[SOLVED] [Win10v1703b15063 x64] Windows Update says "Your device is at risk..."

[tgp1994]

Starting a couple of weeks ago, Windows Update always shows a message starting with "Your device is at risk because it's out of date and missing important security and quality updates...". I have the option to check for updates, which when I click, will work for a while before either returning to the same error message, or downloading an update for Windows Defender.

Current system
I have Windows 10 Professional 64 bit. According to winver.exe, I have Version 1703 OS Build 15063.413. According to Windows Update and DISM however, I have no feature updates or security patches installed (so I technically shouldn't have version 413?) but any other program reports that my version is 10.0.15063.0.

Attempted troubleshooting steps

1. SFC scan - no integrity violations.
2. DISM - Operation completed successfully (??)
3. SFCFix - "No corruptions have been detected on this computer." (log file attached anyways.)
4. Ran the Windows Update troubleshooter - it always finds at least two or more things wrong, then it says it supposedly fixed them. I've tried this multiple times now.
5. Tweaking.com Windows repair tool - ran version 4.0.6, all fixes (it did find corruption in the Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum package).

Any help is greatly appreciated!

 

[jcgriff2]

Re: [Windows 10] Windows Update says "Your device is at risk..."

One easy way to find out the number of Windows Updates installed - run the command systeminfo

Bring up an Admin CMD prompt screen; type or paste:

systeminfo >0 & start notepad 0

A Notepad will open upon completion.

Begin scrolling down until you see something similar to:

Hotfix(s):                 [HI]281[/HI] Hotfix(s) Installed.
                           [01]: KB2899189_Microsoft-Windows-CameraCodec-Package
                           [02]: KB2868626
                           [03]: KB2883200
                           [04]: KB2887595
                           [05]: KB2894852

"281" is of course my system's number - it represents the total number of Windows Updates installed.

---

---

Windows Update Information via Windows Management Instrumentation (WMI)

Windows Management Instrumentation (WMI) - (Windows 10, 8.1, 8, 7, Vista)

Go to #44 - "qfe"

Scroll to the right and try both "HTML" + "TXT" commands. The HTML app command opens the output in your default web browser; the TXT app command opens the output in a Notepad. I think the HTML output is easier to read for the qfe command, but that will be your call.

To run the HTML version, click on "Download wmic qfe HTML Output batch file" - then either save to Desktop or Documents and run from there or select "Run" during the download. Same applies to the TXT version.

The other clickable options for each are simply output file examples.

---

---

Once you have completed that, please run - Windows Update Forum Posting Instructions

Thank you.

Regards. . .

jcgriff2

 

[tgp1994]

Re: [Windows 10] Windows Update says "Your device is at risk..."

One easy way to find out the number of Windows Updates installed - run the command systeminfo

Hotfix(s): N/A

Uh...? That's rather strange... I upgraded from Windows 8.1 when Windows 10 was released so I'd think there should be something here. Interestingly though, my PC has never successfully completed a major version patch in Windows 10. I've always had to get the ISO from Microsoft, then run the upgrade through that.

Windows Update Information via Windows Management Instrumentation (WMI)

Windows Management Instrumentation (WMI) - (Windows 10, 8.1, 8, 7, Vista)

Go to #44 - "qfe"

The wmic qfe command just returns "No Instance(s) Available.", I wonder if this coincides with the last bit of information?

Once you have completed that, please run - Windows Update Forum Posting Instructions

Thank you.

Regards. . .

jcgriff2

I think that's all provided in the OP, please let me know if I've missed something though.

Thank you!

 

[jcgriff2]

Re: [Windows 10] Windows Update says "Your device is at risk..."

It's not possible to screw those commands up.

The fact that WMI returns "No Instance(s) Available." tells me that you literally have no Windows Updates installed.

Do you have an Internet Security Suite (3rd party firewall) installed? Like Norton, McAfee, KIS, etc...?

If you do, see if it is listed and use the removal tool to get rid of it for now - Uninstallers (removal tools) for common Windows antivirus software—ESET Knowledgebase

Regards. . .

jcgriff2

 

[tgp1994]

Re: [Windows 10] Windows Update says "Your device is at risk..."

I used to have Norton 360 installed (about a year or so ago), I've since removed it and I'm just running Defender and Malwarebytes from time to time. I did recently run the Norton Removal and Reinstall tool (just for the removal part) just in case.

 

[BrianDrab]

Re: [Windows 10] Windows Update says "Your device is at risk..."

Hello and welcome

Due to the precise nature of your issue, you will receive help from a user named softwaremaniac. He's one of our senior trainees here who's in his final phase of his studies and needs to gain some real world experience in specific areas of Windows Update. This means that he'll be assisting you, but that I will first need to double check and approve his fixes before he posts them to you. If anything this is a good thing for you because it means that you've got at least two of us watching over your thread, but it will unfortunately add a slight delay between each reply. I hope that you understand and can accept the need for us to train up new members in this way in order to carry on doing what we do here, however, if for any reason you object to this setup, I will happily take on your thread myself.

Thank you very much for your understanding. We'll be with you very shortly.

 

[tgp1994]

Re: [Windows 10] Windows Update says "Your device is at risk..."

Hi BrianDrab,

I'll be glad to be a test subject here. I'm somewhat interested myself in how my computer managed to become so screwed up. :smile9: I'm looking forward to your and softwaremaniac's assistance.

 

[Sysnative Windows Update]

SFCFix Script

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop.
2. Download the file below, SFCFix.zip, and save this to your Desktop. Ensure that this file is named SFCFix.zip - do not rename it.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCFix.zip.
5. Drag the file SFCFix.zip onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please - put [CODE][/CODE] tags around the log to break up the text.

 

[tgp1994]

Hi softwaremaniac,

Here's the result:

SFCFix version 3.0.0.0 by niemiro.
Start time: 2017-09-25 15:42:57.948
Microsoft Windows 10 Build 15063 - amd64
Using .zip script file at E:\Users\Glen\Downloads\SFCFix.zip [0]




PowerCopy::
Successfully took permissions for file or folder C:\WINDOWS\Servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat
Successfully took permissions for file or folder C:\WINDOWS\Servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum

Successfully copied file C:\Users\Glen\AppData\Local\niemiro\Archive\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat to C:\WINDOWS\Servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat.
Successfully copied file C:\Users\Glen\AppData\Local\niemiro\Archive\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum to C:\WINDOWS\Servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum.

Successfully restored ownership for C:\WINDOWS\Servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat
Successfully restored permissions on C:\WINDOWS\Servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.cat
Successfully restored ownership for C:\WINDOWS\Servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum
Successfully restored permissions on C:\WINDOWS\Servicing\Packages\Microsoft-Windows-TestRoot-and-FlightSigning-Package~31bf3856ad364e35~amd64~~10.0.15063.0.mum
PowerCopy:: directive completed successfully.




Successfully processed all directives.
SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 2 datablocks.
Finish time: 2017-09-25 15:42:59.045
Script hash: XnMVyqCQ58Qs4TIjBy8yV1ij1Uw9FxWkHwuazaz2Kl4=
----------------------EOF-----------------------

I remember reading elsewhere that it's normal for these files to be corrupt, despite what the Tweaking.com tool says. Unfortunately, I still have the same issue with Windows Update.

I'm glad to be working with you, and I appreciate your help!

 

[Sysnative Windows Update]

Please set your timezone to the US Pacific zone and see if the message goes away.

 

[tgp1994]

I've checked and it's already set correctly. Unless there's something indicating that it isn't?

 

[Sysnative Windows Update]

Please download the attached file and run as admin.
Wait a couple of seconds. A CMD window will open.
When done, retry updates.

Note: It will take longer than usual.

 

[tgp1994]

I've run commands like those several times in the past, but I gave it one more try. Still no luck.

 

[Sysnative Windows Update]

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

[tgp1994]

Hi SM,

Interesting tool! I followed your instructions, and let it run. At the end it requested a restart, but nothing after that.

Just something of note: It looks like it may have been trying to clean up temporary files in the EmptyTemp section, but the files it was going after are still there. My cookies are still intact, as well as the files in my recycle bin. It also looks like it had some trouble deleting TxR files? Here is the fixlog as requested:

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-09-2017
Ran by Glen (29-09-2017 18:45:48) Run:1
Running from E:\Users\Glen\Desktop
Loaded Profiles: Glen (Available Profiles: Glen & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: sc config trustedinstaller start=auto
cmd: net start trustedinstaller
cmd: fsutil resource setautoreset true %SystemDrive%\
cmd: attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
cmd: echo y | del %SystemRoot%\System32\Config\TxR\*
cmd: attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
EmptyTemp:
*****************


========= sc config trustedinstaller start=auto =========

[SC] ChangeServiceConfig SUCCESS

========= End of CMD: =========


========= net start trustedinstaller =========

The Windows Modules Installer service is starting.
The Windows Modules Installer service was started successfully.


========= End of CMD: =========


========= fsutil resource setautoreset true %SystemDrive%\ =========

The operation completed successfully.

========= End of CMD: =========


========= attrib -r -s -h %SystemRoot%\System32\Config\TxR\* =========


========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\Config\TxR\* =========

C:\WINDOWS\System32\Config\TxR\*, Are you sure (Y/N)? y 
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.0.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.1.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.2.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.blf
The process cannot access the file because it is being used by another process.
C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TM.blf
The process cannot access the file because it is being used by another process.
C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.

========= End of CMD: =========


========= attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\* =========


========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm* =========


========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf =========

Could Not Find C:\WINDOWS\System32\SMI\Store\Machine\*.blf

========= End of CMD: =========


========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms =========

Could Not Find C:\WINDOWS\System32\SMI\Store\Machine\*.regtrans-ms

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32700972 B
Java, Flash, Steam htmlcache => 364289879 B
Windows/system/drivers => 36919485 B
Edge => 325056940 B
Chrome => 0 B
Firefox => 398340828 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 7680 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 501402 B
Glen => 208312506 B
DefaultAppPool => 0 B

RecycleBin => 6809516377 B
EmptyTemp: => 7.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:02:00 ====

Of course, Windows Update is still uncooperative. :r1:

 

[Sysnative Windows Update]

Step#1 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

[tgp1994]

This one went quite a bit faster! It looks like it's still getting caught up on a few files though. Windows Update's still not happy.

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-09-2017
Ran by Glen (29-09-2017 20:19:53) Run:2
Running from E:\Users\Glen\Desktop
Loaded Profiles: Glen (Available Profiles: Glen & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.0.regtrans-ms
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.1.regtrans-ms
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.2.regtrans-ms
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.blf
C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TM.blf
C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms
C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms


*****************

C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.0.regtrans-ms => moved successfully
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.1.regtrans-ms => moved successfully
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.2.regtrans-ms => moved successfully
C:\WINDOWS\System32\Config\TxR\{4e074556-0c1c-11e7-a943-e41d2d718a20}.TxR.blf => moved successfully
Could not move "C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TM.blf" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms" => Scheduled to move on reboot.
Could not move "C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms" => Scheduled to move on reboot.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 29-09-2017 20:20:34)

"C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TM.blf" => Could not move
"C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000001.regtrans-ms" => Could not move
"C:\WINDOWS\System32\Config\TxR\{4e074557-0c1c-11e7-a943-e41d2d718a20}.TMContainer00000000000000000002.regtrans-ms" => Could not move

==== End of Fixlog 20:20:34 ====

 

[Sysnative Windows Update]

Step#1 - FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

[tgp1994]

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-09-2017
Ran by Glen (administrator) on GLEN10 (30-09-2017 12:47:44)
Running from E:\Users\Glen\Desktop
Loaded Profiles: Glen (Available Profiles: Glen & DefaultAppPool)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(VMware, Inc.) E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(hxxp://tortoisesvn.net) E:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(REALiX) C:\HWInfo64\HWiNFO64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Tixati Software Inc.) E:\Program Files\tixati\tixati.exe
(Google Inc.) C:\Users\Glen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Plex) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) E:\Program Files (x86)\Steam\Steam.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5232072 2016-08-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (Dominik Reichl)
HKLM-x32\...\Run: [RoccatIsku] => C:\Program Files (x86)\ROCCAT\Isku Keyboard\IskuMonitor.EXE [536576 2013-10-30] (ROCCAT GmbH)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3481912 2017-09-20] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (Dominik Reichl)
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\Run: [tixati] => E:\Program Files\tixati\tixati.exe [36723960 2017-08-16] (Tixati Software Inc.)
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\Run: [MusicManager] => C:\Users\Glen\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [16309736 2017-09-25] (Plex, Inc.)
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\Run: [AMDDVR] => C:\Program Files\AMD\CNext\CNext\amddvr.exe [1433992 2017-09-05] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\MountPoints2: {4b7be00f-6271-11e7-83df-74d4355eb1bd} - "G:\Autorun.exe" 
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\MountPoints2: {53f6a7bc-21a1-11e5-82cf-74d4355eb1bd} - "I:\Autorun.exe" 
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\MountPoints2: {dbb94050-5f72-11e7-83dd-005056c00008} - "H:\Autorun.exe" 
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [16309736 2017-09-25] (Plex, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2016-08-02]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-08-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5e2d975d-ece9-49aa-9ab6-3dc87cb26073}: [DhcpNameServer] 10.112.58.1
Tcpip\..\Interfaces\{9038c3e3-6bb2-4e94-88f1-a7aaf81d87f5}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-22] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-22] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

Edge: 
======
Edge Session Restore: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001 -> is enabled.
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.13.8.0_neutral__f8jsg5mm64m62 [2017-08-23]

FireFox:
========
FF DefaultProfile: 9e49fmkj.default
FF ProfilePath: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default [2017-09-30]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9e49fmkj.default -> Google
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\9e49fmkj.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\9e49fmkj.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\9e49fmkj.default -> is enabled.
FF NetworkProxy: Mozilla\Firefox\Profiles\9e49fmkj.default -> type", 4
FF Extension: (MEGA) - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default\Extensions\firefox@mega.co.nz.xpi [2017-09-27]
FF Extension: (HTTPS Everywhere) - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default\Extensions\https-everywhere-eff@eff.org.xpi [2017-09-12]
FF Extension: (Reddit Enhancement Suite) - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default\Extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi [2017-09-21]
FF Extension: (KeeFox) - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default\Extensions\keefox@chris.tomlinson [2017-09-05]
FF Extension: (uBlock Origin) - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default\Extensions\uBlock0@raymondhill.net.xpi [2017-09-21]
FF Extension: (Auto Unload Tab) - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default\Extensions\{d3c46ca0-999d-11da-a72b-0800200c9a66}.xpi [2016-12-21]
FF Extension: (DownThemAll!) - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29]
FF Extension: (Greasemonkey) - C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-09-28]
FF SearchPlugin: C:\Users\Glen\AppData\Roaming\Mozilla\Firefox\Profiles\9e49fmkj.default\searchplugins\msdn.xml [2015-04-03]
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-22] (Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> E:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> E:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> E:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2017-06-29] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin HKU\S-1-5-21-3509762593-3559169864-4008261023-1001: @nsroblox.roblox.com/launcher -> C:\Users\Glen\AppData\Local\Roblox\Versions\version-b066e068986145c3\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3509762593-3559169864-4008261023-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Glen\AppData\Local\Roblox\Versions\version-b066e068986145c3\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-3509762593-3559169864-4008261023-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3509762593-3559169864-4008261023-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [No File]
StartMenuInternet: FIREFOX.EXE - E:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-04-19] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-02-26] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-09-20] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [227104 2016-08-09] (EasyAntiCheat Ltd)
S4 FoxitReaderService; E:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\FoxitConnectedPDFService.exe [1659456 2017-06-29] (Foxit Software Inc.)
S4 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2014-01-28] (Futuremark)
S4 GJServiceV5; E:\Program Files (x86)\SlySoft\Game Jackal v5\Server.exe [4502200 2013-10-30] ()
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3894760 2017-06-07] (Paramount Software UK Ltd)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S4 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2168672 2017-07-26] (Electronic Arts)
S2 Origin Web Helper Service; E:\Program Files (x86)\Origin\OriginWebHelperService.exe [3148128 2017-07-26] (Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2092008 2017-09-25] (Plex, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
S3 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5232072 2016-08-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-08-28] (TeamViewer GmbH)
R2 VMAuthdService; E:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [95816 2016-05-05] (VMware, Inc.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-17] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0317685.inf_amd64_f4ed8f05a31c5d2d\atikmdag.sys [38761496 2017-09-07] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0317685.inf_amd64_f4ed8f05a31c5d2d\atikmpag.sys [541720 2017-09-07] (Advanced Micro Devices, Inc.)
S3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices)
U5 dc3d; C:\Windows\System32\Drivers\dc3d.sys [95024 2015-12-09] (Microsoft Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2017-07-05] (Disc Soft Ltd)
S3 dtproscsibus; C:\WINDOWS\System32\drivers\dtproscsibus.sys [30264 2017-07-22] (Disc Soft Ltd)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2016-07-29] ()
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
S3 HTCAND64; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 HtcVCom32; C:\WINDOWS\system32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated) [File not signed]
R3 HWiNFO32; C:\Users\Glen\AppData\Local\Temp\HWiNFO64A.SYS [27552 2017-09-30] (REALiX(tm)) <==== ATTENTION
R1 KProcessHacker3; C:\Program Files\Process Hacker\kprocesshacker.sys [45208 2017-09-29] (wj32)
S3 Maplom; C:\Windows\System32\Drivers\Maplom.sys [35384 2013-10-29] (SlySoft Inc.)
S3 MaplomL; C:\Windows\System32\Drivers\MaplomL.sys [60472 2013-10-29] (SlySoft Inc.)
U5 mv61xx; C:\Windows\System32\Drivers\mv61xx.sys [173096 2008-06-23] (Marvell Semiconductor, Inc.)
S3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2016-08-02] (SoftEther Corporation)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [36600 2014-04-17] (Riverbed Technology, Inc.)
S3 PortTalk; C:\Windows\SysWOW64\Drivers\PortTalk.sys [3567 2002-01-12] (Beyond Logic hxxp://www.beyondlogic.org) [File not signed]
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [84792 2017-07-11] (Sysinternals - www.sysinternals.com)
S3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows (R) Win 7 DDK provider)
S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11973 2017-07-05] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2017-05-21] (SoftEther Corporation)
S3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R0 sptd2; C:\WINDOWS\System32\Drivers\sptd2.sys [203296 2017-07-22] (Duplex Secure Ltd)
S3 stdpms; C:\WINDOWS\System32\drivers\stdpms.sys [28904 2014-05-15] (Splashtop Inc.)
S3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [54896 2017-04-21] (The OpenVPN Project)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-05-09] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-05-09] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700296 2014-05-09] ()
S3 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [196040 2017-07-27] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-07-27] (Oracle Corporation)
R0 vsock; C:\WINDOWS\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S2 AODDriver4.3.0; \??\C:\Program Files (x86)\AMD\Performance Profile Client\amd64\AODDriver2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-30 11:01 - 2017-09-30 11:01 - 000000000 ___HD C:\OneDriveTemp
2017-09-29 18:44 - 2017-09-30 12:47 - 000000000 ____D C:\FRST
2017-09-29 17:36 - 2017-09-29 17:36 - 000000000 ____D C:\Users\Glen\AppData\Local\IsolatedStorage
2017-09-29 12:32 - 2017-09-29 12:32 - 000000662 _____ C:\Users\Glen\.gitconfig
2017-09-29 11:46 - 2017-09-29 11:46 - 000000000 ____D C:\Program Files (x86)\MonoGame
2017-09-29 10:45 - 2017-09-29 10:45 - 000001533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker.lnk
2017-09-29 10:45 - 2017-09-29 10:45 - 000001485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PE Viewer.lnk
2017-09-29 10:45 - 2017-09-29 10:45 - 000000000 ____D C:\Users\Glen\AppData\Roaming\Process Hacker
2017-09-29 10:45 - 2017-09-29 10:45 - 000000000 ____D C:\Program Files\Process Hacker
2017-09-28 09:15 - 2017-09-28 09:15 - 000000000 ____D C:\Users\Glen\AppData\LocalLow\AMD
2017-09-27 19:30 - 2017-09-27 19:30 - 000000000 ____D C:\Users\Glen\.nuget
2017-09-26 17:54 - 2017-09-26 17:54 - 000000000 ____D C:\Users\Glen\AppData\Local\RadeonSettings
2017-09-25 19:19 - 2017-09-25 19:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2017-09-25 19:19 - 2017-09-25 19:19 - 000000000 ____D C:\Program Files (x86)\Plex
2017-09-22 19:39 - 2017-09-22 19:40 - 000003965 _____ C:\WINDOWS\system32\0
2017-09-22 14:55 - 2017-09-25 15:42 - 000000000 ____D C:\SFCFix
2017-09-22 14:51 - 2017-09-25 15:42 - 000000000 ____D C:\Users\Glen\AppData\Local\niemiro
2017-09-22 14:03 - 2017-09-22 14:03 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-GLEN10-Windows-10-Pro-(64-bit).dat
2017-09-22 14:03 - 2017-09-22 14:03 - 000000000 ____D C:\RegBackup
2017-09-22 12:57 - 2017-09-22 13:35 - 000000000 ____D C:\msus
2017-09-21 13:57 - 2017-09-21 13:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-09-20 18:09 - 2017-09-20 19:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Norton Remove and Reinstall
2017-09-20 17:42 - 2017-09-20 17:43 - 000262144 _____ C:\WINDOWS\system32\log.txt.dpx
2017-09-20 17:37 - 2017-09-20 17:37 - 000196608 _____ C:\WINDOWS\system32\wusa.etl.dpx
2017-09-20 17:37 - 2017-09-20 17:37 - 000196608 _____ C:\WINDOWS\system32\wusa.etl
2017-09-20 09:48 - 2017-09-20 09:48 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-09-20 09:48 - 2017-09-20 09:48 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-09-20 09:48 - 2017-09-20 09:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-09-20 09:48 - 2017-09-20 09:48 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-09-19 15:33 - 2017-09-22 22:57 - 000000000 ____D C:\ProgramData\AMD
2017-09-19 15:33 - 2017-09-19 15:47 - 000000000 ____D C:\Users\Glen\AppData\Local\AMD
2017-09-19 15:33 - 2017-09-19 15:33 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2017-09-19 15:33 - 2017-09-19 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-09-19 15:33 - 2017-09-19 15:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-09-19 15:33 - 2017-09-19 15:33 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-09-19 15:33 - 2017-09-19 15:33 - 000000000 ____D C:\Program Files (x86)\AMD
2017-09-19 15:32 - 2017-09-19 15:32 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-09-19 15:32 - 2017-07-12 09:54 - 000776992 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-09-19 15:32 - 2017-07-12 09:53 - 000905504 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-09-19 15:32 - 2017-07-12 09:53 - 000578848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-09-19 15:32 - 2017-07-12 09:53 - 000477472 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-09-19 15:31 - 2017-09-19 15:33 - 000000000 ____D C:\Program Files\AMD
2017-09-19 15:28 - 2017-09-19 15:28 - 000189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2017-09-19 15:25 - 2017-09-22 14:23 - 000519662 _____ C:\WINDOWS\ntbtlog.txt
2017-09-12 16:00 - 2017-09-12 16:00 - 000000000 ____D C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fopnu
2017-09-12 16:00 - 2017-09-12 16:00 - 000000000 ____D C:\Program Files\fopnu
2017-09-07 08:37 - 2017-09-07 08:37 - 012515352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdvlk64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 010294808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdvlk32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 003471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2017-09-07 08:37 - 2017-09-07 08:37 - 003437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2017-09-07 08:37 - 2017-09-07 08:37 - 002915864 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 002530328 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 001541144 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 001058328 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 001058328 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000925208 _____ (AMD) C:\WINDOWS\system32\coinst_17.30.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000864792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000822448 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2017-09-07 08:37 - 2017-09-07 08:37 - 000822448 _____ C:\WINDOWS\system32\atiapfxx.blb
2017-09-07 08:37 - 2017-09-07 08:37 - 000781848 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2017-09-07 08:37 - 2017-09-07 08:37 - 000696856 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000666648 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2017-09-07 08:37 - 2017-09-07 08:37 - 000574464 _____ C:\WINDOWS\system32\amdmiracast.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000552984 _____ C:\WINDOWS\system32\dgtrayicon.exe
2017-09-07 08:37 - 2017-09-07 08:37 - 000552472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2017-09-07 08:37 - 2017-09-07 08:37 - 000531992 _____ C:\WINDOWS\system32\GameManager64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000515096 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000484376 _____ C:\WINDOWS\system32\atieah64.exe
2017-09-07 08:37 - 2017-09-07 08:37 - 000467992 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000370200 _____ C:\WINDOWS\system32\clinfo.exe
2017-09-07 08:37 - 2017-09-07 08:37 - 000366104 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000360984 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000334872 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2017-09-07 08:37 - 2017-09-07 08:37 - 000277016 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000245784 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000242712 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000204952 _____ C:\WINDOWS\SysWOW64\ativvsvl.dat
2017-09-07 08:37 - 2017-09-07 08:37 - 000204952 _____ C:\WINDOWS\system32\ativvsvl.dat
2017-09-07 08:37 - 2017-09-07 08:37 - 000204312 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000196840 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdhcp64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000192024 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000170520 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000168472 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000165072 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdhcp32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000157360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000157144 _____ C:\WINDOWS\SysWOW64\ativvsva.dat
2017-09-07 08:37 - 2017-09-07 08:37 - 000157144 _____ C:\WINDOWS\system32\ativvsva.dat
2017-09-07 08:37 - 2017-09-07 08:37 - 000154384 _____ C:\WINDOWS\system32\samu_krnl_ci.sbin
2017-09-07 08:37 - 2017-09-07 08:37 - 000151576 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000149104 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000139744 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000138832 _____ C:\WINDOWS\system32\samu_krnl_isv_ci.sbin
2017-09-07 08:37 - 2017-09-07 08:37 - 000136216 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000134168 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000131944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000131944 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000124952 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000120880 _____ C:\WINDOWS\system32\kapp_ci.sbin
2017-09-07 08:37 - 2017-09-07 08:37 - 000116736 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000115736 _____ C:\WINDOWS\system32\atidxx64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000115224 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000114704 _____ C:\WINDOWS\system32\kapp_si.sbin
2017-09-07 08:37 - 2017-09-07 08:37 - 000113176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000103184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000103176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000102424 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000099864 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000092184 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmcl64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000075800 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmcl32.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000069656 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000045592 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000043032 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000032804 _____ C:\WINDOWS\system32\AMDKernelEvents.man
2017-09-07 08:37 - 2017-09-07 08:37 - 000029720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000029720 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2017-09-07 08:37 - 2017-09-07 08:37 - 000000145 _____ C:\WINDOWS\SysWOW64\amd-vulkan32.json
2017-09-07 08:37 - 2017-09-07 08:37 - 000000145 _____ C:\WINDOWS\system32\amd-vulkan64.json
2017-09-05 19:09 - 2017-09-20 18:32 - 000000000 ____D C:\WINDOWS\system32\Catroot2.bak
2017-09-05 12:58 - 2017-09-05 12:58 - 000149896 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2017-09-05 12:58 - 2017-09-05 12:58 - 000127880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2017-09-02 20:14 - 2017-09-02 20:14 - 000000000 ____D C:\Users\Glen\.Plays.tv
2017-09-02 20:13 - 2017-09-24 15:01 - 000000000 ____D C:\Users\Glen\AppData\Roaming\Raptr
2017-09-02 20:13 - 2017-09-02 20:13 - 000000000 ____D C:\Program Files (x86)\Raptr Inc

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-30 12:46 - 2014-05-27 15:58 - 000000000 ____D C:\Users\Glen\AppData\Roaming\tixati
2017-09-30 12:39 - 2016-11-17 16:05 - 000000000 ____D C:\Users\Glen\AppData\LocalLow\Mozilla
2017-09-30 11:29 - 2017-04-19 14:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-30 11:05 - 2017-04-19 14:35 - 000986100 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-30 11:04 - 2017-04-19 14:48 - 000004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2E3940E2-9D85-4F96-B2B0-79241266DC7D}
2017-09-30 11:01 - 2014-06-14 04:26 - 000000000 ____D C:\Users\Glen\AppData\Local\TSVNCache
2017-09-30 11:01 - 2014-05-25 05:14 - 000000000 __RDO C:\Users\Glen\OneDrive
2017-09-30 11:00 - 2017-04-19 14:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-30 11:00 - 2014-12-30 13:15 - 000000000 ____D C:\Users\Glen\AppData\Roaming\VMware
2017-09-30 11:00 - 2014-12-30 13:14 - 000000000 ____D C:\ProgramData\VMware
2017-09-30 02:11 - 2017-04-19 14:35 - 000000000 ____D C:\Users\Glen
2017-09-30 02:11 - 2017-04-19 14:34 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-09-30 02:11 - 2017-03-18 04:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-29 23:34 - 2014-05-25 05:28 - 000000000 ____D C:\Users\Glen\AppData\LocalLow\Temp
2017-09-29 23:34 - 2014-05-24 21:40 - 000000000 ____D C:\Users\Glen\AppData\Roaming\KeePass
2017-09-29 16:09 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-29 16:09 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-29 13:10 - 2014-06-15 07:40 - 000000000 ____D C:\Users\Glen\AppData\Roaming\GitHub
2017-09-29 13:10 - 2014-06-15 07:40 - 000000000 ____D C:\Users\Glen\AppData\Local\GitHub
2017-09-29 12:32 - 2017-08-18 15:42 - 000000000 ____D C:\Users\Glen\AppData\Local\Deployment
2017-09-29 11:46 - 2017-04-19 15:28 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-29 10:25 - 2017-08-23 15:35 - 000000000 ____D C:\Users\Glen\AppData\Roaming\Visual Studio Setup
2017-09-29 10:25 - 2014-05-24 11:08 - 000000000 ____D C:\Users\Glen\AppData\Local\Packages
2017-09-28 20:53 - 2017-06-28 22:14 - 000000000 ____D C:\Users\Glen\AppData\Roaming\vlc
2017-09-28 20:52 - 2014-06-02 18:45 - 000000600 _____ C:\Users\Glen\AppData\Local\PUTTY.RND
2017-09-28 09:17 - 2014-12-30 13:15 - 000000000 ____D C:\Users\Glen\AppData\Local\VMware
2017-09-27 23:30 - 2014-05-25 12:47 - 000000000 ____D C:\Users\Glen\AppData\Local\CrashDumps
2017-09-27 23:11 - 2017-04-08 15:35 - 000000275 _____ C:\WINDOWS\WindowsUpdate.log.bak
2017-09-27 19:22 - 2015-02-13 12:25 - 000000000 ____D C:\Users\Glen\AppData\Local\NuGet
2017-09-25 19:19 - 2015-11-30 22:30 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-24 15:58 - 2017-07-22 19:15 - 000000000 ____D C:\Program Files\DAEMON Tools Pro
2017-09-22 14:54 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-22 14:21 - 2017-08-23 15:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-09-22 14:21 - 2017-04-19 14:33 - 004945752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-22 14:21 - 2014-05-24 11:08 - 000000000 ____D C:\WINDOWS\CSC
2017-09-22 14:17 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-22 14:17 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-09-22 14:15 - 2014-06-03 15:52 - 000007616 _____ C:\Users\Glen\AppData\Local\resmon.resmoncfg
2017-09-22 14:08 - 2017-04-19 14:35 - 003027432 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-09-22 12:53 - 2017-08-23 15:50 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-09-21 15:06 - 2017-07-26 21:56 - 000003358 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3509762593-3559169864-4008261023-1001
2017-09-21 15:06 - 2015-08-16 15:43 - 000002400 _____ C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-21 13:57 - 2016-01-19 17:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-09-21 11:29 - 2014-12-02 19:27 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-09-20 18:33 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-09-20 18:09 - 2014-05-24 10:13 - 000000000 ____D C:\ProgramData\Norton
2017-09-20 18:05 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-19 15:18 - 2017-07-10 18:09 - 000000000 ____D C:\AMD
2017-09-15 12:56 - 2015-01-16 21:30 - 000000000 ____D C:\Users\Glen\AppData\Roaming\GameSave Manager 3
2017-09-12 18:31 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-12 18:30 - 2017-08-23 15:35 - 000001359 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-09-12 18:30 - 2017-08-23 15:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-09-12 15:57 - 2014-05-24 11:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-09-12 15:56 - 2014-05-24 11:30 - 138202976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-09-12 15:55 - 2015-03-25 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-09-09 18:09 - 2017-01-13 17:21 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2017-09-07 19:47 - 2017-05-21 20:26 - 000000000 ____D C:\Program Files\SoftEther VPN Server
2017-09-07 08:37 - 2017-07-10 10:58 - 000547352 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2017-09-07 08:37 - 2017-07-10 10:58 - 000478744 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2017-09-07 08:37 - 2016-12-07 15:29 - 000136728 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-09-05 18:45 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-05 18:38 - 2014-05-24 11:21 - 000000000 ____D C:\Users\Glen\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2014-07-28 16:20 - 2014-07-28 16:20 - 000000093 _____ () C:\Users\Glen\AppData\Roaming\ARCompanion.log
2014-12-23 12:05 - 2014-12-23 12:07 - 000000638 _____ () C:\Users\Glen\AppData\Roaming\buttrc
2015-03-17 09:08 - 2015-03-17 09:08 - 000001235 _____ () C:\Users\Glen\AppData\Roaming\SAS7_000.DAT
2014-10-28 15:41 - 2014-10-28 15:41 - 000000600 _____ () C:\Users\Glen\AppData\Roaming\winscp.rnd
2014-08-21 12:14 - 2015-04-07 15:37 - 002128896 _____ () C:\Users\Glen\AppData\Local\file__0.localstorage
2014-06-02 18:45 - 2017-09-28 20:52 - 000000600 _____ () C:\Users\Glen\AppData\Local\PUTTY.RND
2015-02-13 19:41 - 2015-02-13 19:41 - 000000710 _____ () C:\Users\Glen\AppData\Local\recently-used.xbel
2014-06-03 15:52 - 2017-09-22 14:15 - 000007616 _____ () C:\Users\Glen\AppData\Local\resmon.resmoncfg
2014-05-25 06:40 - 2015-04-28 11:18 - 000000044 ___SH () C:\ProgramData\.zreglib
2017-04-19 14:34 - 2017-04-19 14:34 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2017-03-15 14:05 - 2017-07-28 12:41 - 000000060 _____ () C:\ProgramData\SoftwareUpdateTemp.xml

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-23 15:13

==================== End of FRST.txt ============================

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-09-2017
Ran by Glen (30-09-2017 12:48:23)
Running from E:\Users\Glen\Desktop
Windows 10 Pro Version 1703 (X64) (2017-04-19 21:50:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3509762593-3559169864-4008261023-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3509762593-3559169864-4008261023-503 - Limited - Disabled)
Glen (S-1-5-21-3509762593-3559169864-4008261023-1001 - Administrator - Enabled) => C:\Users\Glen
Guest (S-1-5-21-3509762593-3559169864-4008261023-501 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

«Cities in Motion» (HKLM-x32\...\«Cities in Motion»_is1) (Version:  - Paradox Interactive)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Algodoo v2.1.0 (HKLM-x32\...\Algodoo_is1) (Version:  - Algoryx)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
American Truck Simulator (HKLM\...\Steam App 270880) (Version:  - SCS Software)
API Monitor v2 (Alpha) (HKLM\...\{13BE68B1-7498-48AB-9D22-AD3AB6532531}) (Version: 2.13.0 - rohitab.com)
Assassin's Creed III 1.01 (HKLM-x32\...\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}) (Version: 1.01 - Ubisoft)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Avidemux 2.7 - 64 bits (HKLM-x32\...\Avidemux 2.7 - 64 bits (64-bit)) (Version: 2.7.0.170814 - )
Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version:  - WB Games Montreal)
BeamNG.drive (HKLM-x32\...\Steam App 284160) (Version:  - BeamNG)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Besiege (HKLM-x32\...\Steam App 346010) (Version:  - Spiderling Studios)
BioShock (HKLM-x32\...\Steam App 7670) (Version:  - 2K Boston)
BleachBit (HKLM-x32\...\BleachBit) (Version: 1.12 - BleachBit)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.1.0.0 - Electronic Arts)
Buzz build 1503 (HKLM-x32\...\Buzz_is1) (Version:  - Jeskola)
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (HKLM-x32\...\InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}) (Version:  - ) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{6A69EDE3-D163-A85B-EFF5-B6BFD8EF5939}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{4F486CF2-F8AF-2DD4-BA15-82BD71BC3035}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{08E3C0C2-26E9-9DDF-0FBD-A4A71C970D75}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{E8ED0DBD-DAC0-1BC5-87A7-5FC3BEAD33AB}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2802B62A-05D9-356B-9DB6-AFEE51E9EF5E}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{8E1F1F1A-38D8-DC76-FE6C-B8412AF9396D}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{D3376CD8-E366-C5F5-B9D1-2B8017C4F1C5}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{C8013991-2166-AFC4-B75B-7E58FBEF02AF}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{3CB92C15-57A0-E469-1CE3-236BB1569F88}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{D9E8F7A4-5D65-FA27-F201-F5F0FD82D035}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{60821F44-17A1-0286-10E7-3FE3956D3B85}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{04E38C1D-A2B0-1419-8ACC-98B6FEAD2AE3}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{082B8683-4ED5-212D-33E6-7F0993292B6D}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CBE7BA08-EAC5-DE2B-440F-F4D8BEB70AF0}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{0B3B12AC-956C-3D2B-E375-CA8A210A8B3C}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{7443BBA4-32DB-B648-5092-0C52676507CD}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{D519CA66-2A8D-EA88-7904-0ADF96FC975B}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{591B77CA-0AE6-A405-5A73-D5600D45F9E8}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{FB81D531-71CC-69A0-F776-95C2498492F0}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{31BA3CC8-6A73-126C-B424-16A56B64C75F}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{203DA8C6-D37D-632D-6606-187E3BEAB254}) (Version: 2017.0905.1156.19665 - Advanced Micro Devices, Inc.) Hidden
Cedocida DV Codec (32 Bit and 64 Bit) (HKLM\...\cedocida) (Version:  - )
Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version:  - Cheat Engine)
Cities in Motion 2 (HKLM\...\Steam App 225420) (Version:  - Colossal Order Ltd.)
Cities XL Platinum (HKLM-x32\...\Steam App 231140) (Version:  - Focus Home Interactive)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - Relic)
Construction Simulator Gold Edition - LIEBHERR A 918 (HKLM-x32\...\Construction Simulator Gold Edition - LIEBHERR A 918_is1) (Version:  - )
Contraption Maker (HKLM-x32\...\Steam App 241240) (Version:  - Spotkin)
Contraption Maker Launcher (remove only) (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\Contraption Maker Launcher) (Version:  - Spotkin, LLC)
Corel DVD MovieFactory 7 (HKLM-x32\...\{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}) (Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory 7 TBYB (HKLM-x32\...\InstallShield_{218D2E7E-37A9-4B5D-B4A1-13FD6B8B9D17}) (Version: 7.0.0 - Corel Corporation)
Darwinia (HKLM-x32\...\Steam App 1500) (Version:  - Introversion Software)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Democracy 3 (HKLM-x32\...\Steam App 245470) (Version:  - Positech Games)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version:  - Eidos Montreal)
Device Remover (HKLM\...\{EFA597E4-73D3-4142-90DB-BE28E5589F99}_is1) (Version: 0.9 - Kerem Gümrükcü)
DiagnosticsHub_CollectionService (HKLM\...\{37385261-BB10-4DE0-8822-84E1C4997ED2}) (Version: 15.0.26730 - Microsoft Corporation) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Don't Starve (HKLM-x32\...\Steam App 219740) (Version:  - Klei Entertainment)
Dropbox (HKLM-x32\...\Dropbox) (Version: 35.4.20 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DVD Architect Studio 5.0 (HKLM-x32\...\{0489621E-DE2A-11E0-93EA-F04DA23A5C58}) (Version: 5.0.156 - Sony)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.02.00 - Ubisoft)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FileZilla Client 3.27.0.1 (HKLM-x32\...\FileZilla Client) (Version: 3.27.0.1 - Tim Kosse)
foobar2000 v1.3.2 (HKLM-x32\...\foobar2000) (Version: 1.3.2 - Peter Pawlowski)
Fopnu (HKLM-x32\...\fopnu) (Version:  - )
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 8.3.1.21155 - Foxit Software Inc.)
Futuremark SystemInfo (HKLM-x32\...\{032DC00A-51D1-4D28-BFB7-1D0E85291E11}) (Version: 4.25.366 - Futuremark)
Game Jackal v5.2.0.0 (64 bit) (HKLM\...\Game Jackal v5_is1) (Version:  - SlySoft Inc.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Geeks3D FurMark 1.13.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
Genesis Expansion Project (HKLM-x32\...\Genesis Expansion Project 1.01) (Version: 1.01 - Name of your company)
Genesis Expansion Project v2 (HKLM-x32\...\Genesis Expansion Project v2 2) (Version: 2 - Name of your company)
GitHub (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\5f7eb300e2ea4ebf) (Version: 3.3.4.0 - GitHub, Inc.)
Gitter (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\{03C07717-35D4-40B2-B4F2-05A0EF1B9F6F}_is1) (Version:  - Troupe Technology Limited)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version:  - Coffee Stain Studios)
Google Play Music Desktop Player (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\GPMDP_3) (Version: 4.4.0 - Samuel Attard)
Grand Theft Auto: Vice City (HKLM-x32\...\Steam App 12110) (Version:  - Rockstar Games)
GRID 2 (HKLM-x32\...\Steam App 44350) (Version:  - Codemasters Racing)
Harry Potter and the Order of the Phoenix™ (HKLM-x32\...\{B69F28DF-CBB1-41B7-008A-210E4D0518FC}) (Version:  - )
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Heroes & Generals (HKLM-x32\...\Steam App 227940) (Version:  - Reto-Moto)
How to Survive 2 (HKLM\...\Steam App 360170) (Version:  - EKO Software)
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
IceChat 9.16 (Build 20170702) (HKLM\...\IceChat9_is1) (Version: 9.16 - IceChat Networks)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
Java 8 Update 141 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Jurassic Park Operation Genesis (HKLM-x32\...\{A347C572-F7B4-43A3-BD51-FFC99184F70D}) (Version: 1.00.0000 - Universal Interactive) Hidden
Jurassic Park Operation Genesis (HKLM-x32\...\InstallShield_{A347C572-F7B4-43A3-BD51-FFC99184F70D}) (Version: 1.00.0000 - Universal Interactive)
KeePass Password Safe 2.36 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.36 - Dominik Reichl)
Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version:  - Squad)
LEGO Batman: The Videogame (HKLM-x32\...\Steam App 21000) (Version:  - Traveller's Tales)
Lego Harry Potter (HKLM-x32\...\Steam App 21130) (Version:  - TT Games)
LEGO® Worlds (HKLM-x32\...\Steam App 332310) (Version:  - TT Games)
Macrium Reflect Free Edition (HKLM\...\{77A97A7F-31F6-496A-9625-589717602062}) (Version: 6.3.1821 - Paramount Software (UK) Ltd.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MediaCoder x64 0.8.45.5852 (HKLM\...\MediaCoder x64) (Version: 0.8.45.5852 - Mediatronic)
MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight Simulator X Service Pack 2 (HKLM-x32\...\{4847BBB9-EADD-4C92-90BF-4223B0892FF6}) (Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33288.831 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MonoGame SDK (HKLM-x32\...\MonoGame) (Version: 3.6.0.1625 - The MonoGame Team)
Moon Tycoon (HKLM-x32\...\Moon Tycoon) (Version:  - )
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Firefox 56.0 (x86 en-US) (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 en-US)) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 52.3.0 (x86 en-US) (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\Mozilla Thunderbird 52.3.0 (x86 en-US)) (Version: 52.3.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\MusicManager) (Version:  - Google, Inc.)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version:  - Unknown Worlds Entertainment)
Need For Speed Shift version 1.2.0.0 (HKLM-x32\...\Need For Speed Shift_is1) (Version: 1.2.0.0 - Mr DJ)
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.2.0 - Nexon)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.23 - Black Tree Gaming)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.3 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Oblivion: Game of the Year Deluxe Edition (HKLM-x32\...\{ED75073E-C7B4-4EBE-8AEC-9C4CA41E5F2F}}_is1) (Version:  - Bethesda Softworks)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 19.0.3 - OBS Project)
Octodad: Dadliest Catch (HKLM-x32\...\Steam App 224480) (Version:  - Young Horses)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oracle VM VirtualBox 5.1.26 (HKLM\...\{11A88BD5-F059-4743-81D9-1432AC9C3D4E}) (Version: 5.1.26 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.4.17.36908 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{02D89175-E08F-401B-BA30-8B7512B57724}) (Version: 4.0.17 - dotPDN LLC)
Paragon Hard Disk Manager™ 15 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PeaZip 6.4.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.4.1 - Giorgio Tani)
PeaZip configuration (WIN64) (HKLM\...\{4F8D60A8-C53D-47BD-AE5C-31AE6566D638}_is1) (Version:  - Giorgio Tani)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Plants vs. Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Plex Media Server (HKLM-x32\...\{66263041-84c1-4c6d-ad3f-70c1e5fd8c75}) (Version: 1.9.2.4285 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{EAE03C2C-C259-4609-B5AD-D3A8D2E6F604}) (Version: 1.9.4285 - Plex, Inc.) Hidden
Process Hacker (HKLM\...\ProcessHacker) (Version: 3.x - Process Hacker)
Project 64 version 2.2.0.3 (HKLM-x32\...\{BEB5FB69-4080-466F-96C4-F15DF271718B}_is1) (Version: 2.2.0.3 - )
PxMergeModule (HKLM-x32\...\{024521CF-C07E-4F8E-8481-0D75695E03AF}) (Version: 1.00.0000 - Your Company Name) Hidden
Python 2.7.9 (HKLM-x32\...\{79F081BF-7454-43DB-BD8F-9EE596813232}) (Version: 2.7.9150 - Python Software Foundation)
Railroad Pioneer (HKLM-x32\...\Railroad Pioneer_is1) (Version:  - )
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Red Faction: Guerrilla Steam Edition (HKLM-x32\...\Steam App 20500) (Version:  - Volition)
Rig 'n' Roll (HKLM-x32\...\Steam App 46370) (Version:  - SoftLab-NSK)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
ROBLOX Player for Glen (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Glen (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Robocraft (HKLM-x32\...\Steam App 301520) (Version:  - Freejam)
ROCCAT Isku Keyboard Driver (HKLM-x32\...\{4ABAF918-A6BD-43D8-AE0B-5292034B14CB}) (Version:  - Roccat GmbH)
RollerCoaster Tycoon® 3 (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - )
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
SC4 Launcher (HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\SC4 Launcher) (Version:  - )
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
SeaTools for Windows 1.4.0.4 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.4 - Seagate Technology)
Ship Simulator Extremes (HKLM\...\Steam App 48800) (Version:  - VStep)
Sid Meier's Civilization V (HKLM-x32\...\steam app 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Railroads! (HKLM-x32\...\Steam App 7600) (Version:  - Firaxis Games)
SimCity 3000 Unlimited (HKLM-x32\...\SimCity 3000 Unlimited) (Version:  - )
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.98.0213 - Electronic Arts)
SimCity™ Societies (HKLM-x32\...\{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}) (Version: 1.0.0.0 - Electronic Arts) Hidden
SimCity™ Societies (HKLM-x32\...\{9B0F9788-3141-4009-846E-52E59843E963}) (Version: 1.0.0.0 - Electronic Arts)
SimCity™ Societies Destinations (HKLM-x32\...\{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}) (Version: 1.0.0.1 - Electronic Arts)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.21.9613 - SoftEther VPN Project)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{0A013EA1-A1D3-11E0-8DCF-005056C00008}) (Version: 10.0.176 - Sony)
SoundSwitch 3.10.2.24485 (HKLM\...\SoundSwitch_is1) (Version: 3.10.2.24485 - Antoine Aflalo)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Space Engineers (HKLM-x32\...\Steam App 244850) (Version:  - )
Spintires (HKLM\...\Steam App 263280) (Version:  - Oovee® Game Studios)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.05.0001 - Electronic Arts)
SQLite Expert Personal 3.5.51 (HKLM-x32\...\SQLite Expert Personal 3_is1) (Version:  - Bogdan Ureche)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 11.0.0.3 - Bioware/EA)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stopping Plex (HKLM-x32\...\{22F64911-9B44-42E7-A3A5-43490846841F}) (Version: 1.9.4285 - Plex, Inc.) Hidden
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 7.3.3.6 - 2BrightSparks)
Synergy (HKLM-x32\...\Steam App 17520) (Version:  - Synergy Team)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.83369 - TeamViewer)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Test Drive Unlimited 2 (HKLM-x32\...\Test Drive Unlimited 2_is1) (Version:  - Atari)
The Escapists (HKLM-x32\...\Steam App 298630) (Version:  - Mouldy Toof Studios)
The Movies(TM) (HKLM-x32\...\{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.0 - Activision) Hidden
The Movies(TM) (HKLM-x32\...\InstallShield_{0556F885-2415-4666-B53E-33727E46AEA1}) (Version: 1.1 - Activision)
The Movies(TM) 1.1 Patch (HKLM-x32\...\{284CF4B8-4055-4D2E-BC04-5ADD7AA10E3D}) (Version: 1.0 - Activision) Hidden
The Sims 2 (HKLM-x32\...\{40C03514-89C3-41BA-0090-3B440256DB87}) (Version:  - )
The Sims 2 Family Fun Stuff (HKLM-x32\...\{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}) (Version:  - )
The Sims 2 Glamour Life Stuff (HKLM-x32\...\{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}) (Version:  - )
The Sims 2 Nightlife (HKLM-x32\...\{F7529650-B9DB-481B-0089-A2AC3C2821C1}) (Version:  - )
The Sims 2 Open For Business (HKLM-x32\...\{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}) (Version:  - )
The Sims 2 Pets (HKLM-x32\...\{4817189D-1785-4627-A33C-39FD90919300}) (Version:  - )
The Sims 2 University (HKLM-x32\...\{E0990010-9FC0-47CB-0095-C4F40C9432A9}) (Version:  - )
The Sims™ 2 Bon Voyage (HKLM-x32\...\{F248ADFA-64E0-4b03-8A83-059078BED6A0}) (Version:  - Electronic Arts)
The Sims™ 2 Celebration! Stuff (HKLM-x32\...\{EAA38532-7AD0-4f78-918A-4F4F02096ECE}) (Version:  - )
The Sims™ 2 FreeTime (HKLM-x32\...\{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}) (Version:  - Electronic Arts)
The Sims™ 2 H&M® Fashion Stuff (HKLM-x32\...\{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}) (Version:  - )
The Sims™ 2 Seasons (HKLM-x32\...\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}) (Version:  - )
The Sims™ 2 Teen Style Stuff (HKLM-x32\...\{5C648FDB-0138-4619-B66E-230EF53E8E2C}) (Version:  - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.10.1 - Electronic Arts)
The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.13.1 - Electronic Arts)
The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.5.1 - Electronic Arts)
The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.17.2 - Electronic Arts)
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.3.33.1010 - Electronic Arts Inc.)
Tiger Woods PGA TOUR 08 (HKLM-x32\...\{2FEA102C-F535-4513-009B-57B165013C18}) (Version:  - Electronic Arts)
Tixati (HKLM-x32\...\tixati) (Version:  - )
TortoiseSVN 1.8.7.25475 (64 bit) (HKLM\...\{A8573F59-C080-4495-A9A8-EC32D8A4ECFF}) (Version: 1.8.25475 - TortoiseSVN)
Transport Fever (HKLM\...\Steam App 446800) (Version:  - Urban Games)
Tropico 4 (HKLM-x32\...\Steam App 57690) (Version:  - Haemimont Games)
Tropico 5 (HKLM-x32\...\Steam App 245620) (Version:  - Haemimont Games)
TruckersMP Launcher 1.0.0.4 (HKLM\...\{A227B892-C548-4490-9C5D-DB341F8194A6}_is1) (Version: 1.0.0.4 - TruckersMP Team)
Ultracopier 1.2.3.6 (HKLM-x32\...\Ultracopier) (Version: 1.2.3.6 - Ultracopier)
Unigine Valley Benchmark version 1.0 (HKLM-x32\...\Unigine Valley Benchmark_is1) (Version: 1.0 - Unigine Corp.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 4.5 - Ubisoft)
VC80CRTRedist - 8.0.50727.6195 (HKLM-x32\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
Vegas Movie Studio HD Platinum 11.0 (HKLM-x32\...\{7E734C70-7F67-11E1-82AA-F04DA23A5C58}) (Version: 11.0.322 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 7.1.4 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.4 - VMware, Inc)
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.54.0 (HKLM\...\VulkanRT1.0.54.0) (Version: 1.0.54.0 - LunarG, Inc.)
Wildlife Park 3 (HKLM\...\Steam App 287200) (Version:  - b-alive gmbh)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windscribe version 1.70 build 4 (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version:  - Firaxis Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{68D44A27-FFB6-4B89-A3E5-7B0E50A7AB33}\InprocServer32 -> C:\Program Files\Ultracopier\PluginLoader\catchcopy-v0002\catchcopy32.dll ()
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{68FF37C4-51BC-4C2A-A992-7E39BC0E706F}\InprocServer32 -> C:\Program Files\Ultracopier\PluginLoader\catchcopy-v0002\catchcopy64.dll ()
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Glen\AppData\Local\Roblox\Versions\version-b066e068986145c3\RobloxProxy64.dll (ROBLOX Corporation)
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Glen\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => E:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => E:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => E:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => E:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-05-06] ()
ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => E:\Program Files\Macrium\Reflect\RContextMenu.dll [2015-10-12] (Paramount Software UK Ltd)
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => E:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-05-06] ()
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => E:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2016-05-05] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => E:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2016-05-05] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers4: [EncryptionMenu] -> {A470F8CF-A1E8-4f65-8335-227475AA5C46} =>  -> No File
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => E:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-05-06] ()
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-09-05] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-09-20] (Dropbox, Inc.)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => E:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-05-06] ()
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => E:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\ConvertToPDFShellExtension_x64.dll [2017-06-29] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => E:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2014-05-06] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D5A513F-D626-4A13-8B87-FA89055B0D04} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0FC59551-A582-42C5-BE3E-CD9D0A38781F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {234D62EB-72DB-42A2-85D0-9C0685985F79} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {43114AD9-319A-4C03-8459-DD52DD169589} - \GoogleUpdateTaskUserS-1-5-21-3509762593-3559169864-4008261023-1001Core -> No File <==== ATTENTION
Task: {43B8B491-43F6-4ADB-84BA-96A00DBC4235} - System32\Tasks\HWiNFO => C:\HWInfo64\HWiNFO64.exe [2017-09-28] (REALiX)
Task: {44F609D3-B200-4FF8-A052-0B2ECDA40416} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {47D6ED3D-54F1-4A27-9E4B-2B23D7F3F18B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {50C2548D-EE3F-4D23-84A3-1D7D8055ED82} - \WPD\SqmUpload_S-1-5-21-3509762593-3559169864-4008261023-1001 -> No File <==== ATTENTION
Task: {527AB976-B396-40CC-8F55-9180236F53D6} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-26] (Dropbox, Inc.)
Task: {6003FA06-E2E7-4186-AE44-C3C79663E06F} - System32\Tasks\{12899063-2948-4541-BC02-27D3D555149E} => C:\WINDOWS\system32\pcalua.exe [2017-03-18] (Microsoft Corporation)
Task: {637E7ACC-FF72-4C0A-874D-154603F72FE9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6BCB0A59-45A2-4E9C-ACC4-8C9FB6A5980E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-09-12] (Microsoft Corporation)
Task: {6E08C77C-DD31-44E9-85C3-C0149928643D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {77B511AE-23D8-45F2-9654-9AD59D3A08C2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-02-26] (Dropbox, Inc.)
Task: {80E80505-D66A-432A-9025-4CFF4ED2E2E2} - \GoogleUpdateTaskUserS-1-5-21-3509762593-3559169864-4008261023-1001UA -> No File <==== ATTENTION
Task: {86C832F7-8AB6-4E52-91BA-FAD02C5DA246} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {94F6BA86-B226-4CA0-AAD1-136BE17EEE38} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {CA0B5623-5832-4446-8C4A-224527D18996} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D4236A51-DC53-46B9-9232-CD5B254DDA95} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D6DA8830-C0A1-4D4E-9A2A-E9D97B592F48} - \Optimize Start Menu Cache Files-S-1-5-21-3509762593-3559169864-4008261023-1001 -> No File <==== ATTENTION
Task: {DE349805-66F7-4FB2-BA86-C84E000278EB} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-09-05] (Advanced Micro Devices, Inc.)
Task: {EC5F122B-E47F-4293-A82C-E30C09AF479F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {EF1A74F3-4694-41C2-865D-A80122B0DA75} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F089D322-1811-4142-A4AE-51F1C8287EAE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {FCD3652C-92D3-455C-AD0B-87DB8666ABEF} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE [2017-03-18] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3509762593-3559169864-4008261023-1001Core.job => C:\Users\Glen\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3509762593-3559169864-4008261023-1001UA.job => C:\Users\Glen\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MaxBatch.lnk -> E:\MaxPayne\MaxBatch.bat (No File)
Shortcut: C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SC4 Launcher\SC4L Quick Launch.lnk -> E:\Program Files (x86)\Maxis\SimCity 4 Deluxe\Quicklaunch.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-06 17:37 - 2014-05-06 17:37 - 000076032 _____ () E:\Program Files\TortoiseSVN\bin\TortoiseStub.dll
2014-05-06 17:37 - 2014-05-06 17:37 - 000088832 _____ () E:\Program Files\TortoiseSVN\bin\libsasl.dll
2017-03-18 13:59 - 2017-03-18 19:30 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-23 09:37 - 2017-09-23 09:38 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-23 09:37 - 2017-09-23 09:38 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-23 09:37 - 2017-09-23 09:38 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-23 09:37 - 2017-09-23 09:38 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 02:01 - 2016-09-13 02:01 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-07-19 09:18 - 2017-07-19 09:18 - 000076456 _____ () E:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2017-09-13 15:28 - 2017-09-13 15:28 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-24 11:44 - 2017-09-24 11:44 - 010634752 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-09-24 11:44 - 2017-09-24 11:44 - 002640896 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.26.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 000021504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-09-29 16:09 - 2017-09-29 16:09 - 048825856 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 000352256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 002836480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 020558848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 002705408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 003128320 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-08-28 14:48 - 2017-08-28 14:48 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 000118784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 000046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 001380864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-09-29 16:09 - 2017-09-29 16:09 - 000367616 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15210.0_x64__8wekyb3d8bbwe\AnimatedGIF.dll
2016-05-05 02:42 - 2016-05-05 02:42 - 001309768 _____ () E:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-11-17 10:44 - 2015-11-17 10:44 - 000117248 _____ () C:\Users\Glen\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-11-17 10:45 - 2015-11-17 10:45 - 000234496 _____ () C:\Users\Glen\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-11-17 10:44 - 2015-11-17 10:44 - 000344064 _____ () C:\Users\Glen\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2015-11-17 10:45 - 2015-11-17 10:45 - 000253440 _____ () C:\Users\Glen\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 001083368 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000115688 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000059880 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000772072 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 001741288 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 001962984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000025576 _____ () C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 001549104 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000127136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000050152 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000071656 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000024552 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000041448 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000930280 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2017-09-25 04:49 - 2017-09-25 04:49 - 000074728 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2017-09-25 04:49 - 2017-09-25 04:49 - 000190952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000218088 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000018920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000095720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000143336 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000694248 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-03-09 16:55 - 2010-11-04 08:48 - 000061440 _____ () C:\Program Files (x86)\ROCCAT\Isku Keyboard\hiddriver.dll
2017-09-21 13:57 - 2017-09-20 09:48 - 000771904 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-09-21 13:57 - 2017-09-20 09:48 - 001804608 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-09-21 13:57 - 2017-09-20 09:49 - 000023872 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_bootstrap.dll
2016-02-26 07:40 - 2017-09-20 09:48 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-02-26 07:40 - 2017-09-20 09:50 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-09-21 13:57 - 2017-09-20 09:48 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-09-21 13:57 - 2017-09-20 09:48 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-02-26 07:40 - 2017-09-20 09:48 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-04 15:59 - 2017-09-20 09:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-09-21 13:57 - 2017-09-20 09:48 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-09-21 13:57 - 2017-09-20 09:48 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-02-26 07:40 - 2017-09-20 09:50 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-04 15:59 - 2017-09-20 09:50 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-09-21 13:57 - 2017-09-20 09:48 - 000026056 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-09-08 18:48 - 2017-09-20 09:50 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2017-05-17 11:28 - 2017-09-20 09:50 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2016-02-26 07:40 - 2017-09-20 09:50 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 001796920 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000084424 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 001956152 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-09-21 13:57 - 2017-09-20 09:50 - 003859264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-09-21 13:57 - 2017-09-20 09:50 - 000154440 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000521024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-09-21 13:57 - 2017-09-20 09:50 - 000045888 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2017-09-21 13:57 - 2017-09-20 09:50 - 000042304 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-09-21 13:57 - 2017-09-20 09:50 - 000131384 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-09-21 13:57 - 2017-09-20 09:50 - 000218944 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000204096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-27 17:09 - 2017-09-20 09:50 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-23 19:20 - 2017-09-20 09:50 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-04-15 16:59 - 2017-09-20 09:50 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 19:20 - 2017-09-20 09:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 19:20 - 2017-09-20 09:50 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 19:20 - 2017-09-20 09:50 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-02-26 07:40 - 2017-09-20 09:48 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-09-21 13:57 - 2017-09-20 09:50 - 000101184 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-26 07:40 - 2017-09-20 09:50 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-09-21 13:57 - 2017-09-20 09:48 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-09-21 13:57 - 2017-09-20 09:49 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-09-21 13:57 - 2017-09-20 09:48 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-09-21 13:57 - 2017-09-20 09:49 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-17 19:00 - 2017-09-20 09:50 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-09-21 13:57 - 2017-09-20 09:49 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2017-09-21 13:57 - 2017-09-20 09:49 - 001638200 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-09-21 13:57 - 2017-09-20 09:50 - 000545080 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-09-21 13:57 - 2017-09-20 09:50 - 000359224 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-09-21 13:57 - 2017-09-20 09:50 - 000038208 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngine.pyd
2017-09-25 04:50 - 2017-09-25 04:50 - 000064488 _____ () C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
2017-09-25 04:50 - 2017-09-25 04:50 - 000036328 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
2017-09-02 11:05 - 2017-09-02 11:04 - 000832512 _____ () C:\Users\Glen\AppData\Local\Plex Media Server\Plug-in Support\Data\com.plexapp.plugins.trakttv\Libraries\Windows\i386\vc14\ucs2\apsw.pyd
2017-09-02 11:05 - 2017-09-02 11:04 - 000028160 _____ () C:\Users\Glen\AppData\Local\Plex Media Server\Plug-in Support\Data\com.plexapp.plugins.trakttv\Libraries\Windows\i386\vc14\ucs2\llist.pyd
2017-08-31 19:27 - 2017-08-04 14:19 - 000678176 _____ () E:\Program Files (x86)\Steam\SDL2.dll
2016-10-19 13:38 - 2016-08-31 18:02 - 004969248 _____ () E:\Program Files (x86)\Steam\v8.dll
2017-09-29 09:43 - 2017-09-27 09:19 - 002507552 _____ () E:\Program Files (x86)\Steam\video.dll
2016-10-19 13:38 - 2016-01-27 00:49 - 000491008 _____ () E:\Program Files (x86)\Steam\libavformat-56.dll
2016-10-19 13:38 - 2016-01-27 00:49 - 002549760 _____ () E:\Program Files (x86)\Steam\libavcodec-56.dll
2016-10-19 13:38 - 2016-01-27 00:49 - 000332800 _____ () E:\Program Files (x86)\Steam\libavresample-2.dll
2016-10-19 13:38 - 2016-01-27 00:49 - 000442880 _____ () E:\Program Files (x86)\Steam\libavutil-54.dll
2016-10-19 13:38 - 2016-01-27 00:49 - 000485888 _____ () E:\Program Files (x86)\Steam\libswscale-3.dll
2016-10-19 13:38 - 2016-08-31 18:02 - 001563936 _____ () E:\Program Files (x86)\Steam\icui18n.dll
2016-10-19 13:38 - 2016-08-31 18:02 - 001195296 _____ () E:\Program Files (x86)\Steam\icuuc.dll
2017-09-29 09:43 - 2017-09-27 09:19 - 000885024 _____ () E:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-10-19 13:38 - 2016-07-04 15:17 - 000266560 _____ () E:\Program Files (x86)\Steam\openvr_api.dll
2017-06-18 21:26 - 2017-05-16 18:54 - 000678176 _____ () E:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-08-31 19:27 - 2017-07-17 15:50 - 073115424 _____ () E:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-10-19 13:38 - 2015-09-24 16:52 - 000119208 _____ () E:\Program Files (x86)\Steam\winh264.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\NFS Underground:com.dropbox.attributes [168]
AlternateDataStreams: C:\ProgramData\TEMP:4FC01C57 [146]
AlternateDataStreams: C:\ProgramData\TEMP:7FFED16F [134]
AlternateDataStreams: C:\Users\Glen\AppData\Roaming\Omerta:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Glen\AppData\Roaming\Tropico 3:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\Glen\AppData\Local\BridgeProject:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\windows.com -> hxxp://wustat.windows.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\ws.microsoft.com -> hxxp://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\ws.microsoft.com -> hxxps://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\wustat.windows.com -> hxxp://wustat.windows.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2017-09-22 14:11 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Glen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Futuremark SystemInfo Service => 3
MSCONFIG\Services: GJServiceV5 => 3
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: Origin Client Service => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: VMAuthdService => 2
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "Redirector"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKLM\...\StartupApproved\Run32: => "FreedomeAutoStart"
HKLM\...\StartupApproved\Run32: => "PlaysTV"
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\StartupApproved\Run: => "f.lux"
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3509762593-3559169864-4008261023-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{A3BB4FDB-CF82-4E63-8F2A-47C071290C20}E:\games\train simulator 2017\railworks.exe] => (Block) E:\games\train simulator 2017\railworks.exe
FirewallRules: [UDP Query User{3FD7CAEC-54B6-4925-94B4-31CC9B53F24F}E:\games\train simulator 2017\railworks.exe] => (Block) E:\games\train simulator 2017\railworks.exe
FirewallRules: [TCP Query User{B4794E72-34A2-4DB1-B4A4-F2A21BD86E44}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Allow) C:\program files (x86)\plex\plex media server\plexscripthost.exe
FirewallRules: [UDP Query User{4C14E616-C027-4AAA-B091-5FA67695F4A0}C:\program files (x86)\plex\plex media server\plexscripthost.exe] => (Allow) C:\program files (x86)\plex\plex media server\plexscripthost.exe
FirewallRules: [TCP Query User{DA83A758-CE80-4CA3-8CF7-85629B19CEFB}E:\program files\tixati\tixati.exe] => (Allow) E:\program files\tixati\tixati.exe
FirewallRules: [UDP Query User{12C893DB-5006-41BD-82DF-08236613AA43}E:\program files\tixati\tixati.exe] => (Allow) E:\program files\tixati\tixati.exe
FirewallRules: [TCP Query User{28C1313B-25D3-411E-81B2-DF15D0BF2589}C:\program files\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [UDP Query User{6F6DCEE6-41E7-47DB-87CA-B3D3D817B0ED}C:\program files\java\jre1.8.0_141\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [{544BE58A-E65E-40E1-9BC2-88A459F09570}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{B41733E3-B221-4B1B-8145-DC147AD8AEFF}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AB01BA65-7F6F-46C1-8FEF-F0BE6374AE6C}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{40DA1B2D-A772-472D-9F0D-1BA10CBCCC05}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A62463FF-8E21-4CFE-93FB-290833EA082B}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{807B04C1-486C-483C-8803-D2CBB3F2D731}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
FirewallRules: [{0D51907A-ED80-4A5C-8C90-2B6CBA93F257}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\ContraptionMaker\ContraptionMaker.exe
FirewallRules: [{7A7C6791-7878-4D3B-8554-F320E063C689}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wildlife Park 3\WLP3-Steam.exe
FirewallRules: [{D182F4E4-29D0-4DCC-A3F8-87144F7408E7}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Wildlife Park 3\WLP3-Steam.exe
FirewallRules: [{C349C58F-1B98-43BF-8070-E265C6F6346F}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{6BC6D01F-2362-418C-876C-54753EE8D6AD}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{EEC05CAF-D217-4D18-99D2-308A0DD02155}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{61EC837C-3006-48BF-BFE3-F8967672A14B}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{2BBA73E4-CAB9-421F-A0D9-C19E4942B74C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{A8A16028-9682-4E49-8836-A49F860BCB93}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [TCP Query User{1E48F5BD-9D03-4943-8AF2-9534B771EA22}E:\users\glen\desktop\jtrv1.8.0.9-jumbo-1-bleeding_2017-09-01-win-x64\run\john.exe] => (Block) E:\users\glen\desktop\jtrv1.8.0.9-jumbo-1-bleeding_2017-09-01-win-x64\run\john.exe
FirewallRules: [UDP Query User{E61050C3-66AB-4882-8814-2B80ADB56563}E:\users\glen\desktop\jtrv1.8.0.9-jumbo-1-bleeding_2017-09-01-win-x64\run\john.exe] => (Block) E:\users\glen\desktop\jtrv1.8.0.9-jumbo-1-bleeding_2017-09-01-win-x64\run\john.exe
FirewallRules: [TCP Query User{4C8BB678-63A3-4799-8262-AA7CC1D1C863}E:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) E:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{CA160FE2-073F-47D7-A119-D83F920DA13C}E:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) E:\program files (x86)\mozilla firefox\firefox.exe

==================== Restore Points =========================

09-09-2017 23:42:39 Plex Media Server
19-09-2017 15:20:42 AMDCleanupUtility Restore Point
20-09-2017 19:26:43 Plex Media Server
22-09-2017 13:15:46 Windows Modules Installer
22-09-2017 13:17:36 Windows Modules Installer
22-09-2017 13:19:57 Windows Modules Installer
22-09-2017 14:33:50 Windows Modules Installer
25-09-2017 19:18:56 Plex Media Server

==================== Faulty Device Manager Devices =============

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SoftEther Corporation
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: TeamViewer VPN Adapter
Description: TeamViewer VPN Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TeamViewer GmbH
Service: teamviewervpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Windscribe VPN
Description: Windscribe VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Windscribe.com
Service: tapwindscribe0901
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Block device mounter
Description: Block device mounter
Class Guid: {54f3637b-4777-4f96-970c-6bfa5477b542}
Manufacturer: Paragon Software Group
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2017 11:16:38 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/29/2017 11:16:37 AM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (09/29/2017 11:16:37 AM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.

Error: (09/29/2017 11:16:37 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\WINDOWS\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/28/2017 09:54:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: GLEN10)
Description: Package Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00051401-0001-0000-d92a-2e0000000000} was terminated because it took too long to suspend.

Error: (09/27/2017 11:30:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.332, time stamp: 0x591fd994
Faulting module name: MFPlat.dll, version: 10.0.15063.332, time stamp: 0xc111aa10
Exception code: 0xc0000005
Fault offset: 0x000000000011896c
Faulting process id: 0x2888
Faulting application start time: 0x01d337e1d3f88365
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\MFPlat.dll
Report Id: 3839e6b3-c78b-423f-80f4-47f5d4dd616f
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess

Error: (09/22/2017 07:45:18 PM) (Source: MsiInstaller) (EventID: 1002) (User: GLEN10)
Description: Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'

Error: (09/22/2017 02:30:05 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "VMware" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (09/22/2017 02:30:05 PM) (Source: Perflib) (EventID: 1022) (User: )
Description: Windows cannot open the 64-bit extensible counter DLL VMware in a 32-bit environment. Contact the file vendor to obtain a 32-bit version. Alternatively if you are running a 64-bit native environment, you can open the 64-bit extensible counter DLL by using the 64-bit version of Performance Monitor. To use this tool, open the Windows folder, open the System32 folder, and then start Perfmon.exe.

Error: (09/22/2017 02:30:05 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_64_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.


System errors:
=============
Error: (09/30/2017 12:38:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/30/2017 11:00:55 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HomeGroupListener service terminated with the following service-specific error: 
%%2147943458 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (09/30/2017 11:00:54 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HvHost service terminated with the following error: 
A device attached to the system is not functioning.

Error: (09/30/2017 11:00:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SecDrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (09/30/2017 11:00:54 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\WINDOWS\SysWow64\drivers\SECDRV.SYS

Error: (09/30/2017 11:00:54 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AODDriver4.3.0 service failed to start due to the following error: 
The system cannot find the path specified.

Error: (09/30/2017 11:00:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.

Error: (09/30/2017 11:00:47 AM) (Source: Microsoft-Windows-EnhancedStorage-EhStorTcgDrv) (EventID: 10) (User: NT AUTHORITY)
Description: A TCG Command has returned an error.
Desc: AuthenticateSession
Param1: 0x1
Param2: 0x60000001c
Param3: 0x900000006
Param4: 0x0
Status: 0x1

Error: (09/30/2017 02:11:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/29/2017 10:22:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-09-29 15:04:08.741
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-29 10:01:43.103
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-29 09:57:11.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-29 09:57:11.538
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-28 15:35:21.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-09-28 10:05:17.260
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-28 09:54:20.282
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-28 09:16:46.182
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-28 09:16:46.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\amdihk64.dll that did not meet the Store signing level requirements.

  Date: 2017-09-27 16:05:41.698
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD FX(tm)-9370 Eight-Core Processor 
Percentage of memory in use: 28%
Total physical RAM: 16341.82 MB
Available physical RAM: 11651.76 MB
Total Virtual: 18773.82 MB
Available Virtual: 13375.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.79 GB) (Free:98.54 GB) NTFS
Drive e: (Data) (Fixed) (Total:931.51 GB) (Free:173.25 GB) NTFS
Drive f: (2TB Drive) (Fixed) (Total:1863.01 GB) (Free:408.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: A4481C4C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 6635BA1E)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 46610DAA)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Sysnative Windows Update]

Please boot your machine into a Clean Boot state and attempt to check for updates there. Let me know the result.
https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows