\System Diagnostics.xml
C:\Windows\winsxs\amd64_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.1.7601.17514_none_1202940e4711971e\System Diagnostics.xml
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Contracts\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Contracts.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Contracts.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Contracts.dll
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Debug\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Debug.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Debug.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Debug.dll
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tools\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tools.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tools.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tools.dll
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Diagnostics.Tracing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Diagnostics.Tracing.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Diagnostics.Tracing.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.Diagnostics.Tracing.dll
C:\Windows\winsxs\amd64_microsoft-windows-maintenancediagnostic_31bf3856ad364e35_6.1.7600.16385_none_e5e3f53c23550761\TS_DiagnosticHistory.ps1
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png
C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png
C:\Windows\winsxs\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7600.16385_none_7c6ba3bd1f954290\werdiagcontroller.dll
C:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.17514_none_227e1c01642654f4\werdiagcontroller.dll
C:\Windows\System32\wfp\wfpdiag.etl
C:\Windows\winsxs\amd64_microsoft-windows-w..owsupdatediagnostic_31bf3856ad364e35_6.1.7600.16385_none_d8bc9f93971275e0\WindowsUpdateDiagnostic.xml
C:\Windows\winsxs\Backup\wow64_microsoft-windows-rasbase.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c4612d3f03b3254c_rasdiag.dll.mui_15cb4ec4
C:\Windows\winsxs\Backup\wow64_microsoft-windows-rasbase_31bf3856ad364e35_6.1.7601.17514_none_765b17a2c56f9155_rasdiag.dll_341d4299
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-s..eddiagnosticsengine_31bf3856ad364e35_6.1.7601.17514_none_565426f0c503aea2.manifest
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-scripteddiagnostics_31bf3856ad364e35_6.1.7601.17514_none_772b5cb276a5ba28.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_da3cb85562df73c9.manifest
C:\Windows\winsxs\Backup\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_da1934b762fa8f86.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_da1934b762fa8f86.manifest
C:\Windows\winsxs\Backup\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.18741_none_da1934b762fa8f86_memtest.exe_01d80391
C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.22948_none_daa9d56e7c11ddd8.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_da82435e7c30a828.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-b..re-memorydiagnostic_31bf3856ad364e35_6.1.7601.23471_none_da82435e7c30a828.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-d..x-directxdiagnostic_31bf3856ad364e35_6.1.7601.17514_none_25cb021dbc0611db.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ddodiag_31bf3856ad364e35_6.1.7600.16385_none_362ce835fe42421b.manifest
C:\Windows\winsxs\Backup\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.18381_none_222f511b6461ebd9_werdiagcontroller.dll_208f2db3
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.16428_none_3861e42cd41507eb.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17041_none_388fc5ced3f21495.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17126_none_38828366d3fc7dfd.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17239_none_38786f6cd4040028.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17501_none_3855b50ad41e3aee.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.17633_none_384db86cd423d626.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18282_none_387e123cd3fec89b.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18314_none_386c12bad40d666d.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18349_none_386ea1b0d40b3297.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18426_none_38621588d414cef7.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18449_none_3863d1c4d4134e88.manifest
C:\Windows\SoftwareDistribution\Download\3700fc964e62e6841557f11cc1b8dfd5\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_3868d336d40ecd3b.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-ie-f12diagnosticstap_31bf3856ad364e35_11.2.9600.18499_none_3868d336d40ecd3b.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-m..nents-mdac-msdadiag_31bf3856ad364e35_6.1.7600.16385_none_5e72ba21938d808c.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..diagnostic-settings_31bf3856ad364e35_6.1.7600.16385_none_62433344ed197c29.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..k-diagnostic-events_31bf3856ad364e35_6.1.7600.16385_none_562fea3198ad74e9.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-r..rce-leak-diagnostic_31bf3856ad364e35_6.1.7600.16385_none_887fafb90e94e05f.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..diagnosticsprovider_31bf3856ad364e35_6.1.7600.16385_none_9f2edc15ed934fde.manifest
C:\Windows\winsxs\Manifests\x86_microsoft.windows.diagnosis.sdengine_31bf3856ad364e35_6.1.7600.16385_none_d0f4444df9bb8cdb.manifest
C:\Windows\winsxs\Manifests\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7600.16385_none_41e26933a436d37d.manifest
C:\Windows\winsxs\Manifests\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.18523_none_41b88fafa48d1710.manifest
C:\Windows\winsxs\Manifests\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.1.7601.22733_none_2aebe915be3390be.manifest
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Track

C:\Windows\winsxs\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0eb2900bcd92bf3
C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c8281d64919b46
C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7601.18713_none_b9f8289f61811978
C:\Windows\winsxs\amd64_microsoft-windows-c..rmance-powertracker_31bf3856ad364e35_6.1.7601.18713_none_838b9f400b1ebc7f
C:\Windows\winsxs\amd64_microsoft-windows-d..tedlinktracking-adm_31bf3856ad364e35_6.1.7600.16385_none_9f07bdbfcdd751fe
C:\Windows\winsxs\amd64_microsoft-windows-p..rmanceperftrack-adm_31bf3856ad364e35_6.1.7600.16385_none_0e4964a578d4a5cc
C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c13d58e431d898bb
C:\Windows\winsxs\amd64_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81e9aa717b4d552e
C:\Windows\winsxs\amd64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_5ec90957e1a8fe95
C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
C:\Windows\System32\wdi\perftrack
C:\Windows\SysWOW64\wdi\perftrack
C:\Windows\tracing\PowerTracker
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker
C:\Users\Owner\AppData\Local\Microsoft\Internet Explorer\Tracking Protection
D:\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet
F:\D_full_files\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet
C:\Windows\winsxs\x86_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_25cb0eedc2efe3f8
C:\Windows\winsxs\x86_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_02aa6dd4294b8d5f
C:\Windows\winsxs\FileMaps\$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_wdi_perftrack_traces_0af2b48360b94cec.cdf-ms
C:\Windows\winsxs\FileMaps\$$_syswow64_wdi_perftrack_11b14f44681a7baa.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\15f0340ebd3dd2011e0d0000a407b007.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\15f0340ebd3dd2011f0d0000a407b007.$$_system32_wdi_perftrack_traces_0af2b48360b94cec.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1b076c45d03dd2011e0d000078078407.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1b076c45d03dd2011f0d000078078407.$$_system32_wdi_perftrack_traces_0af2b48360b94cec.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\284b0b48d03dd201fc0e000078078407.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\53ce8018073ed2011e0d00009c07a807.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\53ce8018073ed2011f0d00009c07a807.$$_system32_wdi_perftrack_traces_0af2b48360b94cec.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8136271b073ed201fc0e00009c07a807.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a7c1ccb2d43dd201fc0e0000f407a002.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0eb2900bcd92bf3.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c8281d64919b46.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7601.18713_none_b9f8289f61811978.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-c..rmance-powertracker_31bf3856ad364e35_6.1.7601.18713_none_838b9f400b1ebc7f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-d..tedlinktracking-adm_31bf3856ad364e35_6.1.7600.16385_none_9f07bdbfcdd751fe.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-p..rmanceperftrack-adm_31bf3856ad364e35_6.1.7600.16385_none_0e4964a578d4a5cc.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c13d58e431d898bb.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_81e9aa717b4d552e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_5ec90957e1a8fe95.manifest
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 01.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 01.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 02.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 02.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 03.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 03.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 04.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 04.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 05.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 05.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 06.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 06.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 07.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 07.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 08.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 08.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 09.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 09.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 10.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 10.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 11.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 11.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 12.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 12.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 13.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 13.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 14.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 14.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 15.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track 15.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d201.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d201.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d202.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d202.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d203.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d203.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d204.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d204.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d205.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d205.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d206.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d206.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d207.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d207.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d208.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d208.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d209.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d209.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d210.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d210.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d211.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d211.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d212.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d212.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d213.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d213.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d214.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d214.mp3
D:\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d215.mp3
F:\D_full_files\Securities\eBooks_Making Money\Artist-Jack Welch\artist - Track d215.mp3
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl
C:\Windows\winsxs\Temp\PendingRenames\bdbc199ebe3dd2011e0d0000d8048807.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\bdbc199ebe3dd2011f0d0000d8048807.$$_system32_wdi_perftrack_traces_0af2b48360b94cec.cdf-ms
C:\Program Files (x86)\Microsoft Office\Templates\1033\BloodPressureTracker.xltx
C:\Windows\winsxs\Temp\PendingRenames\c2d2d110bd3dd201fc0e0000a407b007.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
D:\Securities\0Forex\CCT-Edward.James\CCT-Live.Training.Events\CCT_Trade_Tracker.spreadsheet.xlsm
F:\D_full_files\Securities\0Forex\CCT-Edward.James\CCT-Live.Training.Events\CCT_Trade_Tracker.spreadsheet.xlsm
D:\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet\CCT_Trade_Tracker.xlsm
F:\D_full_files\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet\CCT_Trade_Tracker.xlsm
D:\Securities\1Options\Cohen, Guy\Cohen.Guy-Trend.Reversals.Dojis.RR.tracks.avi
F:\D_full_files\Securities\1Options\Cohen, Guy\Cohen.Guy-Trend.Reversals.Dojis.RR.tracks.avi
C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c8281d64919b46\Core-Fundamentals-ClientPerformance-Perftrack.ptxml
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-d..cking-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_817cd4dab042e1f5\DistributedLinkTracking.adml
C:\Windows\winsxs\amd64_microsoft-windows-d..tedlinktracking-adm_31bf3856ad364e35_6.1.7600.16385_none_9f07bdbfcdd751fe\DistributedLinkTracking.admx
C:\Windows\winsxs\Temp\PendingRenames\fade2fb0d43dd2011e0d0000f407a002.$$_system32_wdi_perftrack_e5904ddd3f58b556.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fade2fb0d43dd2011f0d0000f407a002.$$_system32_wdi_perftrack_traces_0af2b48360b94cec.cdf-ms
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\FileTracker.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\FileTracker.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\1033\FileTrackerUI.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\1033\FileTrackerUI.dll
C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb\1.68.1_0\images\mailtrack-crx-sprite_2x.png
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite\MixPad MultiTrack Mixer.lnk
D:\Securities\0Forex\fxKnight\Trading_Spreadshts\Monthly_Performance_Tracker.xls
F:\D_full_files\Securities\0Forex\fxKnight\Trading_Spreadshts\Monthly_Performance_Tracker.xls
C:\Windows\winsxs\amd64_microsoft-windows-p..track-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c13d58e431d898bb\PerformancePerftrack.adml
C:\Windows\winsxs\amd64_microsoft-windows-p..rmanceperftrack-adm_31bf3856ad364e35_6.1.7600.16385_none_0e4964a578d4a5cc\PerformancePerftrack.admx
C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7600.16385_none_b7c8281d64919b46\perftrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-c..rformance-perftrack_31bf3856ad364e35_6.1.7601.18713_none_b9f8289f61811978\perftrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-c..perftrack.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0eb2900bcd92bf3\perftrack.dll.mui
C:\Windows\winsxs\amd64_microsoft-windows-c..rmance-powertracker_31bf3856ad364e35_6.1.7601.18713_none_838b9f400b1ebc7f\powertracker.dll
C:\Program Files (x86)\Opera\server_tracking_data
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\TrackedSend.aapp
C:\Program Files (x86)\TechSmith\Snagit 12\Trackerbird.dll
C:\System Volume Information\tracking.log
D:\System Volume Information\tracking.log
F:\System Volume Information\tracking.log
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Logic.sql
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\en\Tracking_Logic.sql
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\Tracking_Logic.sql
C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bb39ab2582dc79f6\Tracking_Logic.sql
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\en\Tracking_Schema.sql
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation\SQL\en\Tracking_Schema.sql
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\Tracking_Schema.sql
C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bb39ab2582dc79f6\Tracking_Schema.sql
D:\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet\Trade.Tracker.spreadsheet.Tutorial_2016_02_28.avi
F:\D_full_files\Securities\0Forex\CCT-Edward.James\Trade.Tracker.spreadsheet\Trade.Tracker.spreadsheet.Tutorial_2016_02_28.avi
D:\0BTMM_Mauro.Steve\1Trades\Wkly_Tracking_Spreadsheet.xls
F:\D_full_files\0BTMM_Mauro.Steve\1Trades\Wkly_Tracking_Spreadsheet.xls
C:\Windows\winsxs\Manifests\x86_microsoft-windows-s..t-tracker.resources_31bf3856ad364e35_6.1.7600.16385_en-us_25cb0eedc2efe3f8.manifest
C:\Windows\winsxs\Manifests\x86_microsoft-windows-shutdown-event-tracker_31bf3856ad364e35_6.1.7600.16385_none_02aa6dd4294b8d5f.manifest

 
#11
Do you use COMODO BackUp? If not then uninstall it, as you already have backup software. Disable all of your startups with ccleaner except these two. Also make sure and disable your scheduled task.

HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-01] (UltimateOutsider)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)


Ccleaner To disable Useless Startups.



Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

CCleaner - Free Download - Piriform
kwLN4uv.png


Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up then under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task. Only disable items under the windows tab and scheduled task tab!

GjWwvEu.png


Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:



  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.
Lxioao1.png


Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

SnqZ2JW.png


Reboot the machine after.


Also, I apologize but diag track should have been searched together in everything tool. You can also uninstall Loaris with Force mode in Geek Uninstaller. Now please post fresh FRST logs.
 
  • Like
Reactions: paulwb
#12
Here is the Everything Search Engine diag track report

diag track scan

C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrackrunner.exe


 
#13
OK, Comodo Backup & Loaris successfully removed. As specified, Start up programs & Scheduled Tasks disabled, cCleaner settings all set up.

FRST logs ....

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2016
Ran by Owner (administrator) on PS-CORSAIR (18-11-2016 21:02:15)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [54520 2015-10-22] (Panda Security, S.L.)
HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{49B9C919-AC6C-48B4-B3F1-BAE2AAC57837}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3707217111-3059912600-4169917813-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-23] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-23] (Oracle Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-05-07] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-07] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-07-26] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-07-26] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-25] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3707217111-3059912600-4169917813-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-23] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner\AppData\Roaming\mozilla\plugins\npatgpc.dll [2016-10-29] (Cisco WebEx LLC)

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy

%3Dl&bsv=1k96igf4806cy&scc=1&ltmpl=default&ltmplcache=2&hl=en
CHR StartupUrls: Default -> "hxxps://www.startpage.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2016-11-18]
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-15]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-15]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-15]
CHR Extension: (TV) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2016-11-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-11-15]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-15]
CHR Extension: (Thesaurus.com - Synonyms and Antonyms) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clljlcapeomdokpgadmegpabakieebci [2016-11-15]
CHR Extension: (Learn Italian - Molto Bene) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dadgddaepklpemjojmnhgdjmmkmefihe [2016-11-15]
CHR Extension: (Trading Dashboard to Fructify your Money) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\egfjlnahigndmbebpdhnnkcfnahhhglp [2016-11-15]
CHR Extension: (Zoho Invoice and Time Tracking) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehmnelfmlmpladgddfgghoaigjhfkhdj [2016-11-15]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-15]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-15]
CHR Extension: (Save to Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbmikajjgmnabiglmofipeabaddhgne [2016-11-15]
CHR Extension: (Learn Portuguese - Tudo Bem) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iaichpenkdlohcjgagagapnegbjmfnfh [2016-11-15]
CHR Extension: (Mailvelope) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajibbejlbohfaggdiogboambcijhkke [2016-11-15]
CHR Extension: (HelloSign: Online signatures made easy) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajjckmbclbffbpecfbiecehkfgopppd [2016-11-15]
CHR Extension: (Yesware Reports) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiciehannidbjakcefendokamkjnolhg [2016-11-15]
CHR Extension: (Boomerang for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdanidgdpmkimeiiojknlnekblgmpdll [2016-11-15]
CHR Extension: (Vend) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\meddmiakkfjlledfhjljjjdebajikafa [2016-11-15]
CHR Extension: (Mailtrack for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndnaehgpjlnokgebbaldlmgkapkpjkkb [2016-11-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-15]
CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2016-11-15]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-15]
CHR Extension: (Learn Spanish - Qué Onda) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj [2016-11-15]
CHR Extension: (Streak CRM for Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnnfemgpilpdaojpnkjdgfgbnnjojfik [2016-11-15]

Opera:
=======
OPR Extension: (HTTPS Everywhere) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\edaplhobcmdaneconioghljnnopmkhgm [2016-11-10]
OPR Extension: (uBlock Origin) - C:\Users\Owner\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2016-11-05]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-03-19] (AOMEI Tech Co., Ltd.) [File not signed]
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2014-07-20] (Arainia Solutions)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-07-26] (Intel Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2015-10-18] (Panda Security, S.L.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73464 2015-10-28] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2015-10-22] (Panda Security, S.L.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13900016 2016-11-09] (Zemana Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-25] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2015-02-25] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2015-02-25] () [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2014-07-20] (Arainia Solutions LLC)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [94456 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [201976 2015-07-09] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [110840 2015-07-09] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [57648 2015-05-20] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [103160 2015-07-09] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [73464 2015-08-31] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [124152 2015-07-09] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [300280 2015-07-09] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [170232 2015-07-09] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [113400 2015-07-09] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [257784 2015-07-09] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106232 2015-07-09] (Panda Security, S.L.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [164088 2015-07-19] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121592 2015-07-19] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [197880 2015-07-19] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124152 2015-07-19] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [134392 2015-07-19] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107768 2015-07-19] (Panda Security, S.L.)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [61712 2015-05-22] (Panda Security, S.L.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-11-13] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-11-13] (Zemana Ltd.)
S3 vdbus; system32\DRIVERS\vdbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 21:02 - 2016-11-18 21:02 - 00017772 _____ C:\Users\Owner\Desktop\FRST.txt
2016-11-18 20:57 - 2015-05-22 03:45 - 00061712 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2016-11-18 15:48 - 2016-11-16 18:15 - 02494976 _____ C:\Users\Owner\Desktop\ZHPCleaner.exe
2016-11-18 15:48 - 2016-11-16 18:15 - 01631928 _____ (Malwarebytes) C:\Users\Owner\Desktop\JRT.exe
2016-11-18 13:10 - 2016-11-18 20:41 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Everything
2016-11-18 13:10 - 2016-11-18 13:10 - 00001018 _____ C:\Users\Owner\Desktop\Search Everything.lnk
2016-11-18 13:10 - 2016-11-18 13:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Everything
2016-11-18 13:10 - 2016-11-18 13:10 - 00000000 ____D C:\Program Files\Everything
2016-11-18 12:54 - 2016-11-18 12:54 - 00000000 ____D C:\SecurityCheck
2016-11-18 11:45 - 2016-11-18 20:44 - 00000000 ____D C:\ProgramData\Loaris
2016-11-18 10:02 - 2016-11-18 10:02 - 00507938 _____ (glax24 (safezone.cc)) C:\Users\Owner\Desktop\SecurityCheck.exe
2016-11-17 23:23 - 2016-11-18 12:41 - 00000000 ____D C:\Program Files\9-lab
2016-11-17 23:23 - 2016-11-18 10:47 - 00000000 ____D C:\Users\Owner\AppData\Roaming\9-lab
2016-11-17 23:23 - 2016-11-18 10:47 - 00000000 ____D C:\ProgramData\9-lab
2016-11-17 23:15 - 2016-11-17 23:23 - 00000000 ____D C:\Users\Owner\Desktop\EEK
2016-11-17 22:41 - 2016-11-17 22:43 - 259408136 _____ C:\Users\Owner\Desktop\EmsisoftEmergencyKit.exe
2016-11-17 21:36 - 2016-11-17 21:36 - 00000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2016-11-16 20:49 - 2016-11-16 20:49 - 00001177 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2016-11-16 20:49 - 2016-11-16 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-11-16 20:49 - 2016-11-16 20:49 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2016-11-16 20:21 - 2016-11-16 20:21 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-11-16 20:21 - 2016-11-16 20:21 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-11-16 20:08 - 2016-11-16 20:10 - 00000000 ____D C:\Users\Owner\AppData\Roaming\ZHP
2016-11-15 23:07 - 2016-11-18 20:57 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-11-15 23:07 - 2016-11-18 20:57 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-15 23:07 - 2016-11-18 20:50 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-11-15 23:07 - 2016-11-18 20:50 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-11-15 23:07 - 2016-11-15 23:07 - 00002284 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-15 22:35 - 2016-11-15 22:35 - 00013036 _____ C:\Users\Owner\Desktop\Fixlog.M.txt
2016-11-15 19:41 - 2016-11-15 22:32 - 00022336 _____ C:\Users\Owner\Desktop\INFO.txt
2016-11-15 13:33 - 2016-11-15 13:33 - 00000000 ____D C:\zoek
2016-11-15 13:24 - 2016-11-15 13:34 - 00003148 _____ C:\runcheck.txt
2016-11-15 13:24 - 2016-11-15 13:34 - 00000000 ____D C:\zoek_backup
2016-11-15 12:45 - 2016-11-17 21:36 - 02412032 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-11-15 11:47 - 2016-11-15 11:47 - 01309184 _____ C:\Users\Owner\Desktop\zoek.exe
2016-11-15 11:34 - 2016-11-15 11:34 - 00000078 _____ C:\Users\Owner\Desktop\Zoek.Code.txt
2016-11-14 21:34 - 2016-11-14 21:34 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill_2.8.4.0.exe
2016-11-14 12:50 - 2016-11-14 12:56 - 00219198 _____ C:\TDSSKiller.3.1.0.12_14.11.2016_12.50.13_log.txt
2016-11-14 12:48 - 2016-11-18 21:02 - 00000000 ____D C:\FRST
2016-11-14 12:00 - 2016-11-14 12:00 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Owner\Desktop\tdsskiller.exe
2016-11-13 16:14 - 2016-11-18 21:02 - 00044539 _____ C:\Windows\ZAM.krnl.trace
2016-11-13 16:14 - 2016-11-18 21:02 - 00013861 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-11-13 16:14 - 2016-11-13 16:14 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-11-13 16:14 - 2016-11-13 16:14 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-11-13 16:14 - 2016-11-13 16:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Zemana
2016-11-13 15:54 - 2016-11-18 14:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 15:54 - 2016-11-13 15:54 - 00001131 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-13 15:54 - 2016-11-13 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-13 15:54 - 2016-11-13 15:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-13 15:54 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-13 15:54 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-13 15:54 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-13 15:25 - 2016-11-18 15:34 - 00000000 ____D C:\AdwCleaner
2016-11-13 14:54 - 2016-11-13 14:54 - 03910208 _____ C:\Users\Owner\Desktop\adwcleaner_6.030.exe
2016-11-13 14:03 - 2016-11-13 14:30 - 00000000 ____D C:\Users\Owner\Desktop\PandaCloudCleaner
2016-11-13 13:17 - 2016-11-13 13:17 - 00000000 ____D C:\Quarantine
2016-11-13 13:04 - 2016-11-13 13:22 - 00000000 ____D C:\Program Files (x86)\stinger
2016-11-13 11:46 - 2016-11-13 14:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-11-13 10:51 - 2016-11-13 10:51 - 00748192 _____ (TechGuy, Inc.) C:\Users\Owner\Downloads\SysInfo.exe
2016-11-13 00:07 - 2016-11-13 00:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-12 23:41 - 2016-11-12 23:41 - 00524248 _____ (F-Secure Corporation) C:\Users\Owner\Desktop\F-SecureOnlineScanner.exe
2016-11-12 23:35 - 2016-11-12 23:35 - 00021464 _____ C:\ComboFix.txt
2016-11-12 23:08 - 2016-11-12 23:08 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Owner\Desktop\esetonlinescanner_enu.exe
2016-11-12 22:24 - 2016-11-18 11:01 - 00000000 ____D C:\Users\Owner\AppData\Local\FSDART
2016-11-12 22:24 - 2016-11-13 11:36 - 00000000 ____D C:\ProgramData\F-Secure
2016-11-12 22:24 - 2016-11-12 22:24 - 00000000 ____D C:\Users\Owner\AppData\Local\F-Secure
2016-11-12 22:14 - 2016-11-12 22:14 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET
2016-11-07 20:45 - 2016-10-25 15:00 - 00134712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-11-07 20:42 - 2016-10-25 20:06 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-11-07 20:42 - 2016-10-25 20:06 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 40123840 _____ C:\Windows\system32\nvcompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 35224632 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 34701760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 28138552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 17429080 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 17348752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 14397272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 14033976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-11-07 20:42 - 2016-10-25 16:39 - 10912232 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 10773504 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 10324400 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 09113296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 08913512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 08716056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 03628992 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 03193912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437570.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 01586744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437570.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 01037248 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00974272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00945208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00897080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00683640 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00572888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00492744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00439864 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00436088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00407064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00148200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-11-07 20:42 - 2016-10-25 16:39 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-11-07 20:42 - 2016-10-25 16:39 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-11-07 20:35 - 2016-10-25 15:21 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2016-11-07 20:35 - 2016-10-25 15:21 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-11-07 20:35 - 2016-10-25 15:21 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-11-02 10:42 - 2016-11-02 10:42 - 00001004 _____ C:\Users\Owner\Desktop\TOU_Winter - Shortcut.lnk
2016-11-02 10:38 - 2016-11-02 10:38 - 00001004 _____ C:\Users\Owner\Desktop\TOU_Summer - Shortcut.lnk
2016-10-27 13:44 - 2016-10-27 13:44 - 04965616 _____ (Interactive Brokers LLC) C:\Users\Owner\Downloads\tws-latest-windows-x86.exe
2016-10-27 13:44 - 2016-10-27 13:44 - 00001427 _____ C:\Users\Public\Desktop\Trader Workstation.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-18 21:01 - 2009-07-14 00:13 - 00915794 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-18 21:01 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-11-18 20:57 - 2016-03-08 21:29 - 00000000 ____D C:\Program Files\COMODO
2016-11-18 20:57 - 2015-06-11 19:00 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job
2016-11-18 20:57 - 2014-07-23 17:37 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job
2016-11-18 20:57 - 2014-02-11 00:50 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-18 20:57 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-18 20:50 - 2016-10-09 22:37 - 00003600 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 20:50 - 2016-09-11 19:51 - 00003838 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 20:50 - 2016-09-11 19:51 - 00003838 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 20:50 - 2016-09-11 19:51 - 00003788 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 20:50 - 2016-09-11 19:51 - 00003776 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 20:50 - 2016-09-11 19:51 - 00003540 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-18 20:50 - 2016-08-29 16:04 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1472504661
2016-11-18 20:50 - 2015-06-11 19:00 - 00003690 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000
2016-11-18 20:50 - 2014-07-23 17:37 - 00003594 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000
2016-11-18 20:50 - 2014-07-20 17:31 - 00003810 _____ C:\Windows\System32\Tasks\TechSmith Updater
2016-11-18 20:50 - 2014-07-20 16:41 - 00004000 _____ C:\Windows\System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B}
2016-11-18 20:50 - 2014-03-03 15:49 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-11-18 20:49 - 2014-12-26 12:00 - 00004478 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-18 20:06 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-18 20:06 - 2009-07-13 23:45 - 00022096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-18 13:31 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\registration
2016-11-18 03:46 - 2014-03-25 23:05 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2016-11-18 02:24 - 2014-02-10 00:09 - 00000000 ____D C:\Users\Owner
2016-11-16 19:56 - 2016-09-20 20:40 - 00000000 ____D C:\Users\Owner\Downloads\CFix
2016-11-16 10:06 - 2014-08-25 21:25 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-11-15 23:33 - 2016-09-18 13:06 - 00000066 ___SH C:\Users\Owner\3824700-18.cbr
2016-11-15 23:33 - 2014-02-10 00:09 - 00000000 ____D C:\Users\Owner\AppData\Local\VirtualStore
2016-11-15 23:07 - 2014-03-03 16:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-11-15 23:07 - 2014-02-11 00:40 - 00000000 ____D C:\Users\Owner\AppData\Local\Google
2016-11-15 22:58 - 2014-07-20 20:08 - 00000028 _____ C:\Windows\ODBC.INI
2016-11-15 22:57 - 2014-05-13 12:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-11-15 22:57 - 2014-03-19 17:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla
2016-11-15 22:57 - 2014-03-19 17:14 - 00000000 ____D C:\Users\Owner\AppData\Local\Mozilla
2016-11-15 22:54 - 2016-08-29 16:03 - 00000000 ____D C:\Program Files (x86)\Opera
2016-11-15 12:51 - 2016-02-28 13:24 - 00000000 ___SD C:\Users\Owner\AppData\LocalLow\Temp
2016-11-15 12:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-11-13 13:49 - 2016-06-10 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FXDD Malta - MetaTrader 4-1
2016-11-13 13:26 - 2014-10-18 21:31 - 00001311 _____ C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2016-11-13 12:08 - 2010-11-20 22:24 - 00363008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wbemcomn.dll
2016-11-12 23:34 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2016-11-12 23:32 - 2016-08-29 12:51 - 00000000 ____D C:\Windows\erdnt
2016-11-12 23:11 - 2009-07-14 00:08 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-11-12 21:22 - 2014-03-03 16:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Deployment
2016-11-12 21:21 - 2014-03-03 16:05 - 00000000 ____D C:\Users\Owner\AppData\Local\Apps\2.0
2016-11-09 09:34 - 2016-02-23 18:29 - 06948888 _____ (Geek Uninstaller) C:\Users\Owner\Desktop\geek.exe
2016-11-08 20:38 - 2014-02-11 00:52 - 00000000 ____D C:\Users\Owner\AppData\Local\NVIDIA Corporation
2016-11-07 20:46 - 2014-02-11 00:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-07 20:46 - 2014-02-11 00:50 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-07 20:45 - 2016-03-21 08:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-07 20:44 - 2014-02-11 00:50 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-07 20:44 - 2014-02-11 00:49 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-07 20:35 - 2016-09-11 19:51 - 00001441 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-06 08:56 - 2015-12-18 22:33 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-02 07:37 - 2014-03-03 09:20 - 00000000 ____D C:\Jts
2016-11-02 06:00 - 2016-02-23 18:49 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-10-29 16:47 - 2016-01-12 12:00 - 00000000 ____D C:\Users\Owner\AppData\Local\WebEx
2016-10-29 16:46 - 2016-01-12 12:00 - 00000000 ____D C:\Users\Owner\AppData\LocalLow\WebEx
2016-10-27 13:44 - 2016-09-20 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trader Workstation
2016-10-26 16:29 - 2010-11-20 22:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-25 20:06 - 2016-08-06 22:26 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 19925152 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 03933968 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 03473368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-10-25 16:39 - 2014-02-11 00:49 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2016-10-25 15:21 - 2016-09-11 19:51 - 01854008 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 01454136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-10-25 15:21 - 2016-09-11 19:51 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-10-25 15:17 - 2016-01-22 21:23 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-10-25 15:17 - 2016-01-22 21:23 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-10-25 15:17 - 2015-02-04 11:23 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 06386232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-10-25 15:17 - 2014-02-11 00:50 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-10-25 15:13 - 2016-09-11 19:51 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-10-24 01:31 - 2014-02-11 00:50 - 07507695 _____ C:\Windows\system32\nvcoproc.bin
2016-10-19 18:20 - 2014-03-03 15:49 - 00001004 _____ C:\Users\Public\Desktop\CCleaner.lnk

==================== Files in the root of some directories =======

2014-03-02 23:54 - 2014-03-02 23:54 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-02-10 12:17 - 2014-02-10 12:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-14 10:25

==================== End of FRST.txt ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-11-2016
Ran by Owner (18-11-2016 21:02:27)
Running from C:\Users\Owner\Desktop
Windows 7 Professional Service Pack 1 (X64) (2014-02-10 05:09:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3707217111-3059912600-4169917813-500 - Administrator - Disabled)
Guest (S-1-5-21-3707217111-3059912600-4169917813-501 - Limited - Disabled)
Owner (S-1-5-21-3707217111-3059912600-4169917813-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Free Antivirus (Enabled - Up to date) {AAF74A68-8713-CDF1-004F-30003398BE9E}
AS: Panda Free Antivirus (Enabled - Up to date) {1196AB8C-A129-C27F-3AFF-0B72481FF423}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Ansel (Version: 375.70 - NVIDIA Corporation) Hidden
AOMEI Backupper Standard Edition 2.5 (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.4.0 - Asmedia Technology)
BTMM Software (HKLM-x32\...\BTMM Software) (Version: - )
BTMM WSM Viewer 3.7 (HKLM-x32\...\{64F8E2C6-A88D-4C0A-BA07-93F9FFA11A8E}}_is1) (Version: 3.7 - Beat the Market Maker)
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}) (Version: 1.0.408 - Citrix)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: - NCH Software)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version: - )
FXDD Malta - MetaTrader 4 (HKLM-x32\...\FXDD Malta - MetaTrader 4) (Version: 6.00 - MetaQuotes Software Corp.)
FXDD Malta - MetaTrader 4 (HKLM-x32\...\FXDD Malta - MetaTrader 4-1) (Version: 4.00 - MetaQuotes Software Corp.)
Gizmo Central (HKLM-x32\...\Gizmo Central) (Version: v2.7.9 - Arainia Solutions, LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.26.0.5808 (HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\...\GoToMeeting) (Version: 7.26.0.5808 - CitrixOnline)
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.12.1688 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Network Recording Player (HKLM-x32\...\{D64DFCA4-1AEC-4B6A-8A3A-6C2E1B2E16BD}) (Version: 29.11.3.4862 - Cisco WebEx LLC)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.70 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.70 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Opera Stable 41.0.2353.56 (HKLM-x32\...\Opera 41.0.2353.56) (Version: 41.0.2353.56 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.9 - Panda Security)
Panda Devices Agent (x32 Version: 1.03.05 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Panda Free Antivirus (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.0.2 - Panda Security)
Panda Free Antivirus (Version: 8.04.00.0000 - Panda Security) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7083 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
Snagit 12 (HKLM-x32\...\{a8dbd220-0251-433a-8cc0-8b2e0d67053b}) (Version: 12.1.0.1322 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.1.0 - TechSmith Corporation) Hidden
Trader Workstation (HKLM-x32\...\5889-6375-8446-2021) (Version: latest (959.1d) 20161026 17:20:13 - Interactive Brokers LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.60.1 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3707217111-3059912600-4169917813-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Owner\AppData\Local\Citrix\GoToMeeting

\5808\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {054DF6B1-C0C5-477B-BA36-8E596BB7F10D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {3EE4F2EC-8A45-43C6-854A-2EDE6113F277} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {43B908A7-34DE-469C-8EC9-FDA7D168F818} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)
Task: {515FADEF-C8DA-41A6-88DD-A4E851464711} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {5CF539C9-8EE4-4387-88D3-CBD3C540261C} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2014-03-25] (NCH Software)
Task: {627D4F51-9196-43DF-A04D-B872C8B6DEFF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA

Corporation)
Task: {63ADC1E8-0A62-4658-A9D2-935AEEBC35B9} - System32\Tasks\Opera scheduled Autoupdate 1472504661 => C:\Program Files (x86)\Opera\launcher.exe [2016-11-07] (Opera Software)
Task: {78CB52C6-2420-4117-BC17-944F2415D339} - System32\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe [2016-11

-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {79B5E9B1-7893-4DBD-B013-FBFE5FE0E7E2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {7ED220D2-3F34-41E5-A3D0-1F5E1A517E5E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25]

(NVIDIA Corporation)
Task: {A33DAEBA-F917-4160-98A5-F3F9E7D33C27} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA

Corporation)
Task: {C32994E5-1867-4194-ADB3-B2BEAD9904EB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe

[2016-10-25] (NVIDIA Corporation)
Task: {C4551982-7BEC-4243-9194-74FB6DFE6175} - System32\Tasks\{EB5A17F7-59B1-4914-80F9-8981CBF7FF0B} => C:\Program Files (x86)\Gizmo\gizmo.exe [2014-07-20] (Arainia Solutions)
Task: {D0BEEEBF-CD17-4AE2-A56B-EB783685BEC7} - System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11

-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DBECA225-BEA2-4E24-824D-407830BC8221} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe

[2016-10-25] (NVIDIA Corporation)
Task: {E3DC60B8-AECD-43D0-8EB1-960DF854E78E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {E72EC86B-3D23-4084-BDD8-881206C004F4} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
Task: {E76D5133-5A44-4F50-BE32-F47E52A983BA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25]

(NVIDIA Corporation)
Task: {FB9C88AE-0821-4A9A-A3EC-E2081441377F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-11-15] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Owner\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.html

==================== Loaded Modules (Whitelisted) ==============

2016-09-11 19:51 - 2016-10-25 15:21 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2014-02-11 00:50 - 2016-10-25 15:17 - 00133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-21 19:07 - 2014-01-21 19:07 - 08878248 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00224984 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00286424 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00966360 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00278232 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00110296 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00675544 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2015-04-21 21:00 - 2015-03-19 17:57 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2015-04-21 21:00 - 2015-02-25 23:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2016-09-11 19:51 - 2016-10-25 15:21 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-02-11 00:50 - 2013-07-26 12:24 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Owner\Desktop\fxddmalta4setup_build610.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Owner\Downloads\nbr2player.msi:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-11-15 22:35 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3707217111-3059912600-4169917813-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: GizmoDriveDelegate => "C:\Program Files (x86)\Gizmo\gizmo.exe" /RemountStartupImages
MSCONFIG\startupreg: GwxControlPanelMonitor => "C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" /traymode
MSCONFIG\startupreg: IAStorIcon => "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: IMSS => "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: ShadowPlay => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: ZAM => "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{B1D29FB0-35CB-4D16-A4C5-607D778F7EB3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

15-11-2016 12:50:53 Restore Point Created by FRST
15-11-2016 13:25:34 zoek.exe restore point
15-11-2016 22:35:17 Restore Point Created by FRST
15-11-2016 22:58:47 Removed Privatefirewall 7.0
16-11-2016 19:59:58 JRT Pre-Junkware Removal
18-11-2016 10:47:09 Windows Defender Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2016 08:58:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in

namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2016 07:58:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in

namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2016 03:35:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in

namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2016 01:52:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in

namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2016 01:16:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Everything.exe version 1.3.4.686 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the

Action Center control panel.

Process ID: d60

Start Time: 01d241c7494a24c9

Termination Time: 3

Application Path: C:\Program Files\Everything\Everything.exe

Report Id: 12bc9f87-adbb-11e6-b2d8-bcee7b9eb32d

Error: (11/18/2016 12:53:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program _iu14D2N.tmp version 51.1052.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the

Action Center control panel.

Process ID: 14b0

Start Time: 01d241c3a2b993d9

Termination Time: 0

Application Path: C:\Users\Owner\AppData\Local\Temp\_iu14D2N.tmp

Report Id:

Error: (11/18/2016 12:42:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in

namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2016 09:49:06 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in

namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2016 02:24:10 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in

namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/18/2016 01:54:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in

namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (11/18/2016 08:57:21 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/18/2016 07:57:54 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/18/2016 03:35:00 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (11/18/2016 03:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/18/2016 03:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

Error: (11/18/2016 03:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart

the service.

Error: (11/18/2016 03:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/18/2016 03:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/18/2016 03:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO BackUp Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/18/2016 03:34:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The COMODO Online Storage Service service terminated unexpectedly. It has done this 1 time(s).


CodeIntegrity:
===================================
Date: 2016-08-29 13:55:26.876
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-29 13:55:26.844
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software

change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-12-16 20:53:38.146
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cmdvrt64.dll because the set of per-page image hashes could not be found on the

system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4930K CPU @ 3.40GHz
Percentage of memory in use: 15%
Total physical RAM: 14276.8 MB
Available physical RAM: 12094.17 MB
Total Virtual: 14274.98 MB
Available Virtual: 11826.95 MB

==================== Drives ================================

Drive c: (Kingston HyperX SSD 240GB) (Fixed) (Total:223.47 GB) (Free:153.13 GB) NTFS
Drive d: (2TB.Seagate.Barracuda) (Fixed) (Total:1863.01 GB) (Free:1242.64 GB) NTFS
Drive f: (2TB.WD.Black.Caviar) (Fixed) (Total:1863.01 GB) (Free:1382.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: CB504B49)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: CB504B42)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: F47551AD)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
#14
Alright, this is a good bit of information to go over, so I will have a FRST fix for you tomorrow.

Can you tell me what issues remain with the machine?

Also, Download AUtoruns, and disable -- untick all items under scheduled task, so long as they do not relate to Panda and then reboot.
 
#15
The PC is running great. Browsers and programs are no longer freezing or crashing, all loading very quickly. The HDD indicator light has quieted down a lot.

1. What about the VulkanRT file that shows up as a BrowserModifier? Should it be deleted?

2. Windows Updates stall during download

3. I noticed just now that my total RAM is 14, and should be 16.

upload_2016-11-19_0-32-22.png
 
Last edited:
#16
We will take care of all of those things tomorrow after I have made the fixlist for you. :)

Not to worry about the Vulkan deal, with the FRST fix we are going to Nvidia Telemetry as well as anything else that needs to go. There is just a good deal of information to go over to write a FRST fix.
 
  • Like
Reactions: paulwb
#17
Malnutrition said:
Alright, this is a good bit of information to go over, so I will have a FRST fix for you tomorrow.

Can you tell me what issues remain with the machine?

Also, Download AUtoruns, and disable -- untick all items under scheduled task, so long as they do not relate to Panda and then reboot.
Click to expand...

Much appreciated.
OK, Scheduled Tasks items disabled in Autoruns, except for Panda files
 
Last edited:
#18
FRST Fix

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    27.9 KB · Views: 17
  • Like
Reactions: paulwb
#19
Thank you.
I noticed the GWX Control Panel process was closed. I initially installed it to block Windows 10 software upgrade prompts. Is it no longer needed?

OK, here is the Fixlog

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-11-2016 01
Ran by Owner (20-11-2016 20:41:21) Run:3
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434725.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434752.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\java.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaw.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\javaws.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Owner\Desktop\fxddmalta4setup_build610.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Owner\Downloads\nbr2player.msi:$CmdZnID [26]
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {E72EC86B-3D23-4084-BDD8-881206C004F4} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
Task: {E76D5133-5A44-4F50-BE32-F47E52A983BA} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25]
Task: {D0BEEEBF-CD17-4AE2-A56B-EB783685BEC7} - System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => C:\Users\Owner\AppData\Local\Citrix\GoToMeeting\5808\g2mupload.exe [2016-11-01] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {DBECA225-BEA2-4E24-824D-407830BC8221} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Task: {E72EC86B-3D23-4084-BDD8-881206C004F4} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-05-30] (TechSmith Corporation)
Task: {DBECA225-BEA2-4E24-824D-407830BC8221} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {C32994E5-1867-4194-ADB3-B2BEAD9904EB} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {7ED220D2-3F34-41E5-A3D0-1F5E1A517E5E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {627D4F51-9196-43DF-A04D-B872C8B6DEFF} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
2014-03-02 23:54 - 2014-03-02 23:54 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
2014-02-10 12:17 - 2014-02-10 12:17 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Program Files\COMODO
C:\Users\Owner\AppData\Local\ESET
C:\Users\Owner\AppData\Local\F-Secure
C:\Users\Owner\Desktop\esetonlinescanner_enu.exe
C:\ProgramData\Kaspersky Lab Setup Files
C:\Program Files (x86)\stinger
C:\Users\Owner\Desktop\PandaCloudCleaner
C:\Users\Owner\Desktop\tdsskiller.exe
C:\ProgramData\Loaris
S3 vdbus; system32\DRIVERS\vdbus.sys [X]
CHR StartupUrls: Default -> "hxxps://www.startpage.com/"
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-15] (Google Inc.)
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18503_none_e5dbf9380fee0247
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18551_none_e5a3e90810185b4e
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18653_none_e5a5eb8210168b23
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e5857bbe102edef6
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18742_none_e5afbd0a100f5302
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e659ab392914c3fe
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18503_none_66539d3060961036
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18653_none_661d8f7a60be9912
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18683_none_65fd1fb660d6ece5
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18742_none_6627610260b760f1
C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry
C:\Program Files\NVIDIA Corporation\NvTelemetry
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry
C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry
C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry
C:\Users\Owner\AppData\Roaming\Microsoft\Microsoft Security Client\Telemetry
C:\Windows\AppCompat\Appraiser\Telemetry
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft Security Client\Telemetry
C:\Windows\winsxs\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\092ebd43d03dd201c10b000078078407.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\8132cd16073ed201c10b00009c07a807.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\88a47eaed43dd201c10b0000f407a002.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a3b5830cbd3dd201c10b0000a407b007.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18503_none_e5dbf9380fee0247.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18551_none_e5a3e90810185b4e.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18653_none_e5a5eb8210168b23.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e5857bbe102edef6.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18742_none_e5afbd0a100f5302.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e659ab392914c3fe.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18503_none_66539d3060961036.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18551_none_661b8d0060c0693d.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18653_none_661d8f7a60be9912.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18683_none_65fd1fb660d6ece5.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18742_none_6627610260b760f1.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23412_none_66d14f3179bcd1ed.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d.manifest
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline.bin
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-inventory.data_31bf3856ad364e35_6.1.7601.23412_none_b7bb39c6464eeaab\Appraiser_TelemetryRunList.xml
C:\Windows\winsxs\Temp\PendingRenames\b48ea09bbe3dd201c10b0000d8048807.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\CompatTelemetry.inf
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-301-0.sqm
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-302-0.sqm
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-303-0.sqm
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-304-0.sqm
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User\NvTelemetry.dll
C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NvTelemetry.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NVI2\NvTelemetry.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetry.dll
C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry\nvtelemetry.log
C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry\nvtelemetry.log.bak
C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}\NvTelemetry.nvi
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetry.nvi
C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}\NvTelemetry.NVX
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvTelemetryAPI.js
C:\ProgramData\NVIDIA Corporation\Downloader\latest\nodejs\NvTelemetryAPI.js
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI32.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetryAPI32.dll
C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI64.dll
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetryAPI64.dll
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\telemetry.ASM-WindowsDefault.json
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk
C:\Program Files (x86)\Microsoft Office\Office15\1033\TelemetryDashboard.xltx
C:\Program Files (x86)\Microsoft Office\Office15\1033\TelemetryLog.xltx
C:\Users\Owner\AppData\Local\GWX\TelemetryStore.xml
C:\Users\Owner\AppData\Local\GWX\TelemetryStore.xml.lock
C:\Windows\winsxs\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23396_none_ba1ea7c6f4920e24
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036
C:\Users\Owner\AppData\Local\GWX
C:\Windows\Logs\Gwx
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231
C:\Windows\winsxs\FileMaps\$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\FileMaps\$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\01b7a421073ed201ee1200009c07a807.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\01b7a421073ed201ef1200009c07a807.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\1213d599d03dd2013141000078078407.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
D:\.Corsair.Software_Downloads\0AV.Alerts.Popups\2016.05.04_GWXUX.popup.JPG
C:\Windows\winsxs\Temp\PendingRenames\22605a9ad03dd2013c41000078078407.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ed120000f407a002.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ee120000f407a002.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ef120000f407a002.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\6478674ed03dd201e912000078078407.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\7c7a2417bd3dd201e9120000a407b007.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\9398de99d03dd2013341000078078407.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a055a221073ed201ed1200009c07a807.$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\a1c7c079d03dd201aa2e000078078407.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-ins_31bf3856ad364e35_6.1.7601.23396_none_a8be71bc81a2397b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23396_none_ba1ea7c6f4920e24.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036.manifest
C:\Windows\winsxs\Temp\PendingRenames\c1fe579ad03dd2013b41000078078407.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e47c4ed03dd201ee12000078078407.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\c6e47c4ed03dd201ef12000078078407.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\d5f9c54d073ed201a72e00009c07a807.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\dee63917bd3dd201ee120000a407b007.$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\dee63917bd3dd201ef120000a407b007.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\Temp\PendingRenames\fc0e68e4d43dd201a02e0000f407a002.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\GWX Control Panel User Guide.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\GWX Control Panel.lnk
C:\Users\Public\Desktop\GWX Control Panel.lnk
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWX.exe
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231\GWX.exe
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GWX.post.fix.Results.Asus.Corsair.JPG
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GWX.Results.Asus.Corsair.JPG
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXConfigManager.exe
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GwxControlPanelLog.txt
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GwxControlPanelSetup.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXDetector.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f\GWXGC.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXMig.inf
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUI.dll
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUX.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUXWorker.exe
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\Uninstall GWX Control Panel.lnk
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231.manifest
CMD: ipconfig /flushdns
Emptytemp:
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Windows\system32\aitstatic.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\audiodg.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\AudioEng.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\AUDIOKSE.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\AudioSes.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\audiosrv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\blackbox.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\charmap.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\ci.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\cryptsp.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\cryptui.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\dfshim.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\drmmgrtn.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\drmv2clt.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\EncDump.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\icardagt.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\icardres.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\IMJP10K.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\infocardapi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\KBDBASH.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\KBDRU.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\KBDRU1.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\KBDTAT.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\KBDYAK.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\mscorier.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\mscories.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\msctf.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\msnetobj.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\msscp.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\mstsc.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\nlasvc.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\nvdispco6434725.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\nvdispco6434752.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\nvdispgenco6434725.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\nvdispgenco6434752.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\packager.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\pcadm.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\pcaevts.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\pcalua.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\pcasvc.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\pcawrk.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\perftrack.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\pku2u.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\powertracker.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\profsvc.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\rastls.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\rdpcorekmts.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\scesrv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\termsrv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\TSWbPrxy.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\TSWorkspace.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\TsWpfWrp.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\ubpm.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wdi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\winlogon.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\winsta.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\wmdrmsdk.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\WMPhoto.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\WSManHTTPConfig.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\WSManMigrationPlugin.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\WsmAuto.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\WsmSvc.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\WsmWmiPl.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\AudioEng.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\AUDIOKSE.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\AudioSes.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\blackbox.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\charmap.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\cryptsp.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\cryptui.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\dfshim.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\drmmgrtn.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\drmv2clt.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\icardagt.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\icardres.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\IMJP10K.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\infocardapi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\java.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\javaw.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\javaws.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\KBDBASH.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\KBDRU.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\KBDRU1.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\KBDTAT.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\KBDYAK.DLL => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\mscorier.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\mscories.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\msctf.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\msnetobj.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\msscp.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\mstsc.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\ncsi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\nlaapi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\packager.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\pku2u.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\rastls.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\scesrv.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\TSWorkspace.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\TsWpfWrp.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\ubpm.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\wdi.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\winsta.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\wmdrmsdk.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\WMPhoto.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\WSManHTTPConfig.exe => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\WSManMigrationPlugin.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\WsmAuto.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\WsmSvc.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\SysWOW64\WsmWmiPl.dll => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\PEAuth.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\rdpwd.sys => ":$CmdTcID" ADS removed successfully.
C:\Windows\system32\Drivers\tssecsrv.sys => ":$CmdTcID" ADS removed successfully.
C:\Users\Owner\Desktop\fxddmalta4setup_build610.exe => ":$CmdTcID" ADS removed successfully.
C:\Users\Owner\Downloads\nbr2player.msi => ":$CmdZnID" ADS removed successfully.
C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => moved successfully
C:\Windows\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E72EC86B-3D23-4084-BDD8-881206C004F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E72EC86B-3D23-4084-BDD8-881206C004F4}" => key removed successfully
C:\Windows\System32\Tasks\TechSmith Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TechSmith Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E76D5133-5A44-4F50-BE32-F47E52A983BA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E76D5133-5A44-4F50-BE32-F47E52A983BA}" => key removed successfully
C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0BEEEBF-CD17-4AE2-A56B-EB783685BEC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0BEEEBF-CD17-4AE2-A56B-EB783685BEC7}" => key removed successfully
C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\G2MUploadTask-S-1-5-21-3707217111-3059912600-4169917813-1000" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBECA225-BEA2-4E24-824D-407830BC8221}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBECA225-BEA2-4E24-824D-407830BC8221}" => key removed successfully
C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E72EC86B-3D23-4084-BDD8-881206C004F4} => key not found.
C:\Windows\System32\Tasks\TechSmith Updater => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TechSmith Updater => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBECA225-BEA2-4E24-824D-407830BC8221} => key not found.
C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C32994E5-1867-4194-ADB3-B2BEAD9904EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C32994E5-1867-4194-ADB3-B2BEAD9904EB}" => key removed successfully
C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7ED220D2-3F34-41E5-A3D0-1F5E1A517E5E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ED220D2-3F34-41E5-A3D0-1F5E1A517E5E}" => key removed successfully
C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{627D4F51-9196-43DF-A04D-B872C8B6DEFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{627D4F51-9196-43DF-A04D-B872C8B6DEFF}" => key removed successfully
C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}" => key removed successfully
C:\Users\Owner\AppData\Local\resmon.resmoncfg => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Program Files\COMODO => moved successfully
C:\Users\Owner\AppData\Local\ESET => moved successfully
C:\Users\Owner\AppData\Local\F-Secure => moved successfully
C:\Users\Owner\Desktop\esetonlinescanner_enu.exe => moved successfully
C:\ProgramData\Kaspersky Lab Setup Files => moved successfully
C:\Program Files (x86)\stinger => moved successfully
C:\Users\Owner\Desktop\PandaCloudCleaner => moved successfully
C:\Users\Owner\Desktop\tdsskiller.exe => moved successfully
C:\ProgramData\Loaris => moved successfully
vdbus => service removed successfully
Chrome StartupUrls => removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll => not found.
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl => moved successfully
"C:\ProgramData\Microsoft\Diagnosis\ETLLogs\ShutdownLogger\AutoLogger-Diagtrack-Listener.etl" => not found.
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18683_none_e822d0c3e5b060cb\diagtrackrunner.exe => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18742_none_e84d120fe590d4d7\diagtrackrunner.exe => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\diagtrackrunner.exe => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18503_none_e5dbf9380fee0247 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18551_none_e5a3e90810185b4e => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18653_none_e5a5eb8210168b23 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e5857bbe102edef6 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18742_none_e5afbd0a100f5302 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e659ab392914c3fe => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18503_none_66539d3060961036 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18653_none_661d8f7a60be9912 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18683_none_65fd1fb660d6ece5 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18742_none_6627610260b760f1 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d => moved successfully
C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry => moved successfully
C:\Program Files\NVIDIA Corporation\NvTelemetry => moved successfully
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry => moved successfully
C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry => moved successfully
C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4} => moved successfully
C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry => moved successfully
C:\Users\Owner\AppData\Roaming\Microsoft\Microsoft Security Client\Telemetry => moved successfully
C:\Windows\AppCompat\Appraiser\Telemetry => moved successfully
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Microsoft Security Client\Telemetry => moved successfully
C:\Windows\winsxs\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\092ebd43d03dd201c10b000078078407.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\8132cd16073ed201c10b00009c07a807.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\88a47eaed43dd201c10b0000f407a002.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\a3b5830cbd3dd201c10b0000a407b007.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18503_none_e5dbf9380fee0247.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18551_none_e5a3e90810185b4e.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18653_none_e5a5eb8210168b23.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18683_none_e5857bbe102edef6.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18742_none_e5afbd0a100f5302.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e659ab392914c3fe.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18503_none_66539d3060961036.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18551_none_661b8d0060c0693d.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18653_none_661d8f7a60be9912.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18683_none_65fd1fb660d6ece5.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18742_none_6627610260b760f1.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23412_none_66d14f3179bcd1ed.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d.manifest => moved successfully
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline.bin => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-inventory.data_31bf3856ad364e35_6.1.7601.23412_none_b7bb39c6464eeaab\Appraiser_TelemetryRunList.xml => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\b48ea09bbe3dd201c10b0000d8048807.$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23412_none_e8f7003efe9645d3\CompatTelemetry.inf => moved successfully
Could not move "C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx" => Scheduled to move on reboot.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-301-0.sqm" => not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-302-0.sqm" => not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-303-0.sqm" => not found.
"C:\ProgramData\Microsoft\Microsoft Antimalware\Telemetry\MpTelemetry-304-0.sqm" => not found.
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\plugins\User\NvTelemetry.dll => moved successfully
C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NvTelemetry.dll => moved successfully
C:\ProgramData\NVIDIA Corporation\Downloader\latest\NVI2\NvTelemetry.dll => moved successfully
"C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetry.dll" => not found.
"C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry\nvtelemetry.log" => not found.
"C:\Users\Owner\AppData\Local\NVIDIA Corporation\NvTelemetry\nvtelemetry.log.bak" => not found.
"C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}\NvTelemetry.nvi" => not found.
"C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetry.nvi" => not found.
"C:\Program Files\NVIDIA Corporation\Installer2\NvTelemetry.{3DEE5278-D392-4EA2-96F0-D35F55F48AB4}\NvTelemetry.NVX" => not found.
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvTelemetryAPI.js => moved successfully
C:\ProgramData\NVIDIA Corporation\Downloader\latest\nodejs\NvTelemetryAPI.js => moved successfully
"C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI32.dll" => not found.
"C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetryAPI32.dll" => not found.
"C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryAPI64.dll" => not found.
"C:\ProgramData\NVIDIA Corporation\Downloader\latest\NvTelemetry\NvTelemetryAPI64.dll" => not found.
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json => moved successfully
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\telemetry.ASM-WindowsDefault.json" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\telemetry.ASM-WindowsDefault.json" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\telemetry.ASM-WindowsDefault.json" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\telemetry.ASM-WindowsDefault.json" => not found.
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk => moved successfully
C:\Program Files (x86)\Microsoft Office\Office15\1033\TelemetryDashboard.xltx => moved successfully
C:\Program Files (x86)\Microsoft Office\Office15\1033\TelemetryLog.xltx => moved successfully
C:\Users\Owner\AppData\Local\GWX\TelemetryStore.xml => moved successfully
C:\Users\Owner\AppData\Local\GWX\TelemetryStore.xml.lock => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23396_none_ba1ea7c6f4920e24 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036 => moved successfully
C:\Users\Owner\AppData\Local\GWX => moved successfully
C:\Windows\Logs\Gwx => moved successfully
C:\Program Files (x86)\UltimateOutsider\GWX Control Panel => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel => moved successfully
D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741 => moved successfully
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231 => moved successfully
C:\Windows\winsxs\FileMaps\$$_system32_gwx_06654c71d047de88.cdf-ms => moved successfully
C:\Windows\winsxs\FileMaps\$$_system32_gwx_download_27d68082ad334184.cdf-ms => moved successfully
C:\Windows\winsxs\FileMaps\$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms => moved successfully
C:\Windows\winsxs\FileMaps\$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\01b7a421073ed201ee1200009c07a807.$$_system32_gwx_download_27d68082ad334184.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\01b7a421073ed201ef1200009c07a807.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\1213d599d03dd2013141000078078407.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms => moved successfully
D:\.Corsair.Software_Downloads\0AV.Alerts.Popups\2016.05.04_GWXUX.popup.JPG => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\22605a9ad03dd2013c41000078078407.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ed120000f407a002.$$_system32_gwx_06654c71d047de88.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ee120000f407a002.$$_system32_gwx_download_27d68082ad334184.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\243737b9d43dd201ef120000f407a002.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\6478674ed03dd201e912000078078407.$$_system32_gwx_06654c71d047de88.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\7c7a2417bd3dd201e9120000a407b007.$$_system32_gwx_06654c71d047de88.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\9398de99d03dd2013341000078078407.$$_system32_gwx_06654c71d047de88.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\a055a221073ed201ed1200009c07a807.$$_system32_gwx_06654c71d047de88.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\a1c7c079d03dd201aa2e000078078407.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-ins_31bf3856ad364e35_6.1.7601.23396_none_a8be71bc81a2397b.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23396_none_ba1ea7c6f4920e24.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036.manifest => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\c1fe579ad03dd2013b41000078078407.$$_system32_gwx_download_27d68082ad334184.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\c6e47c4ed03dd201ee12000078078407.$$_system32_gwx_download_27d68082ad334184.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\c6e47c4ed03dd201ef12000078078407.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\d5f9c54d073ed201a72e00009c07a807.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\dee63917bd3dd201ee120000a407b007.$$_system32_gwx_download_27d68082ad334184.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\dee63917bd3dd201ef120000a407b007.$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms => moved successfully
C:\Windows\winsxs\Temp\PendingRenames\fc0e68e4d43dd201a02e0000f407a002.$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\GWX Control Panel User Guide.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\GWX Control Panel.lnk" => not found.
C:\Users\Public\Desktop\GWX Control Panel.lnk => moved successfully
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWX.exe" => not found.
"C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231\GWX.exe" => not found.
"D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GWX.post.fix.Results.Asus.Corsair.JPG" => not found.
"D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GWX.Results.Asus.Corsair.JPG" => not found.
"C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXConfigManager.exe" => not found.
"D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GwxControlPanelLog.txt" => not found.
"D:\.Corsair.Software_Downloads\Utilities\GWX.Win.10.Control.Panel_ver1741\GwxControlPanelSetup.exe" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXDetector.exe" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23396_none_0b8d69aa2b6cdb3f\GWXGC.exe" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXMig.inf" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUI.dll" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUX.exe" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_0ed3437e863e0036\GWXUXWorker.exe" => not found.
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel\Uninstall GWX Control Panel.lnk" => not found.
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23396_none_1927edd0ba9ec231.manifest => moved successfully

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13431677 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 335808 B
Edge => 0 B
Chrome => 12830591 B
Firefox => 3684294 B
Opera => 221184 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Owner => 5192096 B

RecycleBin => 0 B
EmptyTemp: => 34 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 20-11-2016 20:42:58)

"C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx" => Could not move

==== End of Fixlog 20:42:58 ====
 
Last edited:
Status
Not open for further replies.
Top Bottom
Back
Forums
Resources
Menu