Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard drive leaking memory (ie, memory available slowly disappearing)


  • This topic is locked This topic is locked
19 replies to this topic

#1 John Knee

John Knee

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 14 May 2018 - 05:09 PM

I hope this is in the right general thread and I'll start with the boring "leading up to" speech in case there is something significant...

 

So I booted up about 6 hours ago now as I had a few hours to spare so I opened up the Twitch app to see if any of the people I sometimes watch was on. The stream contantly buffered every 5-10 seconds and upon checking the Task Manager and seeing it downloading at top speed of 12.5Mb/s. After a WTF moment I checked Windows Update which said it was downloading the latest patch. I noticed too that the disk usage was around 100% and flicking up with a write speed of several megabyte a second. Looking at my c: drive (right mouse click and properties) I noticed the disk space doing down at probably a rate of a 1-2Mb/s. I wasn't immedaitely panicing because it could be Microsoft update files that'll delete after update done, right??

 

Well no. After the computer rebooted a few times, I got asked questions if I would like to activate voice recognition etc then the installation seemed to finish. I checked in Task Manager and there was still some usage on the disk drive and still some writing speed. I gave it a minute in case it was something to do with the Windows update just doing a last bit of tidy up.

 

Checking Task Manager and right clicking on my diskdrive (and properties) indicated disk space was still leaking away somewhere. I wasn't running any additional programmes that didn't load into the RAM upon booting.

 

I ran Malwarebytes and clean bill of health. I opened up SuperAntiSpyware (I know a favourite of Beeping Computer) and ran the quick scan option. Also a clean bill of health. As I am typing I am running a full scan which may take another hours so.... If I don't update this thread then assume it gave a clean bill of health.

 

Doing a quick test, my hard drive had 782,937,513,984 bytes of memory. A timed minute later it is down to 782,937,419,776 bytes. It is only a small drop of 100,000 bytes but running programmes like Malwarebytes and SuperAntiSpyware kills the rate in which the computer can write to the hard drive and reduce the total spare disk space. At moment pause when finishing the running of Malwarebytes and loading up SuperAntiSpyware saw Task Manager report a spikes of maybe a couple of megabyte / second every second or two.

 

The question is, what do I need to do to identify the issue and get it fixed?

 

In terms of software then Windows 10 Pro that has literally just done the recent update.

 

--------------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12.05.2018
Ran by Matt (administrator) on MATT-PC (14-05-2018 22:49:18)
Running from C:\Users\Matt\Desktop\Anti-Virus programmes
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Cisco) C:\Users\Matt\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21295.0_x64__8wekyb3d8bbwe\HxTsr.exe
(SUPERAntiSpyware.com) C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-05] (Panda Security, S.L.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-03] (Valve Corporation)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [Amazon Music] => C:\Users\Matt\AppData\Local\Amazon Music\Amazon Music.exe [19616184 2018-04-26] (Amazon Services LLC)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [Amazon Music Helper] => C:\Users\Matt\AppData\Local\Amazon Music\Amazon Music Helper.exe [3051960 2018-04-26] (Amazon Services LLC)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1465768 2018-04-25] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [VideoGuardMonitor] => C:\Users\Matt\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2345736 2017-11-02] (Cisco)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [4611456 2011-09-14] (SUPERAntiSpyware.com)
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-09-03]
ShortcutTarget: Twitch.lnk -> C:\Users\Matt\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicyScripts-x32: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4392709b-fa2d-49ad-8e06-2f04c276524a}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: cp3am2n9.default
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default [2018-05-14]
FF Homepage: Mozilla\Firefox\Profiles\cp3am2n9.default -> hxxp://www.google.co.uk/
FF Extension: (Met Office weather gadget) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593} [2015-02-01] [Legacy] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015-02-01] [Legacy] [not signed]
FF Extension: (Flashblock) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-02] [Legacy]
FF Extension: (Orthodox) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{6d677280-ddfe-11dc-95ff-0800200c9a66}.xpi [2012-12-30] [Legacy] [not signed]
FF Extension: (Web of Trust) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-04-18]
FF Extension: (Video DownloadHelper) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Extension: (Adblock Plus) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-04-21]
FF Extension: (Greasemonkey) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default [2016-11-24]
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-24]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-24]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-24]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-24]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-04-25] (Garmin Ltd. or its subsidiaries)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-05] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-05] (Panda Security, S.L.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-14] (Malwarebytes)
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [103856 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [210864 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [112560 2015-12-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [82864 2016-03-17] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [133552 2015-12-10] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [309680 2015-12-10] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [179632 2016-02-18] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [122800 2015-12-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [267184 2016-02-18] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [115632 2015-12-10] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [174000 2016-08-09] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [129456 2016-08-09] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207272 2016-08-09] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133544 2016-08-09] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [146864 2016-08-09] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117168 2016-08-09] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72112 2016-08-10] (Panda Security, S.L.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
R1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 22:48 - 2018-05-14 22:49 - 000000000 ____D C:\FRST
2018-05-14 22:06 - 2018-05-14 21:38 - 000000000 ____D C:\Windows.old
2018-05-14 22:01 - 2018-05-14 22:01 - 000002088 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-05-14 22:01 - 2018-05-14 22:01 - 000000000 ____D C:\Program Files (x86)\SUPERAntiSpyware
2018-05-14 21:46 - 2018-05-14 21:46 - 000000000 ____D C:\Users\Matt\AppData\Local\D3DSCache
2018-05-14 21:46 - 2018-05-14 21:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-14 21:38 - 2018-05-14 21:38 - 000000020 ___SH C:\Users\Matt\ntuser.ini
2018-05-14 21:37 - 2018-05-14 21:38 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-14 21:37 - 2018-05-14 21:38 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-05-14 21:37 - 2018-05-14 21:38 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1310137103-3057899829-2583583971-1001
2018-05-14 21:37 - 2018-05-14 21:38 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2018-05-14 21:37 - 2018-05-14 21:37 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-14 21:37 - 2018-05-14 21:37 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-14 21:37 - 2018-05-14 21:37 - 000002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1310137103-3057899829-2583583971-1001
2018-05-14 21:37 - 2018-05-14 21:37 - 000002754 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-05-14 21:37 - 2018-05-14 21:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-14 21:37 - 2018-05-14 21:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-14 21:36 - 2018-05-14 21:37 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-14 21:36 - 2018-05-14 21:37 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-14 21:26 - 2018-05-14 21:26 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-14 21:15 - 2018-05-14 21:15 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-14 21:13 - 2018-05-14 21:38 - 000000000 ____D C:\Users\Matt
2018-05-14 21:13 - 2018-05-14 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-05-14 21:13 - 2018-04-12 00:34 - 000001105 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-14 21:13 - 2016-09-29 21:02 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Macromedia
2018-05-14 21:13 - 2016-09-29 21:02 - 000000000 ____D C:\Users\Matt\AppData\Roaming\ATI
2018-05-14 21:13 - 2016-09-29 21:02 - 000000000 ____D C:\Users\Matt\AppData\Local\ATI
2018-05-14 21:11 - 2018-05-14 21:11 - 000000000 ____D C:\ProgramData\USOShared
2018-05-14 21:11 - 2018-04-12 00:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-14 21:07 - 2018-05-14 21:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-14 21:07 - 2018-05-14 21:19 - 000282560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-14 20:47 - 2018-05-14 21:50 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-14 20:47 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-14 20:45 - 2018-05-14 22:06 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-14 20:43 - 2018-05-14 20:45 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-14 20:40 - 2018-05-14 20:40 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-14 20:40 - 2018-05-14 20:40 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-14 20:40 - 2018-05-14 20:40 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-14 20:40 - 2018-05-14 20:40 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-14 20:40 - 2018-05-14 20:40 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-14 20:34 - 2018-05-14 20:34 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-14 20:34 - 2018-05-14 20:34 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-14 20:34 - 2018-05-14 20:34 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-14 20:34 - 2018-05-14 20:34 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-14 20:34 - 2018-05-14 20:34 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-14 20:34 - 2018-05-14 20:34 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-14 20:34 - 2018-05-14 20:34 - 000000000 ____D C:\Program Files\MSBuild
2018-05-14 20:34 - 2018-05-14 20:34 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-14 20:34 - 2018-05-14 20:34 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-14 20:33 - 2018-05-14 20:33 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-14 20:32 - 2018-05-14 20:32 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-14 20:32 - 2018-05-14 20:32 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-14 20:32 - 2018-05-14 20:32 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-14 20:32 - 2018-05-14 20:32 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-14 20:32 - 2018-05-14 20:32 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-14 20:32 - 2018-05-14 20:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-14 20:32 - 2018-05-14 20:32 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-14 20:32 - 2018-05-14 20:32 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-14 20:21 - 2018-05-14 20:21 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-13 19:35 - 2018-05-14 21:38 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-09 18:47 - 2018-05-09 18:48 - 055111376 _____ (Amazon) C:\Users\Matt\Downloads\AmazonMusicInstaller(1).exe
2018-05-07 20:55 - 2018-05-07 20:55 - 004018144 _____ C:\Users\Matt\Desktop\RAC Breakdown Renewal Pack.pdf
2018-05-06 16:30 - 2018-05-06 16:30 - 000000000 ____D C:\Users\Matt\AppData\LocalLow\Cisco
2018-05-06 16:30 - 2018-05-06 16:30 - 000000000 ____D C:\Users\Matt\AppData\Local\Cisco
2018-05-06 16:29 - 2018-05-14 21:17 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky
2018-05-06 16:29 - 2018-05-06 18:23 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Sky Go
2018-05-06 16:29 - 2018-05-06 18:23 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Sky
2018-05-06 16:29 - 2018-05-06 16:29 - 000001039 _____ C:\Users\Matt\Desktop\Sky Go.lnk
2018-04-29 13:55 - 2018-05-14 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2018-04-29 13:55 - 2018-04-29 13:55 - 000001963 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2018-04-23 22:30 - 2018-04-23 22:29 - 000610189 _____ C:\Users\Matt\Desktop\Within Temptation.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 22:49 - 2016-08-05 23:40 - 000000000 ____D C:\Users\Matt\Desktop\Anti-Virus programmes
2018-05-14 22:43 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-14 22:17 - 2016-11-20 12:01 - 000000000 ____D C:\Users\Matt\AppData\LocalLow\Mozilla
2018-05-14 22:10 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-14 22:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-14 22:08 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-14 22:06 - 2018-04-12 00:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-14 22:06 - 2018-04-12 00:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\InputMethod
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-14 22:06 - 2018-04-07 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-14 22:06 - 2017-10-05 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-05-14 22:06 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-14 22:06 - 2017-05-03 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Internet Security
2018-05-14 22:06 - 2017-04-16 08:44 - 000000000 ____D C:\Program Files\UNP
2018-05-14 22:06 - 2016-11-05 15:36 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8
2018-05-14 22:06 - 2015-02-04 21:13 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2018-05-14 22:06 - 2015-02-04 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4600 series
2018-05-14 22:06 - 2015-02-02 19:32 - 000000000 ____D C:\Program Files\Common Files\logishrd
2018-05-14 22:06 - 2015-02-01 20:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2018-05-14 22:06 - 2015-02-01 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-05-14 22:06 - 2015-02-01 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-05-14 22:06 - 2015-02-01 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-14 22:06 - 2015-02-01 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2018-05-14 22:06 - 2015-02-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-05-14 22:06 - 2015-02-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2018-05-14 22:06 - 2015-02-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-05-14 22:06 - 2015-02-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-14 22:06 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2018-05-14 22:06 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2018-05-14 22:01 - 2015-02-01 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-05-14 21:58 - 2018-01-27 00:40 - 000000000 ____D C:\Users\Matt\AppData\Local\Packages
2018-05-14 21:39 - 2018-01-27 01:04 - 000000000 ___RD C:\Users\Matt\3D Objects
2018-05-14 21:39 - 2016-07-24 18:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-14 21:38 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-14 21:28 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-14 21:27 - 2018-04-12 00:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-14 21:27 - 2016-07-24 17:55 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-14 21:22 - 2015-02-01 19:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-14 21:18 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-14 21:18 - 2017-07-13 23:21 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-05-14 21:17 - 2018-04-01 18:10 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Sufferfest Pte Ltd
2018-05-14 21:17 - 2015-03-23 22:54 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2018-05-14 21:12 - 2017-07-13 23:21 - 000000000 ____D C:\Program Files\AMD
2018-05-14 21:11 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-14 21:11 - 2016-07-24 17:34 - 000000000 ____D C:\AMD
2018-05-14 20:49 - 2018-04-12 00:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-14 20:47 - 2018-04-12 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-05-14 20:47 - 2018-04-12 17:14 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-14 20:45 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-14 20:45 - 2017-10-17 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2018-05-14 20:45 - 2017-07-13 23:21 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-05-14 20:45 - 2015-02-25 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier
2018-05-14 20:41 - 2018-04-12 17:36 - 000000000 ____D C:\WINDOWS\Containers
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-14 20:41 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-14 20:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-14 20:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-14 19:49 - 2017-09-03 14:05 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Twitch
2018-05-14 19:25 - 2015-02-01 19:41 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-12 18:06 - 2015-02-02 19:47 - 000000000 ____D C:\Users\Matt\AppData\Roaming\vlc
2018-05-09 21:07 - 2017-06-14 18:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-09 21:07 - 2015-02-01 19:39 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-09 21:07 - 2015-02-01 19:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-09 19:06 - 2015-03-23 22:54 - 000001258 _____ C:\Users\Matt\Desktop\Amazon Music.lnk
2018-05-09 19:06 - 2015-03-23 22:54 - 000000000 ____D C:\Users\Matt\AppData\Local\Amazon Music
2018-05-08 19:09 - 2015-02-01 21:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 19:06 - 2017-10-10 21:42 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-08 19:06 - 2015-02-01 21:48 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-07 18:08 - 2013-05-04 17:00 - 000000000 ____D C:\Users\Matt\Desktop\Tekkit
2018-05-01 21:28 - 2016-07-24 18:46 - 000000000 ___RD C:\Users\Matt\OneDrive
2018-04-29 13:56 - 2018-01-28 19:40 - 000000000 ____D C:\ProgramData\Garmin
2018-04-29 13:56 - 2018-01-28 19:40 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-04-29 13:56 - 2017-07-13 23:22 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-29 13:56 - 2013-06-27 19:23 - 000000000 ____D C:\Users\Matt\Desktop\Tidy Up
2018-04-23 22:29 - 2016-06-04 18:00 - 000000000 ____D C:\Users\Matt\Desktop\Tickets and Confirmations
2018-04-22 16:17 - 2015-02-01 21:07 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Skype
2018-04-21 23:41 - 2013-04-28 18:34 - 000000000 ____D C:\Users\Matt\Documents\Euro Truck Simulator 2

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-14 21:07

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12.05.2018
Ran by Matt (14-05-2018 22:53:56)
Running from C:\Users\Matt\Desktop\Anti-Virus programmes
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-14 20:38:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1310137103-3057899829-2583583971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1310137103-3057899829-2583583971-503 - Limited - Disabled)
Guest (S-1-5-21-1310137103-3057899829-2583583971-501 - Limited - Disabled)
Matt (S-1-5-21-1310137103-3057899829-2583583971-1001 - Administrator - Enabled) => C:\Users\Matt
WDAGUtilityAccount (S-1-5-21-1310137103-3057899829-2583583971-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Internet Security (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Internet Security (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Enabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Amazon Amazon Music) (Version: 6.5.1.1332 - Amazon Services LLC)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{0919C970-C55E-4322-AD6E-D561EC8C01EC}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Cisco VideoGuard Player (HKLM-x32\...\{0d415397-2ac8-4273-afde-e6c887ffc827}) (Version: 9.0.1.4396 - Cisco Systems, Inc)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Elevated Installer (HKLM-x32\...\{1F3FEA49-536F-455B-BADD-7D35CDB0E92B}) (Version: 6.4.0.0 - Garmin Ltd or its subsidiaries) Hidden
Elite Dangerous Launcher version 0.4.4468.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.4468.0 - Frontier Developments)
FileZilla Client 3.10.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1 - Tim Kosse)
Football Manager 2009 (HKLM-x32\...\Football Manager 2009) (Version: 9.0.0.0 - Sports Interactive)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
GameLauncherRemoval (KCD Beta Access) (HKLM-x32\...\{40D62796-CD95-4AFC-A76D-742ED85047A1}) (Version: 1.0.0.0 - Warhorse Studios) Hidden
Garmin Express (HKLM-x32\...\{52c2b6dd-5953-4bb1-9ef3-d145973e25e7}) (Version: 6.4.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BBAAEC8F-33FB-4DBC-A033-0997CD0BE1B2}) (Version: 6.4.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{A336EAA0-135A-4338-B628-BA8DBB3BCA60}) (Version: 6.4.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\{0AF824B2-4F7D-325F-82E9-4758EBD12AB0}) (Version: 66.0.3359.170 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075F0}) (Version: 7.0.750 - Oracle)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KCD Beta Access (HKLM-x32\...\{9ac7cc09-fe3b-4f6c-801b-3d30a8efd114}) (Version: 2.0 - Warhorse Studios)
KCD Beta Access (HKLM-x32\...\{DC804676-5720-4929-A988-4DC6DA85FE23}) (Version: 2.0 - Warhorse Studios) Hidden
K-Lite Codec Pack 10.9.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 60.0 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0 (x64 en-US)) (Version: 60.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.0.6697 - Mozilla)
Mozilla Thunderbird 52.7.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.7.0 (x86 en-GB)) (Version: 52.7.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Internet Security (HKLM\...\{E965C791-95BE-4D8F-9E41-B2A9BF3843B1}) (Version: 8.34.00 - Panda Security) Hidden
Panda Internet Security (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.0.1 - Panda Security)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Sky Go 1.0.19.0 (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\com.bskyb.skygoplayer_is1) (Version: 1.0.19.0 - Sky)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
SUPERAntiSpyware (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1128 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sufferfest Training System (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\sufferfest) (Version: 5.2.2 - The Sufferfest Pte Ltd)
Twitch (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
WinX DVD Ripper Platinum 8.5.1 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
Word Realms (HKLM-x32\...\{447C19EC-77F2-9CA9-EB8B-B00E4A2884EB}) (Version: 1.0.0 - Asymmetric Publications, LLC) Hidden
Word Realms (HKLM-x32\...\com.asymmetric.WordRealms) (Version: 1.0.0 - Asymmetric Publications, LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2014-11-18] (Foxit Software Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2016-08-05] (Panda Security, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2016-08-05] (Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2016-08-05] (Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {146F8FDE-8C35-4BB7-8CF6-28D166317D16} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {171996AD-B55F-4736-B005-7D6E4A82290F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37D3C7E3-D57F-453D-B6A9-7E011FDB6EF3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4250EB74-1AC4-48A7-821B-BF43AFFC7650} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {48A8C70D-840B-4788-A46C-8E7CCA3FE58D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {533079EF-F0E2-418F-8DB0-3F3116A20B62} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {533DCD69-6C62-441B-B4ED-380D5980FE04} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {5715D5E3-8A73-49AA-BF36-CE57402ADE23} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {5A0D5BD3-1D80-49E1-BA33-CC07D82E280E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5D6D713A-6BDE-415C-953E-381BA525BF92} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {62C8EEA6-87BF-4A56-9717-D21BC83C3C34} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6E42A7B7-B6DA-4D5C-9516-2152A2AA04D2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7B1E3D26-3FDC-4F4F-9870-6360EA1D7BC3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A05741BF-CE83-4E47-8960-4509AB7DEA6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A5A50D67-54E5-4F37-B83E-7A26A25C5F63} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B67B2C07-D86D-4B61-8C9C-BC7B604195C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D3A9A9D2-98C2-4DD2-BE6D-6BC06395AF79} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DDBB786F-BDD5-4F25-B852-E07629178A55} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {DFAFB12D-1D67-4FB1-B59E-EC25C0C266E1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-05-08] (Microsoft Corporation)
Task: {E22EC5E4-58A8-4A08-9E44-63BA563D0C4F} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {EF1AAACD-EEFC-4CC8-8656-00A7D3F90D4D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EFA71E7B-0500-4573-91CB-E81E204DB72A} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F0660B49-84DD-4EE8-8D65-AE1BD24022A4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F67E58B2-CAE9-4FA6-BDAA-98CD7D6EBBCA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-04-25] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-02-01 19:42 - 2013-10-23 16:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 00:35 - 2018-04-12 17:19 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-27 09:08 - 2018-04-27 09:08 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-27 09:08 - 2018-04-27 09:08 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-27 09:08 - 2018-04-27 09:08 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-27 09:08 - 2018-04-27 09:08 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-27 09:08 - 2018-04-27 09:08 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-01-10 19:51 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2015-12-15 18:17 - 2015-12-15 18:17 - 000618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{343D77DD-B1FA-4127-A7B9-DA09BD149A3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{EE8DB6AC-D87C-4623-A7BE-00BE21422D54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{36D1EB97-AB9D-4DCE-BDEB-E14808F2BFC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{8CAE17AC-4A04-4847-BEF1-7CFEE3C2B7F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{48914D8A-E1E8-436D-9F06-028E8DE541E7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8E50E737-01B8-48DC-875B-9E762CB41146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{97F29994-A376-46CB-98AF-C45BEF8AF5A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{D8071806-492F-43EB-8603-A38A3051F691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\fm.exe
FirewallRules: [{A9522096-43F1-42EC-9F4E-9B9632F63F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\fm.exe
FirewallRules: [{F51BB26D-4B98-4049-BB93-CC141FA60E08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{ED5B034B-0470-473A-AFEE-42332F307F88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{D0C83613-C60F-4917-A24C-BB16A29B7001}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freeways\Freeways.exe
FirewallRules: [{013014D4-FB0A-4455-9105-41EE290673D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freeways\Freeways.exe
FirewallRules: [{CE083FDB-8EF1-4D50-A3F4-8EE553A0B0F7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{84854B78-A8EF-4CF6-AAC8-A0FB6AA86B21}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BD04D908-887C-42A3-B65E-6E676F803B70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Her Majesty's SPIFFING\hms64.exe
FirewallRules: [{F1825F5F-F742-41E8-9211-806007E1F310}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Her Majesty's SPIFFING\hms64.exe
FirewallRules: [{C8FB852E-F042-4E22-A96F-08970696B8DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{853C0B0B-C7BD-4A74-90D5-9154760C6AB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{5CD0B340-069D-42BC-B9C4-71904CEF67CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WWE2K16\WWE2K16.exe
FirewallRules: [{557392E8-1115-4E18-B6E3-EB4A918ED181}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WWE2K16\WWE2K16.exe
FirewallRules: [{837A7F31-27BF-4F64-A977-5A04B586FC8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{02337621-D623-4B13-9E51-F5669AD11B69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{5DC5BB8B-8482-49BF-96BA-40075EA00CB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{7FEADE1B-C77E-43CD-990F-065942D2FCDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{17EBC214-E26E-4585-B36B-42D047EC2DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{F8A6894C-13BB-4A78-ACE8-188045ADEFED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{0502B9EF-6B50-452D-91C2-1DD5057AA3FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{AE34067C-F9FA-4431-AC24-BA4666993730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{417BF35F-C0D3-4DF1-A44A-8628D659BF0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dropsy\Dropsy.exe
FirewallRules: [{5BCEE22D-E01D-4E08-A27E-3609FD640735}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dropsy\Dropsy.exe
FirewallRules: [{75BDAE2B-E72C-4AE7-ACD3-604EF5832F2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{8A05444C-D90A-4D81-AFE7-CA14A328C953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{15A84F97-65A2-4A1F-8AD6-AFB9351E4B21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cornerstone, The Song Of Tyrim\Cornerstone.exe
FirewallRules: [{59A0FB49-E91C-48DA-9F8A-E45FA34063E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cornerstone, The Song Of Tyrim\Cornerstone.exe
FirewallRules: [{95CFC46B-2CFA-4BF1-897E-DE740ACDD4FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{ADBD0E26-6BF9-4853-8506-4E0ED12D8B1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{DE0A0EA4-33A4-4536-B7E3-520B743297C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{E7474E5A-1DDB-4E1A-9F39-A74935D36CEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{4BE69A78-2F85-4E55-9DB3-A260B72E4598}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{EFC2F01A-1E18-435E-8103-7EDE6BD3C6DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{FD2ABF10-203F-4EF6-AFE9-FC05602F3213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{1DF1DB78-47E2-4794-B838-ED86F4FCC06E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{4AB31554-23A8-4996-8499-F4C613B11415}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{24F9D7C8-2583-41AE-908F-89764910E27B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{19ACD9D1-CA5A-488E-9235-8968978E9C13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{19AD411F-523D-4D8F-8C4F-65BDD6AC4E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{3A741D5E-24D4-48D9-9C17-A250E09AC216}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE5B5D0C-8979-4F03-BE50-01CFB681D8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{76FE34C7-A7DA-489E-A5B2-28453EB2C8BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{70366D26-F009-4AEF-B743-A5EBCC99AAB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{7A1D93A8-8C26-4DE8-9D57-6842F1F2227F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{C9BE74BE-1663-4A47-BDCF-3A68D317CF48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{B498DCAA-0AB6-46F2-B586-23CCAD84DCA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{8978F0C9-CAD3-4361-819F-B559AAF813AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{5DCCAD34-C9B3-4DCF-BD52-E193FAF6EB6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Dark Age\x86\GameExe.exe
FirewallRules: [{98523D10-DEE6-4729-980F-57A48D00CEF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Dark Age\x86\GameExe.exe
FirewallRules: [{73EE589E-A022-4825-9969-63EF729818F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{FEC75C88-28C3-4580-BEFE-087FE076449E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{B3D17098-6C02-4BB4-B93D-E3326ACBE34A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scraps\Scraps Server.exe
FirewallRules: [{E44D7728-81BB-4521-A259-011D41231F13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scraps\Scraps Server.exe
FirewallRules: [{B4B8A084-26C4-43AA-9F63-7C35F79B6EEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scraps\Scraps.exe
FirewallRules: [{D47CF9FB-2B6B-4EC9-928E-6375235C86BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scraps\Scraps.exe
FirewallRules: [{2A9E4C7A-68AB-4333-81CB-85E8C7251EB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1613835E-7E8B-4CBE-8CA5-5EF69FD1BD6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5C0EEE97-460B-48BD-A8E6-70029BBFCA77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
FirewallRules: [{1CD40F1B-17C3-407B-9118-AEA52EC18097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
FirewallRules: [{33EC461E-35F0-4EEC-871F-FEB1ABCF4029}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2009\fm.exe
FirewallRules: [{C6D51131-2A03-4037-BE72-33A44CD9E3BE}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2009\fm.exe
FirewallRules: [{5B971EAE-377B-41C8-B599-02488E8BB933}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{17265CFC-D5A4-4464-9859-42BBFC552B6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{EA6EFD0E-5E68-485F-ADBE-5567AD9FFA24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{73142582-7418-4D06-A651-425C77A6B721}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{E725FB5D-E20A-42B9-895A-BBC330C5AB52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{27D9409C-170B-4821-BC61-C983A3886A3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{71489EB9-739B-457B-BD18-207B36399227}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{2A1B302C-0EC1-4282-AA47-B847ED7AFA78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{EA24E7F4-0A5D-4B39-996F-DD85B1A09090}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{28C7EE16-4198-4AA1-9A64-138552D820DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{1D3EB4D6-1572-41AB-8D05-6C28493C154C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{5FB37973-F50E-44FD-82F5-43EA7BC560A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{DFDD0DF0-BD6B-4614-9F23-1C888D7ACE78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{87A853EC-5065-4BF8-9E07-A05859D12470}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C8187781-1EC9-4559-9116-EE377A1ED2B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ChaosReborn\ChaosRebornWin64.exe
FirewallRules: [{C808B389-EB37-4162-B747-555ED6D62E99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ChaosReborn\ChaosRebornWin64.exe
FirewallRules: [{A4BC0161-6AA5-4425-8243-006BC27D0648}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{67260D4F-D066-435E-9222-C4B7D1782466}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{EE2CBE47-88F6-4C3D-80DE-151154EBFE94}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ED09FE23-F1D0-4C0C-AA20-A31694C549B2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{712C4D00-CB17-4C8F-875F-F93F7A785B0A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{2F936DD9-77BB-46FA-8885-36B022B59CE5}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{D8C0A444-B8DA-4911-97CB-CF4C487BA902}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1775870D-9952-4788-B96C-DCCF1D52612C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{69837057-4A35-44BE-91B2-414E787E4BD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89D63B5A-04E1-4D37-87A3-CECA365AFE09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8C15A20-5A09-474D-8FAA-EEC25BB53E67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Walls Must Fall\ProjectDisco.exe
FirewallRules: [{94417016-E714-44BB-9F77-ED87C9CF2F1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Walls Must Fall\ProjectDisco.exe
FirewallRules: [{7903AF68-D366-43DF-970F-4D20A19DAA4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\West of Loathing\West of Loathing.exe
FirewallRules: [{109CC732-389F-458A-AFFA-305F45DAF415}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\West of Loathing\West of Loathing.exe
FirewallRules: [{2DFA4EBC-B02E-466F-A55A-3D9163D59769}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B08E2880-A0C3-41DE-BA7D-7A8127516579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{35867900-A788-454C-AD8D-D667DE9F74AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{6448EB91-CD13-42B4-B11D-5D8BA2320E3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{C3D242A1-7273-4D73-A3A0-C648D6A2FED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{AA44DF02-4A3C-4C4D-A515-1B8CB99BEB35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{FC37AF88-1F20-4985-B564-0A20D532099C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{7D782FD1-2A48-46C8-B8E2-A96567823629}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe
FirewallRules: [{DBA9C7AD-CDB6-447B-95B9-6AA3925BEA48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2018 09:27:44 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 09:21:23 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 09:21:23 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 09:21:22 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 09:12:35 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\AMD\WU-CCC2\ccc2_install\VC13RTx64\vcredist_x64.exe /q /norestart; Description = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501; Error = 0x80042302).

Error: (05/14/2018 09:12:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Instantiating VSS server

Error: (05/14/2018 09:12:35 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Instantiating VSS server

Error: (05/14/2018 09:12:35 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\AMD\WU-CCC2\ccc2_install\VC13RTx86\vcredist_x86.exe /q /norestart; Description = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501; Error = 0x80042302).


System errors:
=============
Error: (05/14/2018 09:14:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
A device attached to the system is not functioning.

Error: (05/14/2018 09:14:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (05/14/2018 09:12:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (05/14/2018 09:11:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/14/2018 09:09:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The iphlpsvc service terminated with the following error:
The device is not ready.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 48%
Total physical RAM: 8138.14 MB
Available physical RAM: 4202.84 MB
Total Virtual: 10058.14 MB
Available Virtual: 5929.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.48 GB) (Free:729.07 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:232.88 GB) (Free:160.66 GB) NTFS

\\?\Volume{c8d983ba-aa6c-11e2-be66-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{19397c6f-0000-0000-0000-e0a4d1010000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 19397C6F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: DA3B81F4)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:11 AM

Posted 19 May 2018 - 05:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/677477 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 21 May 2018 - 02:45 AM

I'll rerun the Farbar tool again tonight when I am home from work.

 

I don't have the original CD as the computer was originally bought with Windows XP and was upgraded via download to Windows 8 and then later Windows 10 as part of the rollout thing Microsoft did.



#4 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 21 May 2018 - 12:03 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Matt (administrator) on MATT-PC (21-05-2018 17:48:00)
Running from C:\Users\Matt\Desktop\Anti-Virus programmes
Loaded Profiles: Matt (Available Profiles: Matt)
Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Cisco) C:\Users\Matt\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
(SUPERAntiSpyware.com) C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
() C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
(Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Users\Matt\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21485.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] => C:\WINDOWS\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2013-04-09] (Pixart Imaging Inc)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [109824 2016-08-05] (Panda Security, S.L.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3199776 2018-04-03] (Valve Corporation)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [Amazon Music] => C:\Users\Matt\AppData\Local\Amazon Music\Amazon Music.exe [19616184 2018-04-26] (Amazon Services LLC)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832272 2017-08-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [Amazon Music Helper] => C:\Users\Matt\AppData\Local\Amazon Music\Amazon Music Helper.exe [3051960 2018-04-26] (Amazon Services LLC)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1465768 2018-04-25] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [VideoGuardMonitor] => C:\Users\Matt\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe [2345736 2017-11-02] (Cisco)
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [4611456 2011-09-14] (SUPERAntiSpyware.com)
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Twitch.lnk [2017-09-03]
ShortcutTarget: Twitch.lnk -> C:\Users\Matt\AppData\Roaming\Twitch\Bin\Twitch.exe (Twitch Interactive, Inc.)
GroupPolicyScripts-x32: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4392709b-fa2d-49ad-8e06-2f04c276524a}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-15] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-15] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: cp3am2n9.default
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default [2018-05-21]
FF Homepage: Mozilla\Firefox\Profiles\cp3am2n9.default -> hxxp://www.google.co.uk/
FF Extension: (Met Office weather gadget) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{1BCA7BD8-8977-11DC-A9BD-548555D89593} [2015-02-01] [Legacy] [not signed]
FF Extension: (Microsoft .NET Framework Assistant) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2015-02-01] [Legacy] [not signed]
FF Extension: (Flashblock) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-01-02] [Legacy]
FF Extension: (Orthodox) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{6d677280-ddfe-11dc-95ff-0800200c9a66}.xpi [2012-12-30] [Legacy] [not signed]
FF Extension: (Web of Trust) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-04-18]
FF Extension: (Video DownloadHelper) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-03-16]
FF Extension: (Adblock Plus) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-05-16]
FF Extension: (Greasemonkey) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-03-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-13] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-15] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default [2016-11-24]
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-24]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-24]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-24]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-24]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-24]
CHR Extension: (Chrome Media Router) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-24]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1194512 2018-04-25] (Garmin Ltd. or its subsidiaries)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [153096 2016-08-05] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [86104 2016-07-19] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [48584 2016-08-05] (Panda Security, S.L.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [103856 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [210864 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [112560 2015-12-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [82864 2016-03-17] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [133552 2015-12-10] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [309680 2015-12-10] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [179632 2016-02-18] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [122800 2015-12-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [267184 2016-02-18] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [115632 2015-12-10] (Panda Security, S.L.)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [174000 2016-08-09] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [129456 2016-08-09] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207272 2016-08-09] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133544 2016-08-09] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [146864 2016-08-09] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117168 2016-08-09] (Panda Security, S.L.)
U3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [72112 2016-08-10] (Panda Security, S.L.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
R1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2013-04-09] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-14 23:50 - 2018-05-15 19:27 - 000000000 ____D C:\Users\Matt\AppData\Local\PlaceholderTileLogoFolder
2018-05-14 22:48 - 2018-05-21 17:48 - 000000000 ____D C:\FRST
2018-05-14 22:06 - 2018-05-14 21:38 - 000000000 ____D C:\Windows.old
2018-05-14 22:01 - 2018-05-14 22:01 - 000002088 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2018-05-14 22:01 - 2018-05-14 22:01 - 000000000 ____D C:\Program Files (x86)\SUPERAntiSpyware
2018-05-14 21:46 - 2018-05-14 21:46 - 000000000 ____D C:\Users\Matt\AppData\Local\D3DSCache
2018-05-14 21:46 - 2018-05-14 21:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-14 21:38 - 2018-05-14 21:38 - 000000020 ___SH C:\Users\Matt\ntuser.ini
2018-05-14 21:37 - 2018-05-18 19:32 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-14 21:37 - 2018-05-18 19:32 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-14 21:37 - 2018-05-14 21:38 - 000003278 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-05-14 21:37 - 2018-05-14 21:38 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1310137103-3057899829-2583583971-1001
2018-05-14 21:37 - 2018-05-14 21:38 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2018-05-14 21:37 - 2018-05-14 21:37 - 000003752 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-14 21:37 - 2018-05-14 21:37 - 000002812 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1310137103-3057899829-2583583971-1001
2018-05-14 21:37 - 2018-05-14 21:37 - 000002754 _____ C:\WINDOWS\System32\Tasks\klcp_update
2018-05-14 21:37 - 2018-05-14 21:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-14 21:37 - 2018-05-14 21:37 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-14 21:36 - 2018-05-14 21:37 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-14 21:36 - 2018-05-14 21:37 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-14 21:26 - 2018-05-21 17:44 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-14 21:15 - 2018-05-14 21:15 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-14 21:13 - 2018-05-14 21:38 - 000000000 ____D C:\Users\Matt
2018-05-14 21:13 - 2018-05-14 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-05-14 21:13 - 2018-04-12 00:34 - 000001105 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-14 21:13 - 2016-09-29 21:02 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Macromedia
2018-05-14 21:13 - 2016-09-29 21:02 - 000000000 ____D C:\Users\Matt\AppData\Roaming\ATI
2018-05-14 21:13 - 2016-09-29 21:02 - 000000000 ____D C:\Users\Matt\AppData\Local\ATI
2018-05-14 21:11 - 2018-05-14 21:11 - 000000000 ____D C:\ProgramData\USOShared
2018-05-14 21:11 - 2018-04-12 00:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-14 21:07 - 2018-05-15 20:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-14 21:07 - 2018-05-14 21:19 - 000282560 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-14 20:47 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-14 20:45 - 2018-05-14 22:06 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-14 20:43 - 2018-05-14 20:45 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-14 20:40 - 2018-05-14 20:40 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-14 20:40 - 2018-05-14 20:40 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-14 20:40 - 2018-05-14 20:40 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-14 20:40 - 2018-05-14 20:40 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-14 20:40 - 2018-05-14 20:40 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-14 20:40 - 2018-05-14 20:40 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-14 20:40 - 2018-05-14 20:40 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-14 20:34 - 2018-05-14 20:34 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-14 20:34 - 2018-05-14 20:34 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-14 20:34 - 2018-05-14 20:34 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-14 20:34 - 2018-05-14 20:34 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-14 20:34 - 2018-05-14 20:34 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-14 20:34 - 2018-05-14 20:34 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-14 20:34 - 2018-05-14 20:34 - 000000000 ____D C:\Program Files\MSBuild
2018-05-14 20:34 - 2018-05-14 20:34 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-14 20:34 - 2018-05-14 20:34 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-14 20:33 - 2018-05-14 20:33 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-14 20:32 - 2018-05-14 20:32 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-14 20:32 - 2018-05-14 20:32 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-14 20:32 - 2018-05-14 20:32 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-14 20:32 - 2018-05-14 20:32 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-14 20:32 - 2018-05-14 20:32 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-14 20:32 - 2018-05-14 20:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-14 20:32 - 2018-05-14 20:32 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-14 20:32 - 2018-05-14 20:32 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-14 20:21 - 2018-05-14 20:21 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-13 19:35 - 2018-05-14 21:38 - 000000000 ___DC C:\WINDOWS\Panther
2018-05-09 18:47 - 2018-05-09 18:48 - 055111376 _____ (Amazon) C:\Users\Matt\Downloads\AmazonMusicInstaller(1).exe
2018-05-07 20:55 - 2018-05-07 20:55 - 004018144 _____ C:\Users\Matt\Desktop\RAC Breakdown Renewal Pack.pdf
2018-05-06 16:30 - 2018-05-06 16:30 - 000000000 ____D C:\Users\Matt\AppData\LocalLow\Cisco
2018-05-06 16:30 - 2018-05-06 16:30 - 000000000 ____D C:\Users\Matt\AppData\Local\Cisco
2018-05-06 16:29 - 2018-05-14 21:17 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky
2018-05-06 16:29 - 2018-05-06 18:23 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Sky Go
2018-05-06 16:29 - 2018-05-06 18:23 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Sky
2018-05-06 16:29 - 2018-05-06 16:29 - 000001039 _____ C:\Users\Matt\Desktop\Sky Go.lnk
2018-04-29 13:55 - 2018-05-14 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2018-04-29 13:55 - 2018-04-29 13:55 - 000001963 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2018-04-23 22:30 - 2018-04-23 22:29 - 000610189 _____ C:\Users\Matt\Desktop\Within Temptation.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-21 17:48 - 2016-08-05 23:40 - 000000000 ____D C:\Users\Matt\Desktop\Anti-Virus programmes
2018-05-21 17:47 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-21 17:45 - 2016-11-20 12:01 - 000000000 ____D C:\Users\Matt\AppData\LocalLow\Mozilla
2018-05-21 17:44 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-21 17:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-18 19:36 - 2017-09-03 14:05 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Twitch
2018-05-18 19:30 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-16 18:42 - 2015-02-02 19:47 - 000000000 ____D C:\Users\Matt\AppData\Roaming\vlc
2018-05-16 18:18 - 2015-02-01 19:40 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-15 19:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-14 23:57 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-14 23:51 - 2018-01-27 00:40 - 000000000 ____D C:\Users\Matt\AppData\Local\Packages
2018-05-14 22:06 - 2018-04-12 00:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-14 22:06 - 2018-04-12 00:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\InputMethod
2018-05-14 22:06 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-14 22:06 - 2018-04-07 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-14 22:06 - 2017-10-05 19:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-05-14 22:06 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-14 22:06 - 2017-05-03 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Internet Security
2018-05-14 22:06 - 2017-04-16 08:44 - 000000000 ____D C:\Program Files\UNP
2018-05-14 22:06 - 2016-11-05 15:36 - 000000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8
2018-05-14 22:06 - 2015-02-04 21:13 - 000000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2018-05-14 22:06 - 2015-02-04 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP4600 series
2018-05-14 22:06 - 2015-02-02 19:32 - 000000000 ____D C:\Program Files\Common Files\logishrd
2018-05-14 22:06 - 2015-02-01 20:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2018-05-14 22:06 - 2015-02-01 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-05-14 22:06 - 2015-02-01 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-05-14 22:06 - 2015-02-01 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-14 22:06 - 2015-02-01 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2018-05-14 22:06 - 2015-02-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-05-14 22:06 - 2015-02-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2018-05-14 22:06 - 2015-02-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-05-14 22:06 - 2015-02-01 19:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Adobe
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-14 22:06 - 2015-02-01 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-14 22:06 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2018-05-14 22:06 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2018-05-14 22:01 - 2015-02-01 19:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-05-14 21:39 - 2018-01-27 01:04 - 000000000 ___RD C:\Users\Matt\3D Objects
2018-05-14 21:39 - 2016-07-24 18:43 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-14 21:38 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-14 21:28 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-14 21:27 - 2018-04-12 00:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-14 21:27 - 2016-07-24 17:55 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-14 21:18 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-14 21:18 - 2017-07-13 23:21 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-05-14 21:17 - 2018-04-01 18:10 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Sufferfest Pte Ltd
2018-05-14 21:17 - 2015-03-23 22:54 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2018-05-14 21:12 - 2017-07-13 23:21 - 000000000 ____D C:\Program Files\AMD
2018-05-14 21:11 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-14 21:11 - 2016-07-24 17:34 - 000000000 ____D C:\AMD
2018-05-14 20:49 - 2018-04-12 00:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-14 20:47 - 2018-04-12 17:14 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-05-14 20:47 - 2018-04-12 17:14 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-14 20:47 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-14 20:45 - 2017-10-17 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2018-05-14 20:45 - 2017-07-13 23:21 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-05-14 20:45 - 2015-02-25 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frontier
2018-05-14 20:41 - 2018-04-12 17:36 - 000000000 ____D C:\WINDOWS\Containers
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-14 20:41 - 2018-04-12 17:18 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-14 20:41 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-14 20:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-14 20:32 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-14 19:25 - 2015-02-01 19:41 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-09 21:07 - 2017-06-14 18:12 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-05-09 21:07 - 2015-02-01 19:39 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-09 21:07 - 2015-02-01 19:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-09 19:06 - 2015-03-23 22:54 - 000001258 _____ C:\Users\Matt\Desktop\Amazon Music.lnk
2018-05-09 19:06 - 2015-03-23 22:54 - 000000000 ____D C:\Users\Matt\AppData\Local\Amazon Music
2018-05-08 19:09 - 2015-02-01 21:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 19:06 - 2017-10-10 21:42 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-08 19:06 - 2015-02-01 21:48 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-07 18:08 - 2013-05-04 17:00 - 000000000 ____D C:\Users\Matt\Desktop\Tekkit
2018-05-01 22:22 - 2018-04-12 00:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 22:22 - 2018-04-12 00:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-01 21:28 - 2016-07-24 18:46 - 000000000 ___RD C:\Users\Matt\OneDrive
2018-04-29 13:56 - 2018-01-28 19:40 - 000000000 ____D C:\ProgramData\Garmin
2018-04-29 13:56 - 2018-01-28 19:40 - 000000000 ____D C:\Program Files (x86)\Garmin
2018-04-29 13:56 - 2017-07-13 23:22 - 000000000 ____D C:\ProgramData\Package Cache
2018-04-29 13:56 - 2013-06-27 19:23 - 000000000 ____D C:\Users\Matt\Desktop\Tidy Up
2018-04-23 22:29 - 2016-06-04 18:00 - 000000000 ____D C:\Users\Matt\Desktop\Tickets and Confirmations
2018-04-22 16:17 - 2015-02-01 21:07 - 000000000 ____D C:\Users\Matt\AppData\Roaming\Skype
2018-04-21 23:41 - 2013-04-28 18:34 - 000000000 ____D C:\Users\Matt\Documents\Euro Truck Simulator 2

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-14 21:07

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Matt (21-05-2018 17:53:29)
Running from C:\Users\Matt\Desktop\Anti-Virus programmes
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-14 20:38:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1310137103-3057899829-2583583971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1310137103-3057899829-2583583971-503 - Limited - Disabled)
Guest (S-1-5-21-1310137103-3057899829-2583583971-501 - Limited - Disabled)
Matt (S-1-5-21-1310137103-3057899829-2583583971-1001 - Administrator - Enabled) => C:\Users\Matt
WDAGUtilityAccount (S-1-5-21-1310137103-3057899829-2583583971-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Panda Internet Security (Enabled - Up to date) {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Panda Internet Security (Enabled - Up to date) {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall (Enabled) {7E957C27-E6CC-E160-34FA-E3201100269B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Amazon Music (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Amazon Amazon Music) (Version: 6.5.1.1332 - Amazon Services LLC)
AMD Settings (HKLM\...\WUCCCApp) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (HKLM\...\{0919C970-C55E-4322-AD6E-D561EC8C01EC}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Canon iP4600 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series) (Version:  - )
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Cisco VideoGuard Player (HKLM-x32\...\{0d415397-2ac8-4273-afde-e6c887ffc827}) (Version: 9.0.1.4396 - Cisco Systems, Inc)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Elevated Installer (HKLM-x32\...\{1F3FEA49-536F-455B-BADD-7D35CDB0E92B}) (Version: 6.4.0.0 - Garmin Ltd or its subsidiaries) Hidden
Elite Dangerous Launcher version 0.4.4468.0 (HKLM-x32\...\{696F8871-C91D-4CB1-825D-36BE18065575}_is1) (Version: 0.4.4468.0 - Frontier Developments)
FileZilla Client 3.10.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1 - Tim Kosse)
Football Manager 2009 (HKLM-x32\...\Football Manager 2009) (Version: 9.0.0.0 - Sports Interactive)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
GameLauncherRemoval (KCD Beta Access) (HKLM-x32\...\{40D62796-CD95-4AFC-A76D-742ED85047A1}) (Version: 1.0.0.0 - Warhorse Studios) Hidden
Garmin Express (HKLM-x32\...\{52c2b6dd-5953-4bb1-9ef3-d145973e25e7}) (Version: 6.4.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BBAAEC8F-33FB-4DBC-A033-0997CD0BE1B2}) (Version: 6.4.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (HKLM-x32\...\{A336EAA0-135A-4338-B628-BA8DBB3BCA60}) (Version: 6.4.0.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\{0AF824B2-4F7D-325F-82E9-4758EBD12AB0}) (Version: 66.0.3359.181 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Driver Update Utility 2.0 (HKLM-x32\...\{59DB38EB-F864-4E10-841D-38CFBCF864B0}) (Version: 2.0.0.29 - Intel) Hidden
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075F0}) (Version: 7.0.750 - Oracle)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KCD Beta Access (HKLM-x32\...\{9ac7cc09-fe3b-4f6c-801b-3d30a8efd114}) (Version: 2.0 - Warhorse Studios)
KCD Beta Access (HKLM-x32\...\{DC804676-5720-4929-A988-4DC6DA85FE23}) (Version: 2.0 - Warhorse Studios) Hidden
K-Lite Codec Pack 10.9.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.9.5 - )
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 60.0 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0 (x64 en-US)) (Version: 60.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 60.0.0.6697 - Mozilla)
Mozilla Thunderbird 52.7.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.7.0 (x86 en-GB)) (Version: 52.7.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.4 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Panda Devices Agent (HKLM-x32\...\{3F9548B2-0B34-4453-A92E-35056B053F19}) (Version: 1.08.00 - Panda Security) Hidden
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.08 - Panda Security) Hidden
Panda Internet Security (HKLM\...\{E965C791-95BE-4D8F-9E41-B2A9BF3843B1}) (Version: 8.34.00 - Panda Security) Hidden
Panda Internet Security (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 17.0.1 - Panda Security)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PuTTY version 0.63 (HKLM-x32\...\PuTTY_is1) (Version: 0.63 - Simon Tatham)
Sky Go 1.0.19.0 (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\com.bskyb.skygoplayer_is1) (Version: 1.0.19.0 - Sky)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.103 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
SUPERAntiSpyware (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1128 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Sufferfest Training System (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\sufferfest) (Version: 5.2.2 - The Sufferfest Pte Ltd)
Twitch (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 7.0.0.0 - Twitch Interactive, Inc.)
UE4 Prerequisites (x64) (HKLM\...\{36EAD5CF-44EF-4FCF-8BE1-D96C4835D7A4}) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (HKLM-x32\...\{2890ae6b-90e9-448d-b3e6-97e43c21e2fd}) (Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\WinDirStat) (Version:  - )
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinSCP 5.5.6 (HKLM-x32\...\winscp3_is1) (Version: 5.5.6 - Martin Prikryl)
WinX DVD Ripper Platinum 8.5.1 (HKLM-x32\...\WinX DVD Ripper Platinum_is1) (Version:  - Digiarty Software, Inc.)
Word Realms (HKLM-x32\...\{447C19EC-77F2-9CA9-EB8B-B00E4A2884EB}) (Version: 1.0.0 - Asymmetric Publications, LLC) Hidden
Word Realms (HKLM-x32\...\com.asymmetric.WordRealms) (Version: 1.0.0 - Asymmetric Publications, LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2014-05-12] ()
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2014-11-18] (Foxit Software Inc.)
ContextMenuHandlers1: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2016-08-05] (Panda Security, S.L.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-22] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2016-08-05] (Panda Security, S.L.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-27] (Malwarebytes)
ContextMenuHandlers6: [UAContextMenu] -> {A9B8E64D-3F7E-4D32-8FC9-E391DEE67D75} => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAShell.dll [2016-08-05] (Panda Security, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {146F8FDE-8C35-4BB7-8CF6-28D166317D16} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {171996AD-B55F-4736-B005-7D6E4A82290F} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37D3C7E3-D57F-453D-B6A9-7E011FDB6EF3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4250EB74-1AC4-48A7-821B-BF43AFFC7650} - \Microsoft\Windows\Setup\EOONotify -> No File <==== ATTENTION
Task: {48A8C70D-840B-4788-A46C-8E7CCA3FE58D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {533079EF-F0E2-418F-8DB0-3F3116A20B62} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {533DCD69-6C62-441B-B4ED-380D5980FE04} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-01-13] ()
Task: {5715D5E3-8A73-49AA-BF36-CE57402ADE23} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {5A0D5BD3-1D80-49E1-BA33-CC07D82E280E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5D6D713A-6BDE-415C-953E-381BA525BF92} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {62C8EEA6-87BF-4A56-9717-D21BC83C3C34} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6E42A7B7-B6DA-4D5C-9516-2152A2AA04D2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7B1E3D26-3FDC-4F4F-9870-6360EA1D7BC3} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {A05741BF-CE83-4E47-8960-4509AB7DEA6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {A5A50D67-54E5-4F37-B83E-7A26A25C5F63} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B67B2C07-D86D-4B61-8C9C-BC7B604195C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {D3A9A9D2-98C2-4DD2-BE6D-6BC06395AF79} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DDBB786F-BDD5-4F25-B852-E07629178A55} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {DFAFB12D-1D67-4FB1-B59E-EC25C0C266E1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-05-08] (Microsoft Corporation)
Task: {E22EC5E4-58A8-4A08-9E44-63BA563D0C4F} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {EF1AAACD-EEFC-4CC8-8656-00A7D3F90D4D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EFA71E7B-0500-4573-91CB-E81E204DB72A} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {F0660B49-84DD-4EE8-8D65-AE1BD24022A4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F67E58B2-CAE9-4FA6-BDAA-98CD7D6EBBCA} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2018-04-25] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-02-01 19:42 - 2013-10-23 16:24 - 000087600 _____ () C:\WINDOWS\System32\cpwmon64.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 00:35 - 2018-04-12 17:19 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-18 19:35 - 2018-05-18 19:36 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.9.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-05-18 19:35 - 2018-05-18 19:36 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.9.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-04-27 09:08 - 2018-04-27 09:08 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-27 09:08 - 2018-04-27 09:08 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-27 09:08 - 2018-04-27 09:08 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-27 09:08 - 2018-04-27 09:08 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-14 20:40 - 2018-05-14 20:40 - 003913112 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-04-12 00:35 - 2018-04-12 17:19 - 002506648 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-04-25 16:18 - 2018-04-25 16:18 - 000040360 _____ () C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe
2015-12-15 18:17 - 2015-12-15 18:17 - 000618544 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Windows Mobile Device Center"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "Amazon Music Helper"
HKU\S-1-5-21-1310137103-3057899829-2583583971-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{343D77DD-B1FA-4127-A7B9-DA09BD149A3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{EE8DB6AC-D87C-4623-A7BE-00BE21422D54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{36D1EB97-AB9D-4DCE-BDEB-E14808F2BFC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{8CAE17AC-4A04-4847-BEF1-7CFEE3C2B7F8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{8E50E737-01B8-48DC-875B-9E762CB41146}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{97F29994-A376-46CB-98AF-C45BEF8AF5A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect64.exe
FirewallRules: [{D8071806-492F-43EB-8603-A38A3051F691}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\fm.exe
FirewallRules: [{A9522096-43F1-42EC-9F4E-9B9632F63F9C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Football Manager 2013\fm.exe
FirewallRules: [{F51BB26D-4B98-4049-BB93-CC141FA60E08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{ED5B034B-0470-473A-AFEE-42332F307F88}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\KingdomComeDeliverance\Bin\Win64\KingdomCome.exe
FirewallRules: [{D0C83613-C60F-4917-A24C-BB16A29B7001}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freeways\Freeways.exe
FirewallRules: [{013014D4-FB0A-4455-9105-41EE290673D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Freeways\Freeways.exe
FirewallRules: [{CE083FDB-8EF1-4D50-A3F4-8EE553A0B0F7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{84854B78-A8EF-4CF6-AAC8-A0FB6AA86B21}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BD04D908-887C-42A3-B65E-6E676F803B70}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Her Majesty's SPIFFING\hms64.exe
FirewallRules: [{F1825F5F-F742-41E8-9211-806007E1F310}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Her Majesty's SPIFFING\hms64.exe
FirewallRules: [{C8FB852E-F042-4E22-A96F-08970696B8DA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{853C0B0B-C7BD-4A74-90D5-9154760C6AB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe
FirewallRules: [{5CD0B340-069D-42BC-B9C4-71904CEF67CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WWE2K16\WWE2K16.exe
FirewallRules: [{557392E8-1115-4E18-B6E3-EB4A918ED181}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WWE2K16\WWE2K16.exe
FirewallRules: [{837A7F31-27BF-4F64-A977-5A04B586FC8E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{02337621-D623-4B13-9E51-F5669AD11B69}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Just Cause 2\JustCause2.exe
FirewallRules: [{5DC5BB8B-8482-49BF-96BA-40075EA00CB0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{7FEADE1B-C77E-43CD-990F-065942D2FCDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{17EBC214-E26E-4585-B36B-42D047EC2DC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{F8A6894C-13BB-4A78-ACE8-188045ADEFED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{0502B9EF-6B50-452D-91C2-1DD5057AA3FF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{AE34067C-F9FA-4431-AC24-BA4666993730}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{417BF35F-C0D3-4DF1-A44A-8628D659BF0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dropsy\Dropsy.exe
FirewallRules: [{5BCEE22D-E01D-4E08-A27E-3609FD640735}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dropsy\Dropsy.exe
FirewallRules: [{75BDAE2B-E72C-4AE7-ACD3-604EF5832F2E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{8A05444C-D90A-4D81-AFE7-CA14A328C953}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Morrowind\Morrowind Launcher.exe
FirewallRules: [{15A84F97-65A2-4A1F-8AD6-AFB9351E4B21}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cornerstone, The Song Of Tyrim\Cornerstone.exe
FirewallRules: [{59A0FB49-E91C-48DA-9F8A-E45FA34063E0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cornerstone, The Song Of Tyrim\Cornerstone.exe
FirewallRules: [{95CFC46B-2CFA-4BF1-897E-DE740ACDD4FA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{ADBD0E26-6BF9-4853-8506-4E0ED12D8B1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP_x64.exe
FirewallRules: [{DE0A0EA4-33A4-4536-B7E3-520B743297C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{E7474E5A-1DDB-4E1A-9F39-A74935D36CEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous\EDLaunch.exe
FirewallRules: [{4BE69A78-2F85-4E55-9DB3-A260B72E4598}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{EFC2F01A-1E18-435E-8103-7EDE6BD3C6DD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Party Hard\PartyHardGame.exe
FirewallRules: [{FD2ABF10-203F-4EF6-AFE9-FC05602F3213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{1DF1DB78-47E2-4794-B838-ED86F4FCC06E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\XCOM 2\Binaries\Win64\Launcher\ModLauncherWPF.exe
FirewallRules: [{4AB31554-23A8-4996-8499-F4C613B11415}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{24F9D7C8-2583-41AE-908F-89764910E27B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Elite Dangerous Horizons\EDLaunch.exe
FirewallRules: [{19ACD9D1-CA5A-488E-9235-8968978E9C13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{19AD411F-523D-4D8F-8C4F-65BDD6AC4E45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{3A741D5E-24D4-48D9-9C17-A250E09AC216}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE5B5D0C-8979-4F03-BE50-01CFB681D8DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{76FE34C7-A7DA-489E-A5B2-28453EB2C8BC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{70366D26-F009-4AEF-B743-A5EBCC99AAB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Bejeweled 3\Bejeweled3.exe
FirewallRules: [{7A1D93A8-8C26-4DE8-9D57-6842F1F2227F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{C9BE74BE-1663-4A47-BDCF-3A68D317CF48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\launcher\sir.exe
FirewallRules: [{B498DCAA-0AB6-46F2-B586-23CCAD84DCA0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{8978F0C9-CAD3-4361-819F-B559AAF813AC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SatelliteReign\SatelliteReignWindows.exe
FirewallRules: [{5DCCAD34-C9B3-4DCF-BD52-E193FAF6EB6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Dark Age\x86\GameExe.exe
FirewallRules: [{98523D10-DEE6-4729-980F-57A48D00CEF2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sins of a Dark Age\x86\GameExe.exe
FirewallRules: [{73EE589E-A022-4825-9969-63EF729818F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{FEC75C88-28C3-4580-BEFE-087FE076449E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Stanley Parable\stanley.exe
FirewallRules: [{B3D17098-6C02-4BB4-B93D-E3326ACBE34A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scraps\Scraps Server.exe
FirewallRules: [{E44D7728-81BB-4521-A259-011D41231F13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scraps\Scraps Server.exe
FirewallRules: [{B4B8A084-26C4-43AA-9F63-7C35F79B6EEF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scraps\Scraps.exe
FirewallRules: [{D47CF9FB-2B6B-4EC9-928E-6375235C86BB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Scraps\Scraps.exe
FirewallRules: [{2A9E4C7A-68AB-4333-81CB-85E8C7251EB1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{1613835E-7E8B-4CBE-8CA5-5EF69FD1BD6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{5C0EEE97-460B-48BD-A8E6-70029BBFCA77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
FirewallRules: [{1CD40F1B-17C3-407B-9118-AEA52EC18097}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
FirewallRules: [{33EC461E-35F0-4EEC-871F-FEB1ABCF4029}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2009\fm.exe
FirewallRules: [{C6D51131-2A03-4037-BE72-33A44CD9E3BE}] => (Allow) C:\Program Files (x86)\Sports Interactive\Football Manager 2009\fm.exe
FirewallRules: [{5B971EAE-377B-41C8-B599-02488E8BB933}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{17265CFC-D5A4-4464-9859-42BBFC552B6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{EA6EFD0E-5E68-485F-ADBE-5567AD9FFA24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{73142582-7418-4D06-A651-425C77A6B721}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x86\sir.exe
FirewallRules: [{E725FB5D-E20A-42B9-895A-BBC330C5AB52}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{27D9409C-170B-4821-BC61-C983A3886A3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SirYouAreBeingHunted\x64\sir.exe
FirewallRules: [{71489EB9-739B-457B-BD18-207B36399227}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{2A1B302C-0EC1-4282-AA47-B847ED7AFA78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\TurboDismount\TurboDismount.exe
FirewallRules: [{EA24E7F4-0A5D-4B39-996F-DD85B1A09090}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{28C7EE16-4198-4AA1-9A64-138552D820DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe
FirewallRules: [{1D3EB4D6-1572-41AB-8D05-6C28493C154C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{5FB37973-F50E-44FD-82F5-43EA7BC560A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Kerbal Space Program\KSP.exe
FirewallRules: [{DFDD0DF0-BD6B-4614-9F23-1C888D7ACE78}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{87A853EC-5065-4BF8-9E07-A05859D12470}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C8187781-1EC9-4559-9116-EE377A1ED2B9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ChaosReborn\ChaosRebornWin64.exe
FirewallRules: [{C808B389-EB37-4162-B747-555ED6D62E99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ChaosReborn\ChaosRebornWin64.exe
FirewallRules: [{A4BC0161-6AA5-4425-8243-006BC27D0648}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{67260D4F-D066-435E-9222-C4B7D1782466}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe
FirewallRules: [{EE2CBE47-88F6-4C3D-80DE-151154EBFE94}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{ED09FE23-F1D0-4C0C-AA20-A31694C549B2}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{712C4D00-CB17-4C8F-875F-F93F7A785B0A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{2F936DD9-77BB-46FA-8885-36B022B59CE5}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{D8C0A444-B8DA-4911-97CB-CF4C487BA902}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1775870D-9952-4788-B96C-DCCF1D52612C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{69837057-4A35-44BE-91B2-414E787E4BD4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{89D63B5A-04E1-4D37-87A3-CECA365AFE09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A8C15A20-5A09-474D-8FAA-EEC25BB53E67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Walls Must Fall\ProjectDisco.exe
FirewallRules: [{94417016-E714-44BB-9F77-ED87C9CF2F1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\All Walls Must Fall\ProjectDisco.exe
FirewallRules: [{7903AF68-D366-43DF-970F-4D20A19DAA4C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\West of Loathing\West of Loathing.exe
FirewallRules: [{109CC732-389F-458A-AFFA-305F45DAF415}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\West of Loathing\West of Loathing.exe
FirewallRules: [{2DFA4EBC-B02E-466F-A55A-3D9163D59769}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B08E2880-A0C3-41DE-BA7D-7A8127516579}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{35867900-A788-454C-AD8D-D667DE9F74AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe
FirewallRules: [{6448EB91-CD13-42B4-B11D-5D8BA2320E3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{C3D242A1-7273-4D73-A3A0-C648D6A2FED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe
FirewallRules: [{AA44DF02-4A3C-4C4D-A515-1B8CB99BEB35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{FC37AF88-1F20-4985-B564-0A20D532099C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{7D782FD1-2A48-46C8-B8E2-A96567823629}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe
FirewallRules: [{DBA9C7AD-CDB6-447B-95B9-6AA3925BEA48}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Renowned Explorers\win64\abbeycore_win32_steam.exe
FirewallRules: [{11F4C685-3ED6-45FD-8E6D-5124E0F0C23D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-05-2018 23:56:00 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2018 07:27:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.17134.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2438

Start Time: 01d3ec7a3c5d9cac

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: a65d30be-81fb-4687-adc4-88d59917c110

Faulting package full name:

Faulting package-relative application ID:

Error: (05/14/2018 11:28:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 13a4

Start Time: 01d3ebd1440cb0db

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: f842b4a5-2341-4195-a7bc-aa804aab2e60

Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (05/14/2018 09:27:44 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 09:21:23 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 09:21:23 PM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 09:21:22 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (05/14/2018 09:12:35 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\AMD\WU-CCC2\ccc2_install\VC13RTx64\vcredist_x64.exe /q /norestart; Description = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501; Error = 0x80042302).

Error: (05/14/2018 09:12:35 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.


Operation:
   Instantiating VSS server


System errors:
=============
Error: (05/15/2018 07:56:57 PM) (Source: DCOM) (EventID: 10010) (User: matt-pc)
Description: The server Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca did not register with DCOM within the required timeout.

Error: (05/15/2018 12:11:01 AM) (Source: DCOM) (EventID: 10010) (User: matt-pc)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca did not register with DCOM within the required timeout.

Error: (05/14/2018 09:14:15 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Network Connection Broker service terminated with the following error:
A device attached to the system is not functioning.

Error: (05/14/2018 09:14:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (05/14/2018 09:12:15 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.

Error: (05/14/2018 09:11:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (05/14/2018 09:09:03 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The iphlpsvc service terminated with the following error:
The device is not ready.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 27%
Total physical RAM: 8138.14 MB
Available physical RAM: 5914.57 MB
Total Virtual: 10058.14 MB
Available Virtual: 8015.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.48 GB) (Free:727.97 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:232.88 GB) (Free:149.35 GB) NTFS

\\?\Volume{c8d983ba-aa6c-11e2-be66-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{19397c6f-0000-0000-0000-e0a4d1010000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 19397C6F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (Size: 232.9 GB) (Disk ID: DA3B81F4)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#5 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 21 May 2018 - 12:15 PM

When I booted up and checked I had 781,689,24,696 bytes of disk space. I now (post however long it took the above report above to run) have 781,659,869,184 bytes...

 

In case it is relevant, Drive E that is showing up is the original HD that was in the PC when I bought it back originally in 2006. When I upgraded my motherboard (and other things) and upgraded to WIN 8 (about a month after release), I bought a new 2TB HD and got the original put in as a slave - the old Windows XP files were deleted and now just has some Football Manager 2009 save files, backup MP3s to my MP3 player and the odd photo from years ago. There are no programmes on the drive and was intended to be used as an e-mail and photo back up drive (that was the plan anyhow)



#6 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 21 May 2018 - 12:22 PM

And in the short space of time it is now at 779,025,108,992 byte free.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 AM

Posted 27 May 2018 - 06:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Noj malware was found on your logs.
Just run this fix to clean these registry items.
===

Run this first.

Press Windows key + R
Type: services.msc
Hit Enter

Scroll down to Volume Shadow Copy Service
Select it then click Start or right click then click Start
Exit the Window.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts-x32: Restriction <==== ATTENTION

C:\Windows\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
C:\Windows\Microsoft\Windows\Setup\gwx\refreshgwxcontent
C:\Windows\Microsoft\Windows\Setup\EOONotify
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime
C:\Windows\Microsoft\Windows\Setup\gwx\refreshgwxconfig
C:\Windows\Microsoft\Windows\Setup\gwx\rundetector
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\Logon-5d
C:\Windows\Microsoft\Windows\Setup\gwx\launchtrayprocess
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
C:\Windows\Microsoft\Windows\UNP\RunCampaignManager
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime
C:\Windows\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\Time-5d
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d

CMD: bitsadmin /reset /allusers

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Remove these old Java version(s) via the Control Panel > Programs > Programs and Features.

Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075F0}) (Version: 7.0.750 - Oracle)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075FF}) (Version: 7.0.750 - Oracle)
Java 7 Update 76 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417076FF}) (Version: 7.0.760 - Oracle)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
===

Please let me know what problem persists with this computer.

#8 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 27 May 2018 - 12:49 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Matt (27-05-2018 18:17:45) Run:1
Running from C:\Users\Matt\Desktop\Anti-Virus programmes
Loaded Profiles: Matt (Available Profiles: Matt)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicyScripts-x32: Restriction <==== ATTENTION

C:\Windows\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d
C:\Windows\Microsoft\Windows\Setup\gwx\refreshgwxcontent
C:\Windows\Microsoft\Windows\Setup\EOONotify
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime
C:\Windows\Microsoft\Windows\Setup\gwx\refreshgwxconfig
C:\Windows\Microsoft\Windows\Setup\gwx\rundetector
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\Logon-5d
C:\Windows\Microsoft\Windows\Setup\gwx\launchtrayprocess
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d
C:\Windows\Microsoft\Windows\UNP\RunCampaignManager
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime
C:\Windows\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\Time-5d
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d
C:\Windows\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d

CMD: bitsadmin /reset /allusers

End
*****************

Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\SysWOW64\GroupPolicy\Machine => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => not found
"C:\Windows\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => not found
"C:\Windows\Microsoft\Windows\Setup\EOONotify" => not found
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => not found
"C:\Windows\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => not found
"C:\Windows\Microsoft\Windows\Setup\gwx\rundetector" => not found
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => not found
"C:\Windows\Microsoft\Windows\Setup\gwx\launchtrayprocess" => not found
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => not found
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => not found
"C:\Windows\Microsoft\Windows\UNP\RunCampaignManager" => not found
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => not found
"C:\Windows\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => not found
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => not found
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => not found
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => not found
"C:\Windows\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => not found

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 6578176 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 52152339 B
Java, Flash, Steam htmlcache => 476195493 B
Windows/system/drivers => 12025775 B
Edge => 520270 B
Chrome => 21395034 B
Firefox => 374447567 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 8470 B
LocalService => 0 B
NetworkService => 6656 B
NetworkService => 0 B
Matt => 8768257 B

RecycleBin => 5543667388 B
EmptyTemp: => 6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:25:36 ====

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Matt (Administrator) on 27/05/2018 at 18:39:03.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0


Deleted the following from C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\cp3am2n9.default\prefs.js
user_pref(browser.urlbar.suggest.searches, false);



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/05/2018 at 18:42:30.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#9 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 27 May 2018 - 01:14 PM

I've deleted the various Java as requested and my HD was showing 791,128,076,288 bytes.

 

I can hear the hard drive being active - leaving the computer alone to do stuff for a (timed) minute and my computer is now reporting 790,765,867,008 bytes.

 

 

 

Looking in the task manager (I know not necessarily 100% accurate), the thing that is most reporting disk activity is:

 

wsappx

---> AppX Deployment Service (AppXSVC)

 

which is taking up about 3-4Mb/s

 

There are also a number of "Microsoft Windows System Protection background tasks." who are typically at 0.5Mb/s with the occassional spike to about 2Mb/s for a second (or two)

 

In the time it took to write the above the HD reported 790,928,982,016

 

In light of the name of the tasks using the disk (according to the task manager), I don't know if this is to be expected and the Free space should only be investigated once done?



#10 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 27 May 2018 - 01:42 PM

Been checking the HD periodically (local time)

 

19:11 - 791,229,743,104 bytes

19:14 - 791,229,710,336

 

(protection background tasks end - no obvious disk activity apart from the occassional click)

 

19:18 - 791,227,719,680

19:23 - 791,224,118,928

19:24 - 791,222,337,536

19:24 - 791,166,263,296 (took about 30 seconds later having noted the prior figure on paper)

19:27 - 791,160,016,896

19:28 - 791,208,124,416

19:29 - 791,207,682,048

19:30 - 791,207,419,904

19:32 - 791,206,834,176

19:34 - 791,206,408,192

19:36 - 791,206,182,912

19:39 - 791,205,576,704

19:44 - 791,205,339,136

 

I'm disconnected from the internet. I'm not running anything beyound the open Firefox browser that I am typing in (I'll connect to the internet to send), a window so that I can right click on the C: drive to look at properties and the Task Manager. Although the amound of reported disk space is not falling significantly (at the moment anyhow) I am thinking it shouldn't be falling for the last 30 minutes when the computer is not being asked to do anything?

 

There is also the follow up question of if it is possible to work out where the 100Gb or so of missing hard drive space went and recover??



#11 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 27 May 2018 - 01:46 PM

In the couple of minutes it took to post it is now reporting 791,202,562,048 bytes. Definitely something not right.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 AM

Posted 28 May 2018 - 06:50 AM

Hi,

This is no caused by malware.

Use the System File Checker tool to repair missing or corrupted system files
https://support.microsoft.com/en-us/help/929833/use-the-system-file-checker-tool-to-repair-missing-or-corrupted-system

===

Run the Check Disk utility on the drive.
https://www.howtogeek.com/howto/windows-vista/guide-to-using-check-disk-in-windows-vista/

Use the /f switch.

chkdsk /f c:

Or and you can also use then /r switch.

Check the article for more information.

Let me know if the problem persists.

#13 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 29 May 2018 - 02:52 PM

Hi

 

I appreciate it isn't malware...

 

I ran the System File Checker tool using "DISM.exe /Online /Cleanup-image /Restorehealth" (completed successfully)

 

and then "sfc /scannow" (did not find any integrity violations)

 

-----

 

Then tried "chkdsk /r c:" (because why not go the full on version) which forced a reboot. After a few seconds of the round spinny thing that says the computer is doing something then it flashed up 100% and then the desktop part of the booting opened.

 

As that was a lot quicker than expected I repeated the exercise with "chkdsk /f c:" - upon booting up it said it was checking the disk with the % slowly going up, hit about 50% checked and then suddenly declared 100%. The desktop opened.

 

-----

 

I still seem to be loosing about 100k bytes per second...



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:11 AM

Posted 30 May 2018 - 06:35 AM

Hi,

I checked you logs and notice that you have No restore point listed.

Check the settings.
https://www.tenforums.com/tutorials/4533-turn-off-system-protection-drives-windows-10-a.html

Additional information.
https://www.groovypost.com/howto/reduce-space-windows-10-system-restore-uses/

Did you make a change to the current settings?

How is the space issue now?

#15 John Knee

John Knee
  • Topic Starter

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Local time:04:11 AM

Posted 30 May 2018 - 12:54 PM

So should I be turning the System Restore one or off?? When I go into the Sytem Properties and the "System Protection" tab, it says there is protection on for Local Disk C. When I click on the Configure button, the "Disable system protection" button is already ticked (or selected) and the Disk Space Usage says 0 bytes.

 

In the System Protection tab there is a System Restore button. If I click in there to take a look, there are 5 Java removal points, one JRT Pre-Junkware and one on the 14th May for Windows Update.....

 

I've not done anything as I am not sure if I am supposed to switch the settings off and then on again or?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users