Solved Laptop very slow

[Malnutrition]

FRST Fix.

Click Here To Download Fixlist.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Removing M$ Spyware


Lets remove the GWX Folder and M$ Telemetry from your machine, those are basically M$ spyware and those also will slow your machine.

Get the Everything Search Engine
Install Program, Right Click Run As Admin. Type GWX into search window.
Then Click Edit.
Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard. >>>>> Paste content of clipboard, here in your next reply.

Now repeat the above process for the following words, one at a time.

Telemetry     DiagTrack   C:\Windows\System32\Tasks

Remove these updates if present.

Also open add remove programs. View Installed Updates
Remove these from your machine.


KB 3035583
KB 2977759
KB 2976978
KB 2952664

Run USB Fix.
Download from here
Instructions here
Tutorial UsbFix : Search option
Tutorial UsbFix : Clean option
Post the log created after running the tool.

Disable Useless Items... Easy Service Optimizer

Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.

You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.

Optional -- Uninstall these programs below with Geek Uninstaller.

4K Video Downloader 3.5 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.5.6.1730 - Open Media LLC)
Amazon Music (HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\Amazon Amazon Music) (Version: 3.10.0.924 - Amazon Services LLC)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 3.0.0.5 - Samsung Electronics Co.,Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
NetBalancer (HKLM\...\NetBalancer_is1) (Version: - SeriousBit)
NetLimiter 4 (HKLM-x32\...\NetLimiter 4 4.0.5.0) (Version: 4.0.5.0 - Locktime Software)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)




Reboot the machine.
Tell me how it is running.

 

[siq]

GWX Search

C:\Windows\winsxs\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23459_none_ba4cea3af46ee78c
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23459_none_0bbbac1e2b49b4a7
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e
C:\FRST\Quarantine\C\Windows\System32\GWX
C:\FRST\Quarantine\C\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
C:\FRST\Quarantine\C\Windows\SysWOW64\GWX
C:\Windows\Logs\Gwx
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
C:\FRST\Quarantine\C\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_19563044ba7b9b99
C:\Windows\winsxs\FileMaps\$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\FileMaps\$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
F:\Users\Philipp\AppData\Local\Origin\Web Cache\data7\7\147gwxbw.d
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-ins_31bf3856ad364e35_6.1.7601.23459_none_a8ecb430817f12e3.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23459_none_ba4cea3af46ee78c.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23459_none_0bbbac1e2b49b4a7.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e.manifest
C:\Program Files (x86)\Brother\Brmfl08j\MFC-9320CW\html\sug\images\e9440_q_gwxpn005e.gif
F:\Program Files (x86)\Brother\Brmfl08j\MFC-9320CW\html\sug\images\e9440_q_gwxpn005e.gif
C:\Program Files (x86)\Brother\Brmfl08j\MFC-9320CW\html\sug\images\e9440_q_gwxpn006e.gif
F:\Program Files (x86)\Brother\Brmfl08j\MFC-9320CW\html\sug\images\e9440_q_gwxpn006e.gif
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWX.exe
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_19563044ba7b9b99\GWX.exe
C:\FRST\Quarantine\C\Windows\System32\GWX\Download\resources\scripts\gwx.js
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXConfigManager.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXDetector.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23459_none_0bbbac1e2b49b4a7\GWXGC.exe
C:\Windows\Migration\WTR\GWXMig.inf
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXUI.dll
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXUX.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXUXWorker.exe
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_19563044ba7b9b99.manifest

 

[siq]

Telemetry Search

F:\Users\Philipp\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn4.telemetryverification.net
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18868_none_e5a020d4101a2015
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18917_none_e5d5320c0ff27830
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18942_none_e5afc0d6100f4d50
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18944_none_e5b1c16a100d7ffe
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23468_none_e6299d592937e7bd
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18868_none_6617c4cc60c22e04
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18917_none_664cd604609a861f
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18942_none_662764ce60b75b3f
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18944_none_6629656260b58ded
F:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7600.16385_none_2e61438480527d71
C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b
F:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d
F:\Windows\Temp\MPTelemetrySubmit
C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\q87ndktt.default\saved-telemetry-pings
C:\ProgramData\Battle.net\Telemetry
C:\ProgramData\Origin\Telemetry
C:\Users\Philipp\AppData\Roaming\Battle.net\Telemetry
C:\Windows\AppCompat\Appraiser\Telemetry
F:\ProgramData\Origin\Telemetry
C:\Windows\winsxs\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18868_none_e5a020d4101a2015.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18917_none_e5d5320c0ff27830.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18942_none_e5afc0d6100f4d50.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18944_none_e5b1c16a100d7ffe.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e659ab392914c3fe.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23468_none_e6299d592937e7bd.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18868_none_6617c4cc60c22e04.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18917_none_664cd604609a861f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18942_none_662764ce60b75b3f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18944_none_6629656260b58ded.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23412_none_66d14f3179bcd1ed.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23468_none_66a1415179dff5ac.manifest
F:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7600.16385_none_2e61438480527d71.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b.manifest
F:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d.manifest
C:\System Volume Information\SystemRestore\FRStaging\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_RS1.bin
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_RS1.bin
C:\System Volume Information\SystemRestore\FRStaging\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_TH2.bin
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_TH2.bin
C:\System Volume Information\SystemRestore\FRStaging\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_UNV.bin
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_UNV.bin
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-inventory.data_31bf3856ad364e35_6.1.7601.23468_none_b78b2be646720e6a\Appraiser_TelemetryRunList.xml
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18868_none_e83d75d9e59ba1ea\CompatTelemetry.inf
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
F:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-Skype.json
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\telemetry.ASM-WindowsDefault.json
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk
C:\Users\Philipp\AppData\Roaming\Skype\subzgamer\telemetry.db
C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\q87ndktt.default\Telemetry.FailedProfileLocks.txt
C:\Users\Philipp\AppData\Roaming\Mozilla\Firefox\Profiles\q87ndktt.default\Telemetry.ShutdownTime.txt
C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\telemetry32.dll
H:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\telemetry32.dll
C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\telemetry32c.dll
H:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\telemetry32c.dll
C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\telemetry64.dll
C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\bin\telemetry64c.dll
C:\FRST\Quarantine\C\Windows\System32\GWX\TelemetryStore.xml
C:\FRST\Quarantine\C\Windows\System32\GWX\TelemetryStore.xml.lock

 

[siq]

C:\Windows\System32\Tasks

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
C:\Windows\System32\Tasks\Microsoft\Windows\AppID
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
C:\Windows\System32\Tasks\AVAST Software
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\Extender
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
C:\Windows\System32\Tasks\Microsoft\Windows\Location
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
C:\Windows\System32\Tasks\Microsoft
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
C:\Windows\System32\Tasks\Microsoft\Windows\NetworkAccessProtection
C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack
C:\Windows\System32\Tasks\Microsoft\Windows\PLA
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteApp and Desktop Connections Update
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
C:\Windows\System32\Tasks\Microsoft\Windows\RemovalTools
C:\Windows\System32\Tasks\Microsoft\Windows\Setup
C:\Windows\System32\Tasks\Microsoft\Windows\Shell
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
C:\Windows\System32\Tasks\Microsoft\Windows\SyncCenter
C:\Windows\System32\Tasks\Microsoft\Windows\PLA\System
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
C:\Windows\System32\Tasks
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
C:\Windows\System32\Tasks\Microsoft\Windows
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
C:\Windows\System32\Tasks\Microsoft\Windows Defender
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
C:\Windows\System32\Tasks\Microsoft\Windows Live
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
C:\Windows\System32\Tasks\WPD
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience\AitAgent
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\AutoWake
C:\Windows\System32\Tasks\AVAST Software\Avast settings backup
C:\Windows\System32\Tasks\avast! Emergency Update
C:\Windows\System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
C:\Windows\System32\Tasks\CCleanerSkipUAC
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup\ConfigNotification
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\GadgetManager
C:\Windows\System32\Tasks\Microsoft\Windows\User Profile Service\HiveUploadTask
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC\HotStart
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager\Interactive
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
C:\Windows\System32\Tasks\Microsoft\Windows\MUI\LPRemove
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
C:\Windows\System32\Tasks\Microsoft\Windows\Ras\MobilityManager
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
C:\Windows\System32\Tasks\Microsoft\Windows\Location\Notifications
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURActivate
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\PolicyConverter
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk\Proxy
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting
C:\Windows\System32\Tasks\Microsoft\Windows\RAC\RacTask
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart
C:\Windows\System32\Tasks\Microsoft\Windows\Registry\RegIdleBackup
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
C:\Windows\System32\Tasks\Microsoft\Windows\WDI\ResolutionHost
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis\Scheduled
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SessionAgent
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore\SR
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\StartRecording
C:\Windows\System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime
C:\Windows\System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SystemSoundsService
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\SystemTask
C:\Windows\System32\taskschd.dll
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary
C:\Windows\System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline
C:\Windows\System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls
C:\Windows\System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\WinSAT

 

[siq]

############################## | UsbFix V 9.026 | [Research]

User: Philipp (Administrator) # PHILIPP-PC
Updated 12/02/2017 by SOSVirus
Started at 04:21:47 | 14/02/2017

Website : https://www.usb-antivirus.com/
Tutorial : https://www.usb-antivirus.com/tutorial/
Support : https://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : https://www.usb-antivirus.com/contact/

################## | System information |

MB: SAMSUNG ELECTRONICS CO., LTD. (RF510/RF410/RF710)
CPU: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
RAM -> [Total : 6076 Mo | Free : 3281 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 9.00.8112.16421
WB: Google Chrome : 56.0.2924.87

################## | Security Information |

AV: avast! Antivirus [(!) Disabled |Updated]
AS: Windows Defender [(!) Disabled |(!) Outdated]
AS: avast! Antivirus [(!) Disabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 233 Gb (53 Gb free - 23%) [] # NTFS
F:\ -> Fixed disk # 231 Gb (53 Gb free - 23%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (70 Mb free - 70%) [SYSTEM] # NTFS
H:\ -> Fixed disk # 344 Gb (106 Gb free - 31%) [] # NTFS

################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Spotify] "C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
04 - HKCU\..\Run : [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\..\Run : [Spotify] "C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\..\Run : [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\..\Run : [Spotify Web Helper] "C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | Generic Research |


Analysed in 8.844 seconds

################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

 

[siq]

############################## | UsbFix V 9.026 | [Clean]

User: Philipp (Administrator) # PHILIPP-PC
Updated 12/02/2017 by SOSVirus
Started at 04:22:25 | 14/02/2017

Website : https://www.usb-antivirus.com/
Tutorial : https://www.usb-antivirus.com/tutorial/
Support : https://www.sosvirus.org/
Live detection : http://www.sosmalware.com/usbfix/
Contact : https://www.usb-antivirus.com/contact/

################## | System information |

MB: SAMSUNG ELECTRONICS CO., LTD. (RF510/RF410/RF710)
CPU: Intel(R) Core(TM) i7 CPU Q 720 @ 1.60GHz
RAM -> [Total : 6076 Mo | Free : 3281 Mo]
Bios: Phoenix Technologies Ltd.
Boot: Normal boot

OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 9.00.8112.16421
WB: Google Chrome : 56.0.2924.87

################## | Security Information |

AV: avast! Antivirus [(!) Disabled |Updated]
AS: Windows Defender [(!) Disabled |(!) Outdated]
AS: avast! Antivirus [(!) Disabled |Updated]
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 233 Gb (53 Gb free - 23%) [] # NTFS
F:\ -> Fixed disk # 231 Gb (53 Gb free - 23%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (70 Mb free - 70%) [SYSTEM] # NTFS
H:\ -> Fixed disk # 344 Gb (106 Gb free - 31%) [] # NTFS

################## | Generic Research |


################## | Startup |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Spotify] "C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
04 - HKCU\..\Run : [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
04 - HKCU\..\Run : [Spotify Web Helper] "C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\..\Run : [Spotify] "C:\Users\Philipp\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\..\Run : [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
04 - HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\..\Run : [Spotify Web Helper] "C:\Users\Philipp\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[01/02/2017 - 01:36:19 | A | 1 Ko] - C:\DelFix.txt
[13/02/2017 - 20:08:39 | ASH | 4666680 Ko] - C:\hiberfil.sys
[13/02/2017 - 20:08:41 | ASH | 6222244 Ko] - C:\pagefile.sys
[27/08/2013 - 16:35:30 | A | 0 Ko] - C:\search.sqlite
[02/09/2013 - 12:08:00 | D] - C:\Microsoft.NET
[09/02/2017 - 14:16:35 | D] - C:\Config.Msi
[16/06/2014 - 15:07:45 | A | 0 Ko] - C:\AVScanner.ini
[09/04/2014 - 14:13:00 | A | 478 Ko] - C:\SecurityScanner.dll
[11/02/2017 - 06:21:19 | N | 3 Ko] - C:\bootsqm.dat
[09/02/2017 - 03:02:17 | SHD] - C:\$Recycle.Bin
[14/07/2009 - 04:20:08 | D] - C:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - C:\Documents and Settings
[18/08/2013 - 15:36:21 | D] - C:\Dokumente und Einstellungen
[18/08/2013 - 15:36:21 | D] - C:\Programme
[18/08/2013 - 15:36:21 | SHD] - C:\Recovery
[27/08/2013 - 16:39:49 | D] - C:\NvidiaLogging
[02/09/2013 - 11:43:59 | D] - C:\MSBuild
[08/01/2014 - 18:52:40 | D] - C:\Users
[19/01/2015 - 16:07:32 | RHD] - C:\MSOCache
[26/06/2015 - 18:27:20 | D] - C:\DEGENER
[29/10/2016 - 19:05:54 | N | 0 Ko] - C:\asc_rdflag
[07/02/2017 - 02:55:18 | D] - C:\QuickDiag
[11/02/2017 - 05:31:08 | RD] - C:\Program Files (x86)
[11/02/2017 - 05:31:08 | HD] - C:\ProgramData
[14/02/2017 - 04:08:19 | D] - C:\Program Files
[14/02/2017 - 04:08:21 | D] - C:\Windows
[14/02/2017 - 04:18:46 | D] - C:\UsbFix
[14/02/2017 - 04:22:29 | D] - C:\FRST

################## | F:\ - Fixed drive (NTFS) |

[07/10/2014 - 16:48:19 | A | 52 Ko] - F:\bluetoothview166.zip
[31/03/2013 - 11:40:38 | A | 0 Ko] - F:\AILog.txt
[08/08/2013 - 20:34:32 | ASH | 6222244 Ko] - F:\hiberfil.sys
[04/12/2012 - 21:17:45 | A | 0 Ko] - F:\setup.log
[23/12/2011 - 10:35:37 | A | 0 Ko] - F:\user.js
[09/02/2017 - 03:02:17 | SHD] - F:\$Recycle.Bin
[14/07/2009 - 04:20:08 | D] - F:\PerfLogs
[14/07/2009 - 06:08:56 | SHD] - F:\Documents and Settings
[23/10/2010 - 03:50:42 | D] - F:\Intel
[24/07/2011 - 10:56:15 | SHD] - F:\Recovery
[24/09/2011 - 23:38:54 | D] - F:\sysupdate
[06/10/2011 - 18:48:00 | RHD] - F:\MSOCache
[20/10/2012 - 09:43:57 | D] - F:\VritualRoot
[03/11/2012 - 17:45:09 | D] - F:\NVIDIA
[03/11/2012 - 17:50:27 | D] - F:\temp
[17/05/2013 - 16:06:57 | D] - F:\Output
[25/05/2013 - 22:58:28 | RD] - F:\Users
[01/06/2013 - 20:11:38 | HD] - F:\ProgramData
[06/08/2013 - 22:05:03 | D] - F:\Windows
[02/09/2013 - 12:13:50 | RD] - F:\Program Files
[02/11/2013 - 16:04:39 | D] - F:\Advanced SystemCare 6
[19/01/2014 - 12:34:06 | D] - F:\Fraps
[18/04/2015 - 15:29:27 | D] - F:\10250f3a22f82721ca
[24/05/2015 - 15:46:14 | D] - F:\DIE SIEDLER - Das Erbe der Könige - Gold Edition
[30/05/2015 - 23:21:11 | D] - F:\XviD
[10/06/2015 - 13:02:28 | D] - F:\4K Video
[10/06/2015 - 13:46:19 | D] - F:\4kvideodownloader
[29/08/2015 - 12:43:42 | D] - F:\Program Files (x86)
[28/01/2017 - 00:28:58 | D] - F:\Freemake
[28/01/2017 - 00:33:13 | D] - F:\mp4;mp3 converter, schneideprogramm

################## | G:\ - Fixed drive (NTFS) |

[09/02/2017 - 03:02:17 | SHD] - G:\$RECYCLE.BIN
[20/11/2010 - 13:40:07 | RASH | 375 Ko] - G:\bootmgr
[29/07/2011 - 11:04:09 | SHD] - G:\BOOT

################## | H:\ - Fixed drive (NTFS) |

[01/07/2013 - 13:00:59 | A | 0 Ko] - H:\Lokaler Datenträger (C) - Verknüpfung.lnk
[01/12/2006 - 22:37:14 | A | 884 Ko] - H:\msdia80.dll
[25/07/2011 - 22:03:50 | RA | 1 Ko] - H:\MediaID.bin
[09/02/2017 - 03:02:17 | SHD] - H:\$RECYCLE.BIN
[25/07/2011 - 22:21:21 | D] - H:\WindowsImageBackup
[26/07/2011 - 07:47:50 | D] - H:\be08cbf81b5496fa69b1799599ab75
[24/09/2011 - 23:38:54 | D] - H:\backup
[29/09/2011 - 14:59:10 | D] - H:\1d19b25478ebf73e7ede28d7cfc4
[13/01/2012 - 17:53:30 | D] - H:\Users
[03/04/2012 - 15:52:18 | D] - H:\Word
[14/10/2012 - 12:31:24 | D] - H:\Horror
[08/03/2013 - 23:11:32 | RD] - H:\PHILIPP-PC
[30/03/2013 - 00:29:33 | D] - H:\NVIDIA
[14/04/2013 - 19:40:14 | D] - H:\Steam
[18/08/2013 - 19:21:13 | D] - H:\641c8f59b6c1076160953ca76b
[18/01/2014 - 18:28:00 | D] - H:\Program Files
[07/04/2014 - 18:17:58 | D] - H:\FFOutput
[26/06/2014 - 15:45:59 | D] - H:\DrvInstall
[06/08/2015 - 21:08:12 | D] - H:\DiDi_DVD
[18/12/2016 - 21:39:09 | A | 0 Ko] - H:\end
[31/01/2017 - 22:07:19 | D] - H:\Program Files (x86)

Analysed in 15.46 seconds

################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivirus.com/ |

 

[siq]

I couldn't delete the windows updates, when I go to the update history there is no button to delete the updates.

 

[Malnutrition]

How does your machine run without the external HDD's attached?

Scan these at virus total please.

H:\641c8f59b6c1076160953ca76b
H:\1d19b25478ebf73e7ede28d7cfc4
H:\be08cbf81b5496fa69b1799599ab75
F:\10250f3a22f82721ca

 

[Malnutrition]

I couldn't delete the windows updates, when I go to the update history there is no button to delete the updates.

You need to double click the updates to un install them.

Also, I never got the following from you:

Shortcut.txt
FRST fixlog.txt
Everything search of diagtrack

 

[siq]

Fix result of Farbar Recovery Scan Tool

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-02-2017
Ran by Philipp (14-02-2017 03:58:58) Run:3
Running from C:\Users\Philipp\Desktop\Neuer Ordner
Loaded Profiles: Philipp (Available Profiles: Philipp)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
createrestorepoint:
emptytemp:
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-09] (Google Inc.)
cmd: sc stop Hamachi2Svc
cmd: sc config "Hamachi2Svc" start= disabled
cmd: sc stop nlsvc
cmd: sc config "nlsvc" start= disabled
cmd: sc stop WinDefend
cmd: sc config "WinDefend" start= disabled
2017-02-09 14:03 - 2017-02-09 14:11 - 00003542 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-09 14:03 - 2017-02-09 14:11 - 00003414 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-01-28 01:38 - 2017-01-29 02:08 - 00016116 ____H C:\Users\Philipp\Desktop\~WRL1563.tmp
2017-02-05 04:03 - 2015-04-04 15:14 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2017-02-03 01:05 - 2013-08-27 18:41 - 00000000 ____D C:\Users\Philipp\AppData\LocalLow\Temp
2017-02-02 18:48 - 2016-11-10 23:32 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2017-01-31 17:16 - 2016-11-10 23:33 - 00000000 _____ C:\Users\Public\Documents\report.dat
2017-01-28 18:56 - 2014-04-01 19:52 - 03706368 ___SH C:\Users\Philipp\Desktop\Thumbs.db
Task: {17A04F93-676E-4E99-B675-8B2DB981C33D} - \Microsoft\Windows\Media Center\MediaCenterRecoveryTask -> No File <==== ATTENTION
Task: {28EF2A43-8120-46C3-9F99-EDC30F620B95} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {368A74BB-1374-4137-84E3-B04331E2B02D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {6E3EEA2F-3B8E-43CC-B912-97B99F5EDEE4} - \Microsoft\Windows\Media Center\PvrScheduleTask -> No File <==== ATTENTION
Task: {76CFC989-BCF3-4C97-8873-C3917A7D2C5D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {81540B9F-B5BF-47EB-9C95-BE195BF2C664} - \Microsoft\Windows\NetTrace\GatherNetworkInfo -> No File <==== ATTENTION
Task: {84A4DE72-FAF7-4371-A0E4-CDB4EE46ECBF} - \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask -> No File <==== ATTENTION
Task: {DEEDAE8C-2633-409C-BB39-696D01265C77} - \Microsoft\Windows\Media Center\SqlLiteRecoveryTask -> No File <==== ATTENTION
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\101hotteens.com -> 101hotteens.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\101lottery.com -> 101lottery.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\123expressview.com -> 123expressview.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\123found.com -> 123found.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\123keno.com -> 123keno.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\12don.info -> 12don.info
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\143fuck.com -> 143fuck.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\17gamo.com -> 17gamo.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\17webplace.com -> 17webplace.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\180solutions.com -> 180solutions.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\1autocity.com -> 1autocity.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\1ive.net -> 1ive.net
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\1se.ru -> 1se.ru
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\1sexparty.com -> 1sexparty.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\1stfind.com -> 1stfind.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\1stpagehere.com -> 1stpagehere.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\1traff.us -> 1traff.us
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\1ze.net -> 1ze.net
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\2-antispyware.com -> 2-antispyware.com
IE restricted site: HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\...\2004search.cc -> 2004search.cc
StartBatch:
netsh advfirewall reset
netsh advfirewall set allprofiles state ON
ipconfig /flushdns
netsh winsock reset All
netsh int ip reset c:\resetlog.txt
ipconfig /release
ipconfig /renew
netsh int ipv4 reset
netsh int ipv6 reset
bitsadmin /reset /allusers
reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled
netsh interface ipv6 isatap set state state=disabled
netsh interface teredo set state disabled
netsh interface tcp set global autotuning=disabled
reg add hklm\system\currentcontrolset\services\tcpip6\parameters /v DisabledComponents /t REG_DWORD /d 0xFFFFFFFF
for /F "tokens=*" %%a in ('wevtutil.exe el') DO wevtutil.exe cl "%%a"
EndBatch:
emptytemp:
reboot:
end



*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll => not found.

========= sc stop Hamachi2Svc =========

[SC] ControlService FEHLER 1062:

Der Dienst wurde nicht gestartet.


========= End of CMD: =========


========= sc config "Hamachi2Svc" start= disabled =========

[SC] ChangeServiceConfig ERFOLG

========= End of CMD: =========


========= sc stop nlsvc =========

[SC] ControlService FEHLER 1053:

Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.


========= End of CMD: =========


========= sc config "nlsvc" start= disabled =========

[SC] ChangeServiceConfig ERFOLG

========= End of CMD: =========


========= sc stop WinDefend =========


SERVICE_NAME: WinDefend
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

========= End of CMD: =========


========= sc config "WinDefend" start= disabled =========

[SC] ChangeServiceConfig ERFOLG

========= End of CMD: =========

C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\Users\Philipp\Desktop\~WRL1563.tmp => moved successfully
C:\Windows\SysWOW64\GWX => moved successfully
C:\Users\Philipp\AppData\LocalLow\Temp => moved successfully
C:\Users\Public\Documents\temp.dat => moved successfully
C:\Users\Public\Documents\report.dat => moved successfully
C:\Users\Philipp\Desktop\Thumbs.db => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17A04F93-676E-4E99-B675-8B2DB981C33D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17A04F93-676E-4E99-B675-8B2DB981C33D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28EF2A43-8120-46C3-9F99-EDC30F620B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28EF2A43-8120-46C3-9F99-EDC30F620B95} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{368A74BB-1374-4137-84E3-B04331E2B02D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{368A74BB-1374-4137-84E3-B04331E2B02D} => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E3EEA2F-3B8E-43CC-B912-97B99F5EDEE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E3EEA2F-3B8E-43CC-B912-97B99F5EDEE4} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\PvrScheduleTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{76CFC989-BCF3-4C97-8873-C3917A7D2C5D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76CFC989-BCF3-4C97-8873-C3917A7D2C5D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81540B9F-B5BF-47EB-9C95-BE195BF2C664} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81540B9F-B5BF-47EB-9C95-BE195BF2C664} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetTrace\GatherNetworkInfo => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84A4DE72-FAF7-4371-A0E4-CDB4EE46ECBF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84A4DE72-FAF7-4371-A0E4-CDB4EE46ECBF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DEEDAE8C-2633-409C-BB39-696D01265C77} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DEEDAE8C-2633-409C-BB39-696D01265C77} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\101hotteens.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\101lottery.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123expressview.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123found.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\123keno.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\12don.info => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\143fuck.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17gamo.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\17webplace.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\180solutions.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1autocity.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ive.net => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1se.ru => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1sexparty.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stfind.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1stpagehere.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1traff.us => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1ze.net => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2-antispyware.com => key removed successfully
HKU\S-1-5-21-3041798318-2634963116-1215314133-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2004search.cc => key removed successfully

========= Batch: =========
OK.

OK.


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.

Schnittstelle wird zurckgesetzt, OK!
Starten Sie den Computer neu, um die Aktion abzuschlieáen.


Windows-IP-Konfiguration

Es kann kein Vorgang auf Drahtlosnetzwerkverbindung 2 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Ethernet-Adapter Hamachi:

Verbindungsspezifisches DNS-Suffix: www.youtube.de
IPv6-Adresse. . . . . . . . . . . : 2620:9b::191e:9649
Verbindungslokale IPv6-Adresse . : fe80::499e:3325:fea6:3498%21
Standardgateway . . . . . . . . . : 2620:9b::1900:1

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Verbindungsspezifisches DNS-Suffix:
Verbindungslokale IPv6-Adresse . : fe80::a597:d9e3:f83e:e196%15
Standardgateway . . . . . . . . . :

Windows-IP-Konfiguration

Es kann kein Vorgang auf LAN-Verbindung ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf Drahtlosnetzwerkverbindung 2 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter LAN-Verbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Ethernet-Adapter Hamachi:

Verbindungsspezifisches DNS-Suffix: www.youtube.de
IPv6-Adresse. . . . . . . . . . . : 2620:9b::191e:9649
Verbindungslokale IPv6-Adresse . : fe80::499e:3325:fea6:3498%21
IPv4-Adresse . . . . . . . . . . : 25.30.150.73
Subnetzmaske . . . . . . . . . . : 255.0.0.0
Standardgateway . . . . . . . . . : 2620:9b::1900:1

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung 2:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter Drahtlosnetzwerkverbindung:

Verbindungsspezifisches DNS-Suffix:
Verbindungslokale IPv6-Adresse . : fe80::a597:d9e3:f83e:e196%15
IPv4-Adresse . . . . . . . . . . : 192.168.0.101
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : 192.168.0.1
Schnittstelle wird zurckgesetzt, OK!
Starten Sie den Computer neu, um die Aktion abzuschlieáen.

Unicastadresse wird zurckgesetzt, OK!
Route wird zurckgesetzt, OK!
Starten Sie den Computer neu, um die Aktion abzuschlieáen.


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {B2628311-CDD8-4FF1-86E9-3EF1BAAC3928}.
0 out of 1 jobs canceled.
Der Vorgang wurde erfolgreich beendet.

Der Vorgang wurde erfolgreich beendet.

Ein an das System angeschlossenes Ger„t funktioniert nicht.


OK.

OK.

OK.

Der Wert DisabledComponents ist vorhanden. šberschreiben (J/N)?
========= End of Batch: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3997682 B
Java, Flash, Steam htmlcache => 142270272 B

 

[siq]

When I try to doubleclick the updates it just gives me details and information on it :/

 

[siq]

Where can I locate the diagtrack of everything search? Also what is virus total and how do I scan there? Sorry for all these questions, I'm not very experienced in dealing with programmes

 

[Malnutrition]

Where is the shortcut.txt also how does the machine perform without the external hardware attached?

Where can I locate the diagtrack of everything search?

Download and install the Everything Search Engine
Right Click Run As Admin. Type or Copy Paste Diagtrack or Diag Track into search window.
Then Click Edit. >>>Select all.
Right Click highlighted items>>>>>>>> Copy full name to clipboard.
Paste content of clipboard, here in your next reply.

Also what is virus total and how do I scan there?

Upload File(s) to VirusTotal


H:\641c8f59b6c1076160953ca76b
H:\1d19b25478ebf73e7ede28d7cfc4
H:\be08cbf81b5496fa69b1799599ab75
F:\10250f3a22f82721ca

• Please go to VirusTotal.
• Click the Choose File button.
• Navigate to >>>>>>>> F:\10250f3a22f82721ca
• or simply copy and paste it.
• 
  
• 
  
  
  
  
• Click the Scan it! button.
• You might see a message saying File already analysed, if you do click Reanalyse.
• Wait for all the scans to finish then copy and paste the web address from your broswer's address bar.
  Example of web address :
  
  
  
• Include the link in your next reply.

 

[siq]

DiagTrack Scan

C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18868_none_e83d75d9e59ba1ea\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18917_none_e8728711e573fa05\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18942_none_e84d15dbe590cf25\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18944_none_e84f166fe58f01d3\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23468_none_e8c6f25efeb96992\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23468_none_e8c6f25efeb96992\diagtrackrunner.exe
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl

 

[siq]

Should I scan every single file? There are 34 files for H:\641c8f59b6c1076160953ca76b alone
and I can't select them all at once. Also which program produced the shortcut.txt? The machine is performing better than before!

 

[Malnutrition]

Should I scan every single file? There are 34 files for H:\641c8f59b6c1076160953ca76b alone

No, can you post a screen shot of what is inside please. Then just scan a couple of them for me, if there are any .exe or .dll in the folder. I had no idea that there were that many files inside.

Might be a good idea to scan the external HDD's with Zemana to be honest.

Zemana Deep Scan

• • Right click on Zemana and run as admin.
  • Click the Cog/Sproket Wheel, at the top right of Zemana
  • Select Advanced - I have read the warning and wish to proceed.
  • Place a tick next to Detect Suspicious (Root CA) Certificates.
  • Then click the house icon in Zemana.
  • Then hit your start button at the lower left hand corner of your desktop.
  • Then left click on Computer.
  • Drag Local Disk C: or whichever drive you decide to check first.
    
  • 
    
  • Into the area of Zemana that reads Drag and drop files here to scan them.
  • 
  • Once the scan has completed click graph icon on the top right of the programs User interface.
  • Double click to open the latest log-file.
  • Copy it to your clipboard.
  • Post the log here in your next reply.
  
  

  Also which program produced the shortcut.txt?

FRST will have produced a shortcut.txt you can see by clicking this link when I requested it. Once you have caught up, then I will provide instructions to remove the telelmetry diagtrack gwx stuff from the machine.

 

[siq]

http://imgur.com/a/XUkEM

 

[Malnutrition]

Seems like these are all files related to Microsoft
I'd say scan them with Zemana when you have time.
Also, right click those folders one at a time and scan with Malwarebytes.
There is waaay to much stuff to be scanning at virustotal.
I have a feeling that they are fine to be honest, just scan them with Zemana and Malwarebytes to be sure.


Here is your fixlist to remove the Telemetry nonsense.


Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[Malnutrition]

After you run the Fix above.....

Fresh FRST Logs.


Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

• Right-click on FRST icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Make sure that Addition option is checked, as well as Shortcut.txt.
  
• Press Scan button and wait.
• The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt -- & Shortcut.txt

Please Copy & Paste them into your next reply. But attach Shortcut.txt

 

[siq]

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by Philipp (17-02-2017 06:39:06) Run:4
Running from C:\Users\Philipp\Desktop\Neuer Ordner
Loaded Profiles: Philipp (Available Profiles: Philipp)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
createrestorepoint:
emptytemp:
C:\Windows\winsxs\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23459_none_ba4cea3af46ee78c
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23459_none_0bbbac1e2b49b4a7
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e
C:\Windows\Logs\Gwx
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_19563044ba7b9b99
C:\Windows\winsxs\FileMaps\$$_system32_gwx_06654c71d047de88.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_download_27d68082ad334184.cdf-ms
C:\Windows\winsxs\FileMaps\$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms
C:\Windows\winsxs\FileMaps\$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-ins_31bf3856ad364e35_6.1.7601.23459_none_a8ecb430817f12e3.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23459_none_ba4cea3af46ee78c.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23459_none_0bbbac1e2b49b4a7.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e.manifest
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWX.exe
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_19563044ba7b9b99\GWX.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXConfigManager.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXDetector.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23459_none_0bbbac1e2b49b4a7\GWXGC.exe
C:\Windows\Migration\WTR\GWXMig.inf
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXUI.dll
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXUX.exe
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXUXWorker.exe
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_19563044ba7b9b99.manifest
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18868_none_e5a020d4101a2015
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18917_none_e5d5320c0ff27830
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18942_none_e5afc0d6100f4d50
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18944_none_e5b1c16a100d7ffe
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23468_none_e6299d592937e7bd
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18868_none_6617c4cc60c22e04
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18917_none_664cd604609a861f
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18942_none_662764ce60b75b3f
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18944_none_6629656260b58ded
F:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7600.16385_none_2e61438480527d71
C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b
F:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d
C:\Windows\AppCompat\Appraiser\Telemetry
C:\Windows\winsxs\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18868_none_e5a020d4101a2015.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18917_none_e5d5320c0ff27830.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18942_none_e5afc0d6100f4d50.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18944_none_e5b1c16a100d7ffe.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e659ab392914c3fe.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23468_none_e6299d592937e7bd.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18868_none_6617c4cc60c22e04.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18917_none_664cd604609a861f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18942_none_662764ce60b75b3f.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18944_none_6629656260b58ded.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23412_none_66d14f3179bcd1ed.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23468_none_66a1415179dff5ac.manifest
F:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7600.16385_none_2e61438480527d71.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b.manifest
F:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149.manifest
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d.manifest
C:\System Volume Information\SystemRestore\FRStaging\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_RS1.bin
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_RS1.bin
C:\System Volume Information\SystemRestore\FRStaging\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_TH2.bin
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_TH2.bin
C:\System Volume Information\SystemRestore\FRStaging\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_UNV.bin
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_UNV.bin
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-inventory.data_31bf3856ad364e35_6.1.7601.23468_none_b78b2be646720e6a\Appraiser_TelemetryRunList.xml
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18868_none_e83d75d9e59ba1ea\CompatTelemetry.inf
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
F:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-Skype.json
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8\telemetry.ASM-WindowsDefault.json
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\telemetry.ASM-WindowsDefault.json
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18868_none_e83d75d9e59ba1ea\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18917_none_e8728711e573fa05\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18942_none_e84d15dbe590cf25\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18944_none_e84f166fe58f01d3\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23468_none_e8c6f25efeb96992\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\diagtrack.dll
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\diagtrackrunner.exe
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23468_none_e8c6f25efeb96992\diagtrackrunner.exe
C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl
emptytemp:
reboot:
end
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\winsxs\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23459_none_ba4cea3af46ee78c => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23459_none_0bbbac1e2b49b4a7 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e => moved successfully
C:\Windows\Logs\Gwx => moved successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx => moved successfully
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers => moved successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers => moved successfully
C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_19563044ba7b9b99 => moved successfully
C:\Windows\winsxs\FileMaps\$$_system32_gwx_06654c71d047de88.cdf-ms => moved successfully
C:\Windows\winsxs\FileMaps\$$_system32_gwx_download_27d68082ad334184.cdf-ms => moved successfully
C:\Windows\winsxs\FileMaps\$$_system32_gwx_downloadswap_5098c1f0e1204caf.cdf-ms => moved successfully
C:\Windows\winsxs\FileMaps\$$_syswow64_gwx_1bf23be3a76673bc.cdf-ms => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-ins_31bf3856ad364e35_6.1.7601.23459_none_a8ecb430817f12e3.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-task_31bf3856ad364e35_6.1.7601.23459_none_ba4cea3af46ee78c.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23459_none_0bbbac1e2b49b4a7.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e.manifest => moved successfully
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWX.exe" => not found.
"C:\Windows\winsxs\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_19563044ba7b9b99\GWX.exe" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXConfigManager.exe" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXDetector.exe" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx-uninstall_31bf3856ad364e35_6.1.7601.23459_none_0bbbac1e2b49b4a7\GWXGC.exe" => not found.
C:\Windows\Migration\WTR\GWXMig.inf => moved successfully
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXUI.dll" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXUX.exe" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_0f0185f2861ad99e\GWXUXWorker.exe" => not found.
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GWX-Ins%4Operational.evtx => moved successfully
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => moved successfully
C:\Windows\winsxs\Manifests\wow64_microsoft-windows-gwx_31bf3856ad364e35_6.1.7601.23459_none_19563044ba7b9b99.manifest => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18868_none_e5a020d4101a2015 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18917_none_e5d5320c0ff27830 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18942_none_e5afc0d6100f4d50 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18944_none_e5b1c16a100d7ffe => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23468_none_e6299d592937e7bd => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18868_none_6617c4cc60c22e04 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18917_none_664cd604609a861f => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18942_none_662764ce60b75b3f => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18944_none_6629656260b58ded => moved successfully
F:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7600.16385_none_2e61438480527d71 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b => moved successfully
F:\Windows\winsxs\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149 => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d => moved successfully
C:\Windows\AppCompat\Appraiser\Telemetry => moved successfully
C:\Windows\winsxs\FileMaps\$$_appcompat_appraiser_telemetry_94274e99519f58a9.cdf-ms => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18444_none_e5b1b7ec100d8e3b.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18467_none_e59f18f2101b1222.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18803_none_e5dbfeea0fedf9bc.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18868_none_e5a020d4101a2015.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18917_none_e5d5320c0ff27830.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18942_none_e5afc0d6100f4d50.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.18944_none_e5b1c16a100d7ffe.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23412_none_e659ab392914c3fe.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..de-compat-telemetry_31bf3856ad364e35_6.1.7601.23468_none_e6299d592937e7bd.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18444_none_66295be460b59c2a.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18467_none_6616bcea60c32011.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18803_none_6653a2e2609607ab.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18868_none_6617c4cc60c22e04.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18917_none_664cd604609a861f.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18942_none_662764ce60b75b3f.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.18944_none_6629656260b58ded.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23412_none_66d14f3179bcd1ed.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ence-telemetry-sdbs_31bf3856ad364e35_6.1.7601.23468_none_66a1415179dff5ac.manifest => moved successfully
F:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7600.16385_none_2e61438480527d71.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b.manifest => moved successfully
F:\Windows\winsxs\Manifests\amd64_microsoft-windows-a..ion-telemetry-agent_31bf3856ad364e35_6.1.7601.17514_none_3092574c7d41010b.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149.manifest => moved successfully
C:\Windows\winsxs\Manifests\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d.manifest => moved successfully
C:\System Volume Information\SystemRestore\FRStaging\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_RS1.bin => moved successfully
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_RS1.bin => moved successfully
C:\System Volume Information\SystemRestore\FRStaging\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_TH2.bin => moved successfully
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_TH2.bin => moved successfully
C:\System Volume Information\SystemRestore\FRStaging\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_UNV.bin => moved successfully
C:\Windows\AppCompat\Appraiser\APPRAISER_TelemetryBaseline_UNV.bin => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..ence-inventory.data_31bf3856ad364e35_6.1.7601.23468_none_b78b2be646720e6a\Appraiser_TelemetryRunList.xml => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18868_none_e83d75d9e59ba1ea\CompatTelemetry.inf => moved successfully
Could not move "C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx" => Scheduled to move on reboot.
F:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx => moved successfully
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-Skype.json => moved successfully
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json => moved successfully
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\telemetry.ASM-WindowsDefault.json" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\telemetry.ASM-WindowsDefault.json" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8\telemetry.ASM-WindowsDefault.json" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\telemetry.ASM-WindowsDefault.json" => not found.
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.json.bk => moved successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience => moved successfully
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program => moved successfully
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx" => not found.
"C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers" => not found.
"C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" => not found.
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector => moved successfully
C:\Windows\System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => moved successfully
C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18868_none_e83d75d9e59ba1ea\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18917_none_e8728711e573fa05\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18942_none_e84d15dbe590cf25\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18944_none_e84f166fe58f01d3\diagtrack.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23468_none_e8c6f25efeb96992\diagtrack.dll => moved successfully
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18839_none_fe0845bb1d97efda\diagtrack.dll" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18869_none_fde7d5f71db043ad\diagtrack.dll" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.18939_none_fe0847a11d97ed01\diagtrack.dll" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23040_none_fe7de82236c5fac8\diagtrack.dll" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23072_none_fe5f78f236dc8149\diagtrack.dll" => not found.
"C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23142_none_fe7fea9c36c42a9d\diagtrack.dll" => not found.
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.18803_none_e87953efe56f7b91\diagtrackrunner.exe => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-a..xperience-inventory_31bf3856ad364e35_6.1.7601.23468_none_e8c6f25efeb96992\diagtrackrunner.exe => moved successfully
"C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagtrack-Listener.etl" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5998882 B
Java, Flash, Steam htmlcache => 88944953 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 367823561 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 82679 B
systemprofile32 => 759 B
LocalService => 0 B
NetworkService => 0 B
Philipp => 4315605 B
UpdatusUser => 0 B

RecycleBin => 365255 B
EmptyTemp: => 453.9 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-02-2017 06:40:22)

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Application-Experience%4Program-Telemetry.evtx => Is moved successfully

==== End of Fixlog 06:40:22 ====