[SOLVED] [10v1709b16299 x64] Windows keeps installing the same updates

jtallach

jtallach

Active member
Joined
Jan 16, 2018
Posts
28
Hi there - I'm having an issue with Windows finding/installing the same set of updates every day.

I though i might have a virus so contacted bleeding computer ( topic thread can be found here Zemana flagging suspicious root CA - Am I infected? What do I do? and
here Zemana flagging suspicious root CA - Virus, Trojan, Spyware, and Malware Removal Logs

They suggested i come here and seek advice.

If i go to Settings/Update and Security and click View Installed Update History it shows 50 updates relating to various aspects of Microsoft Office 2016.
If i click Check for Updates it finds the same updates listed under installed updates, downloads and installs them. Every day. I noticed it 1/5/2018 and it's been doing it every day since then.

When i go to Control Panel and serach update and click on View Installed Updates, NONE of those updates are listed as being installed. The most recent one listed is on 1.9.2018.

I followed the instructions on the posting instructions

Results of SFCFix.txt

SFCFix version 3.0.0.0 by niemiro.
Start time: 2018-01-16 07:38:59.976
Microsoft Windows 10 Build 16299 - amd64
Not using a script file.








AutoAnalysis::
SUMMARY: No corruptions were detected.
AutoAnalysis:: directive completed successfully.








Successfully processed all directives.






Failed to generate a complete zip file. Upload aborted.




SFCFix version 3.0.0.0 by niemiro has completed.
Currently storing 0 datablocks.
Finish time: 2018-01-16 07:41:50.201
----------------------EOF-----------------------

CBS file is attached.
 

Attachments

Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Hi and welcome to Sysnative. Let's take a look. Please do the following so I can gather some info.

Retrieve Components/Software Hives
Note: The Software have has confidential and sensitive information in it so please send me a PM with a link to that particular hive so it's not in the public form.
  • Please download the Freeware RegBak from here: Acelogix Software - Download products
     You will find it at the bottom of the page that the link brings you to.
  • Go ahead and install this program and accept all the defaults. After the last install screen the program should open.
  • Click the New Backup button. Accept the defaults and simply click Start.
  • When it says Finished successfully, click the Close button.
  • This will bring you back to the main screen of the program. You will see one entry in this list with the date that you did it. Right-click on this line-item and select Explore Backup...
  • This will bring you into the folder where the backup was made. You should see a Users folder and a Windows folder along with a couple other files. Double-click on the Windows folder to open it. Then open the System32 folder and then config folder. You should see around 6 files in here, two of which are named COMPONENTS and SOFTWARE.
  • Copy these two files to your Desktop. If the COMPONENTS file does not exist, please fetch it instead from C:\Windows\System32\config\COMPONENTS.
  • Now right click on these files on your desktop and select Send to > Compressed (zipped) folder.
  • Then please upload the zip file(s) to your favourite file sharing website (it will be too big to upload here). Examples of services to upload to are Dropbox or One Drive or SendSpace and then just provide the link in your reply.
  • You can close any open windows you have as well as the RegBack program now.
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Hi there - thanks for response. I ran the sofware and there was no COMPONENTS file created. I copied it from the directory you suggested.

Both files are zipped in one folder- link sent via PM.

Thanks

James
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Thanks for the info. I assume you have a copy of Office 2016 so if you uninstall it then you will be able to re-install it without issue correct?
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Yes - my husband works for MIT and they get licensed software made available to them.
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

OK, good. Two things I would like to do temporarily. If you can uninstall Office 2016 as well as your antivirus software. The default Windows Defender antivirus will get enabled and keep you protected while we work on your issue.

Let me know if you are able to do this. Thanks.
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Sure i can do that- when i installed office i had uninstall the pre-installed software using the Microsoft Office REmoval tool (or something like that).

As for my anti-virus software - i have pro versions of Zemana Antimalware (includes access to advanced options to run FRST)
CCLleaner PRo (includes, Speedy, Recuva, Defragger)

I just need to check my license make sure i can reinstall and register again - otherwise i can let you know when i've uninstalled Office, Zemana and CCleaner

James

PS - I use a VPN ( ExpressVPN) - should need to remove that too right ?
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

No need to remove the VPN software.
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Hi there - so Zemana, CCleaner and Microsoft Office are all uninstalled
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Excellent. Check for Windows Updates and let me know which KBs show up that need to be installed.
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Hi there

I checked for updates and it did the usual - i've attached screenshots
 

Attachments

Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

No problem. We'll get there. Now please do the following.

Fresh Set of Logs

1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Here you go

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
Ran by james (administrator) on JAMES-LAPTOP (20-01-2018 10:32:41)
Running from C:\Users\james\Downloads
Loaded Profiles: james (Available Profiles: james)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Lenovo) C:\Windows\System32\ymc.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Reason Software Company Inc.) C:\Users\james\AppData\Roaming\Reason\Boost\boost.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\Thunderbolt.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
(The OpenVPN Project) C:\Program Files (x86)\ExpressVPN\xvpnd\windows\openvpn.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\james\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\expressvpn-browser-helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\acrotray.exe
(Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.8.255.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Whitelisted) ===========================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [894376 2017-04-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-19] (Intel)
HKLM-x32\...\Run: [Extensis Suitcase Fusion Font Core] => C:\Program Files (x86)\Extensis\Suitcase Fusion\FMCore.exe [9286656 2018-01-09] (Celartem, Inc., doing business as Extensis.)
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [809088 2017-12-13] (ExpressVPN)
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\AdobeCollabSync.exe [887280 2017-11-27] (Adobe Systems Incorporated)
Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BetterStartMenuHelper.lnk [2018-01-19]
ShortcutTarget: BetterStartMenuHelper.lnk -> C:\Users\james\Downloads\BetterStartMenuHelper\BetterStartMenuHelper.exe (No File)
Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2018-01-20]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
BootExecute: autocheck autochk * sdnclean64.exe


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.46.0.1
Tcpip\..\Interfaces\{5A8B91FA-BC65-4FFF-9633-9488EBA43DF7}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{7cc351c3-7b79-4c9d-8fde-9da2e2093c81}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{b0fb7110-d11a-4cea-b679-324bb31b696f}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{ba741fe3-19a4-4bfa-8046-12526a399eb5}: [DhcpNameServer] 10.46.0.1


Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll => No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll => No File
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File


FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [No File]
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Air\nppdf32.dll [2017-11-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3020531464-1668614112-2457240111-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\james\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-01-08] (Zoom Video Communications, Inc.)


Chrome:
=======
CHR HomePage: Default -> hxxps://google.com/
CHR StartupUrls: Default -> "hxxps://inbox.google.com/?cid=imp&pli=1"
CHR Profile: C:\Users\james\AppData\Local\Google\Chrome\User Data\Default [2018-01-20]
CHR Extension: (Slides) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-11]
CHR Extension: (Docs) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-11]
CHR Extension: (Google Drive) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-11]
CHR Extension: (YouTube) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-11]
CHR Extension: (Video Downloader professional) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-01-19]
CHR Extension: (Sheets) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-11]
CHR Extension: (ExpressVPN for Chrome) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2018-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-11]
CHR Extension: (Kindle Cloud Reader) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-01-11]
CHR Extension: (Merge PDF - Split PDF - Sejda.com) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcknfplofcnpdjalbhnjognbpncojbi [2018-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-11]
CHR Extension: (Click&Clean App) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2018-01-11]
CHR Extension: (Gmail) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-11]
CHR Extension: (Chrome Media Router) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-11]
CHR Profile: C:\Users\james\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-19]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3089680 2017-11-12] (Intel Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] ()
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2017-12-19] (Intel)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2218544 2017-03-31] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2017-12-07] ()
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2017-12-13] ()
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413752 2017-08-19] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542392 2017-11-17] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68408 2017-11-12] (Lenovo Group Limited)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
S3 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
S3 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-11-12] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-08-10] (Realtek Semiconductor)
R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23928 2017-08-16] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [181992 2017-12-07] ()
R2 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2150120 2017-03-16] (Intel Corporation)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2017-12-07] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [1645656 2017-05-24] (Wacom Technology, Corp.)
R2 YMC; C:\WINDOWS\system32\ymc.exe [75056 2017-10-15] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-11-12] (Intel® Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72584 2017-03-31] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67976 2017-03-31] (Intel Corporation)
S3 DSI_SiUSBXp_3_1; C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355200 2017-03-31] (Intel Corporation)
R3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [28160 2017-12-13] ()
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98976 2017-06-28] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70664 2017-08-18] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136200 2017-11-17] (Intel Corporation)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2017-08-18] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2017-08-18] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2017-08-18] (Logitech Inc.)
S3 LGSUsbFilt; C:\WINDOWS\System32\drivers\LGSUsbFilt.Sys [41752 2017-08-18] (Logitech Inc.)
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [58792 2017-03-05] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
R1 MpKsl8dcc2c9c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BDF73FE-177E-4424-BABE-95AD6CDB60C3}\MpKsl8dcc2c9c.sys [58120 2018-01-20] (Microsoft Corporation)
U5 Netwtw04; C:\Windows\System32\Drivers\Netwtw04.sys [7617792 2017-02-25] (Intel Corporation)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [7728640 2017-11-08] (Intel Corporation)
S3 nhi; C:\WINDOWS\System32\drivers\tbt81x.sys [129608 2017-04-03] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_13db3f1b79423b44\nvlddmkm.sys [15607408 2017-10-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31800 2017-03-27] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [26560 2017-07-27] (Windows (R) Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-27] (NVIDIA Corporation)
S3 PELBTKBD; C:\WINDOWS\System32\drivers\PELBTKBD.sys [31512 2016-07-11] (TPMX Electronics Ltd.)
S3 pelbtm; C:\WINDOWS\System32\drivers\pelbtm.sys [19664 2016-07-05] (Primax Electronics Ltd.)
R1 pelmoubt; C:\WINDOWS\System32\drivers\pelmoubt.sys [26368 2016-07-11] (Primax Electronics Ltd.)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92992 2018-01-13] (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3228664 2017-04-12] (Realtek Semiconductor Corp.)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [354624 2016-08-07] (Realtek )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2017-12-07] ()
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2017-11-03] (The OpenVPN Project)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2017-10-18] (Cisco Systems, Inc.)
S3 vwhid; C:\WINDOWS\System32\drivers\vwhid.sys [27264 2015-11-22] (Windows (R) Win 7 DDK provider)
R3 WacHidRouterISD; C:\WINDOWS\System32\drivers\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology, Corp.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-28] (Zemana Ltd.)
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-01-20 10:32 - 2018-01-20 10:32 - 000026534 _____ C:\Users\james\Downloads\FRST.txt
2018-01-20 10:31 - 2018-01-20 10:32 - 000000000 ____D C:\FRST
2018-01-20 10:30 - 2018-01-20 10:30 - 002393088 _____ (Farbar) C:\Users\james\Downloads\FRST64.exe
2018-01-20 08:30 - 2018-01-20 08:30 - 000001754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\Users\james\Documents\Rainmeter
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\Users\james\AppData\Roaming\Rainmeter
2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\Program Files\Rainmeter
2018-01-20 08:00 - 2018-01-20 10:29 - 000000000 ____D C:\Users\james\Downloads\Everything Themes
2018-01-20 00:02 - 2018-01-20 00:02 - 000031090 _____ C:\Users\james\Downloads\glows_by_eternalstay-d3ap7fa.zip
2018-01-19 22:52 - 2018-01-19 22:52 - 000000000 ____D C:\Users\james\Downloads\penumbra_10___windows_10_visual_style_by_scope10-d9em2vq
2018-01-19 22:48 - 2017-08-16 15:37 - 000253952 _____ (StartIsBack: real start menu for Windows 8 and Windows 10) C:\Users\james\Downloads\OldNewExplorer32.dll
2018-01-19 22:40 - 2018-01-19 22:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-01-19 22:31 - 2018-01-19 22:31 - 000000081 _____ C:\Users\james\Documents\Virus Software Licenses.txt
2018-01-19 21:59 - 2018-01-19 21:59 - 000001032 _____ C:\WINDOWS\system32\cc_20180119_215909.reg
2018-01-19 21:57 - 2018-01-19 21:58 - 000078016 _____ C:\WINDOWS\system32\cc_20180119_215740.reg
2018-01-19 21:57 - 2018-01-19 21:57 - 000848298 _____ C:\WINDOWS\system32\cc_20180119_215700.reg
2018-01-19 21:34 - 2018-01-19 21:34 - 000003978 _____ C:\WINDOWS\System32\Tasks\Boost
2018-01-19 21:34 - 2018-01-19 21:34 - 000000000 ____D C:\Users\james\AppData\Roaming\Reason
2018-01-19 21:34 - 2018-01-19 21:34 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boost
2018-01-19 21:31 - 2018-01-19 21:34 - 000000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2018-01-19 21:31 - 2018-01-19 21:31 - 000001353 _____ C:\Users\james\Desktop\Should I Remove It.lnk
2018-01-19 21:31 - 2018-01-19 21:31 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2018-01-19 21:31 - 2018-01-19 21:31 - 000000000 ____D C:\Program Files (x86)\Reason
2018-01-19 21:06 - 2018-01-19 21:06 - 036283986 _____ C:\Users\james\Desktop\SOFTWARE and COMPONENT.zip
2018-01-19 21:03 - 2018-01-19 20:57 - 123731968 _____ C:\Users\james\Desktop\SOFTWARE
2018-01-19 21:01 - 2018-01-19 21:01 - 000000078 _____ C:\WINDOWS\system32\JAMES-LAPTOP.Windows 10 (build 16299).txt
2018-01-19 21:01 - 2018-01-19 21:01 - 000000000 ____D C:\WINDOWS\RegBak
2018-01-19 21:01 - 2018-01-19 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore
2018-01-19 21:01 - 2018-01-19 21:01 - 000000000 ____D C:\Program Files\Acelogix
2018-01-19 20:56 - 2018-01-19 20:56 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
2018-01-19 20:56 - 2018-01-19 20:56 - 000000000 ____D C:\Program Files (x86)\UltraUXThemePatcher
2018-01-19 20:56 - 2017-09-29 08:42 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll.backup
2018-01-19 20:56 - 2017-09-29 08:42 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll.backup
2018-01-19 20:11 - 2018-01-20 07:13 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2018-01-19 20:04 - 2018-01-19 20:04 - 000000000 ____D C:\Users\james\Downloads\Collected Fonts
2018-01-19 18:52 - 2018-01-19 19:46 - 000000000 ____D C:\Users\james\Desktop\SIH Cast Cards
2018-01-19 18:29 - 2018-01-19 18:35 - 000000000 ____D C:\Users\james\Downloads\Designs
2018-01-19 09:24 - 2018-01-19 20:23 - 000007603 _____ C:\Users\james\AppData\Local\Resmon.ResmonCfg
2018-01-19 03:14 - 2018-01-19 15:07 - 000000000 ____D C:\Users\james\AppData\Roaming\vlc
2018-01-19 03:14 - 2018-01-19 03:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-19 03:14 - 2018-01-19 03:14 - 000000000 ____D C:\Program Files\VideoLAN
2018-01-19 03:13 - 2018-01-19 03:13 - 032024776 _____ C:\Users\james\Downloads\vlc-2.2.8-win64.exe
2018-01-19 02:24 - 2018-01-19 19:29 - 000000439 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-01-19 01:47 - 2018-01-19 01:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\TVT
2018-01-19 01:05 - 2018-01-19 01:05 - 004488655 _____ C:\Users\james\Desktop\Your-Complete-Guide-to-Windows-10-Customization.pdf
2018-01-19 00:20 - 2018-01-19 00:20 - 000001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2018-01-19 00:20 - 2018-01-19 00:20 - 000001055 _____ C:\Users\Public\Desktop\WinRAR.lnk
2018-01-19 00:20 - 2018-01-19 00:20 - 000000000 ____D C:\Users\james\AppData\Roaming\WinRAR
2018-01-19 00:20 - 2018-01-19 00:20 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-01-19 00:20 - 2018-01-19 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-01-19 00:20 - 2018-01-19 00:20 - 000000000 ____D C:\Program Files\WinRAR
2018-01-18 17:32 - 2018-01-18 17:44 - 000000000 ____D C:\Users\james\Downloads\ICONS
2018-01-18 08:40 - 2018-01-18 22:49 - 000000000 ____D C:\Users\james\Desktop\SIH Sound files
2018-01-18 08:26 - 2018-01-18 08:26 - 000038222 _____ C:\Users\james\Documents\ROIreceipt for Mt Auburn Bill.pdf
2018-01-17 20:13 - 2018-01-19 18:23 - 000000000 ____D C:\Users\james\Desktop\Immigration
2018-01-17 00:20 - 2018-01-19 13:57 - 000000000 ____D C:\Users\james\Downloads\Telegram Desktop
2018-01-16 23:55 - 2018-01-16 23:55 - 000000085 _____ C:\WINDOWS\wininit.ini
2018-01-16 20:23 - 2018-01-16 20:24 - 000001232 _____ C:\DelFix.txt
2018-01-16 20:23 - 2018-01-16 20:23 - 000000000 ____D C:\WINDOWS\ERUNT
2018-01-16 07:43 - 2018-01-16 07:43 - 000165260 _____ C:\Users\james\Desktop\CBS.zip
2018-01-16 07:43 - 2018-01-16 07:43 - 000000000 ____D C:\Users\james\Desktop\CBS
2018-01-16 07:41 - 2018-01-16 07:41 - 000001080 _____ C:\Users\james\Desktop\SFCFix.txt
2018-01-16 07:41 - 2018-01-16 07:41 - 000000000 ____D C:\SFCFix
2018-01-16 07:38 - 2018-01-16 07:41 - 000000000 ____D C:\Users\james\AppData\Local\niemiro
2018-01-13 19:51 - 2018-01-13 19:52 - 000000000 ____D C:\Program Files\iTunes
2018-01-13 15:52 - 2018-01-13 15:52 - 000092992 ____H (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2018-01-13 00:42 - 2018-01-13 00:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Keyboard
2018-01-13 00:42 - 2018-01-13 00:42 - 000000000 ____D C:\Program Files (x86)\Air Keyboard
2018-01-13 00:41 - 2018-01-13 00:41 - 000604160 _____ C:\Users\james\Downloads\AirKeyboardSetup-1.8.2.msi
2018-01-12 22:50 - 2018-01-12 22:50 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-01-12 19:53 - 2018-01-12 19:53 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-01-12 08:16 - 2018-01-12 08:16 - 000000000 ____D C:\Users\james\Downloads\Children of Eden
2018-01-12 07:04 - 2018-01-12 07:04 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7266D177.sys
2018-01-11 13:43 - 2018-01-11 13:43 - 000000000 ____D C:\Users\james\Downloads\Thunderbolt-3-Firmware-Update-Tool-Version25
2018-01-11 11:52 - 2018-01-11 11:52 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-11 11:52 - 2018-01-11 11:52 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-11 11:52 - 2018-01-11 11:52 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-11 11:52 - 2018-01-11 11:52 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-11 11:52 - 2018-01-11 11:52 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-11 10:30 - 2018-01-11 10:30 - 000000000 ____D C:\Users\james\AppData\Local\Extensis
2018-01-11 10:30 - 2018-01-11 10:30 - 000000000 ____D C:\ProgramData\Extensis
2018-01-11 10:29 - 2018-01-11 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extensis
2018-01-11 10:29 - 2018-01-11 10:29 - 000000000 ____D C:\Program Files (x86)\Extensis
2018-01-11 10:25 - 2018-01-11 10:26 - 000000000 ____D C:\Users\james\Downloads\SuitcaseFusion8-W-19-0-4
2018-01-10 13:32 - 2018-01-11 08:33 - 000003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-01-10 11:19 - 2018-01-10 11:19 - 000000000 ____D C:\APP
2018-01-10 10:59 - 2018-01-10 10:59 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-01-10 10:59 - 2018-01-10 10:59 - 000000000 ____D C:\Users\james\AppData\Roaming\Intel
2018-01-10 10:58 - 2018-01-10 10:58 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-01-10 10:55 - 2018-01-17 10:56 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-01-10 10:55 - 2018-01-10 10:55 - 000003762 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-01-10 10:55 - 2018-01-10 10:55 - 000003528 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-01-10 10:55 - 2018-01-10 10:55 - 000000000 ____D C:\Users\james\Downloads\Intel Components
2018-01-10 10:55 - 2018-01-10 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-01-10 10:54 - 2018-01-10 10:55 - 000002690 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-01-10 10:54 - 2017-12-07 23:29 - 000041512 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2018-01-10 09:25 - 2018-01-15 18:28 - 000000000 ____D C:\Users\james\Desktop\MY STUFF
2018-01-09 23:12 - 2018-01-09 23:25 - 000249790 _____ C:\Users\james\Documents\Rehearsal Report 0192018.pdf
2018-01-09 20:28 - 2018-01-09 20:28 - 000012762 _____ C:\Users\james\Documents\Rehearsal Report 12172017 (1).pdf
2018-01-09 20:26 - 2018-01-09 20:26 - 000012762 _____ C:\Users\james\Documents\Rehearsal Report 12172017.pdf
2018-01-09 10:21 - 2018-01-09 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderboltâ„¢ Software
2018-01-09 06:04 - 2018-01-09 06:04 - 000123453 _____ C:\Users\james\Documents\Amazon prime info on checkout page.pdf
2018-01-09 06:03 - 2018-01-09 06:03 - 000295977 _____ C:\Users\james\Documents\amazon - prmie info on order page.pdf
2018-01-08 21:39 - 2018-01-08 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2018-01-08 21:39 - 2018-01-08 21:39 - 000000000 ____D C:\Program Files\Common Files\Dolby
2018-01-08 21:37 - 2017-08-10 05:47 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-01-08 21:37 - 2017-08-10 05:47 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 002211304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 001347144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 001159184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2018-01-08 21:37 - 2017-08-10 02:01 - 013064373 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-01-08 21:02 - 2018-01-08 21:04 - 000000000 ____D C:\Lenovo System Interface Foundation for Windows 10 (32-bit, 64-bit) - ThinkPad, ThinkCentre, IdeaPad,…
2018-01-08 16:04 - 2018-01-08 16:04 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-01-07 07:48 - 2018-01-07 07:48 - 000000000 ____D C:\Users\james\AppData\Local\Edraw
2018-01-06 22:20 - 2018-01-06 22:20 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-06 20:09 - 2018-01-07 10:32 - 000012672 _____ C:\Users\james\Documents\Kitchen Knives Project.xlsx
2018-01-06 17:49 - 2018-01-06 17:49 - 000000000 ____D C:\Users\james\AppData\Roaming\Skype
2018-01-06 17:34 - 2018-01-06 17:34 - 000000000 ____D C:\Users\james\Documents\FeedbackHub
2018-01-06 17:29 - 2018-01-06 17:29 - 000000279 _____ C:\Users\james\Documents\Knives.txt
2018-01-05 07:11 - 2018-01-05 07:13 - 997179392 _____ C:\Users\james\Desktop\Microsoft_Office_Professional_Plus_Edition_2016_64bit.iso
2018-01-05 07:08 - 2018-01-05 07:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2018-01-05 07:08 - 2018-01-05 07:08 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-01-05 07:08 - 2017-10-18 08:43 - 000258464 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
2018-01-05 07:06 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-05 07:06 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-05 07:06 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-05 07:06 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-05 07:06 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-05 07:06 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-05 07:06 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-05 07:06 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-05 07:06 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-05 07:06 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-05 07:06 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-05 07:06 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-05 07:06 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-05 07:06 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-05 07:06 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-05 07:06 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-05 07:06 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-05 07:06 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-05 07:06 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-05 07:06 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-05 07:06 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-05 07:06 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-05 07:06 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-05 07:06 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-05 07:06 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-05 07:06 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-05 07:06 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-05 07:06 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-05 07:06 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-05 07:06 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-05 07:06 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-05 07:06 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-05 07:06 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-05 07:06 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-05 07:06 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-05 07:06 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-01-05 07:06 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-05 07:06 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-05 07:06 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-05 07:06 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-05 07:06 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-05 07:06 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-05 07:06 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-05 07:06 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-05 07:06 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-05 07:06 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-05 07:06 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-05 07:06 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-05 07:06 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-05 07:06 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-05 07:06 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-05 07:06 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-05 07:06 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-05 07:06 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-05 07:06 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-05 07:06 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-05 07:06 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-05 07:06 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-05 07:06 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-05 07:06 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-05 07:06 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-05 07:06 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-05 07:06 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-05 07:06 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-05 07:06 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-05 07:06 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-05 07:06 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-05 07:06 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-05 07:06 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-05 07:06 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-05 07:06 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-05 07:06 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-05 07:06 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-05 07:06 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-05 07:06 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-05 07:06 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-05 07:06 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-05 07:06 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-05 07:06 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-05 07:06 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-05 07:06 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-05 07:06 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-05 07:06 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-05 07:06 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-05 07:06 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-05 07:06 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-05 07:06 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-05 07:06 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-05 07:06 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-05 07:06 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-05 07:06 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-05 07:06 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-05 07:06 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-05 07:06 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-05 07:06 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-05 07:06 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-05 07:06 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-05 07:06 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-05 07:06 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-05 07:06 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-05 07:06 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-05 07:06 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-05 07:06 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-05 07:06 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-05 07:06 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-05 07:06 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-05 07:06 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-05 07:06 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-05 07:06 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-05 07:06 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-05 07:06 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-05 07:06 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-05 07:06 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-05 07:06 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-05 07:06 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-05 07:06 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-05 07:06 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-05 07:05 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-05 07:05 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-05 07:05 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-05 07:05 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-05 07:05 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-05 07:05 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-05 07:05 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-05 07:05 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-05 07:05 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-05 07:05 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-05 07:05 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-05 07:05 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-05 07:05 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-05 07:05 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-05 07:05 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-05 07:05 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-05 07:05 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-05 07:05 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-05 07:05 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-05 07:05 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-05 07:05 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-05 07:05 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-05 07:05 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-05 07:05 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-05 07:05 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-05 07:05 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-05 07:05 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-05 07:05 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-05 07:05 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-05 07:05 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-05 07:05 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-05 07:05 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-05 07:05 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-05 07:05 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-05 07:05 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-05 07:05 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-05 07:05 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-05 07:05 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-05 07:05 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-05 07:05 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-05 07:05 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-05 07:05 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-05 07:05 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-05 07:05 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-05 07:05 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-05 07:05 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-05 07:05 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-05 07:05 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-05 07:05 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-05 07:05 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-05 07:05 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-05 07:05 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-05 07:05 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-05 07:05 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-05 07:05 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-05 07:05 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-05 07:05 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-05 07:05 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-05 07:05 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-05 07:05 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-05 07:05 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-05 07:05 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-05 07:05 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-05 07:05 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-05 07:05 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-05 07:05 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-05 07:05 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-05 07:05 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-05 07:05 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-05 07:05 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-05 07:05 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-05 07:05 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-05 07:05 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-05 07:05 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-05 07:05 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-05 07:05 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-05 07:05 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-05 07:05 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-05 07:05 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-05 07:05 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-05 07:05 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-05 07:05 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-05 07:05 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-05 07:05 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-05 07:05 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-05 07:05 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-05 07:05 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-05 07:05 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-05 07:05 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-05 07:05 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-05 07:05 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-05 07:05 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-05 07:05 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-05 07:05 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-05 07:05 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-05 07:05 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-05 07:05 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-05 07:05 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-05 07:05 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-05 07:05 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-05 07:05 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-05 07:05 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-05 07:05 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-05 07:05 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-05 07:05 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-05 07:05 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-05 07:05 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-05 07:05 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-05 07:05 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-05 07:05 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-05 07:05 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-05 07:05 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-05 07:05 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-05 07:05 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-05 07:05 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-05 07:05 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-01-05 06:56 - 2018-01-19 20:10 - 002479912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-05 06:55 - 2018-01-17 20:48 - 000000000 ____D C:\Users\james\AppData\Local\ElevatedDiagnostics
2018-01-05 05:40 - 2018-01-19 01:47 - 000000000 ____D C:\Users\james\AppData\Local\LenovoServiceBridge
2018-01-04 21:20 - 2018-01-04 21:20 - 000000000 ____D C:\Users\james\Downloads\Hill-House
2018-01-04 21:04 - 2018-01-04 21:04 - 000000000 ____D C:\Users\james\AppData\Local\OfficeBSCache-OD-jamesscotman1@gmail.com
2018-01-04 21:00 - 2018-01-12 21:14 - 000000000 ____D C:\Users\james\AppData\LocalLow\Temp
2018-01-04 01:37 - 2018-01-04 01:37 - 000000000 ____D C:\Users\james\AppData\Local\SkyGears
2018-01-03 22:00 - 2018-01-03 22:00 - 000041800 _____ (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-01-03 21:49 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180103-214914.backup
2018-01-03 21:47 - 2018-01-17 13:42 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-03 21:47 - 2018-01-16 23:55 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-03 21:47 - 2018-01-03 21:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-01-03 21:08 - 2018-01-03 21:08 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4253E7E1.sys
2018-01-03 21:00 - 2018-01-03 21:00 - 006625600 _____ (Zemana Ltd. ) C:\Users\james\Desktop\Zemana.AntiMalware.Setup.exe
2017-12-31 15:30 - 2017-12-31 15:30 - 000000000 ____D C:\Users\james\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2017-12-31 14:53 - 2018-01-03 21:19 - 000000290 _____ C:\WINDOWS\Tasks\Test.job
2017-12-31 01:34 - 2018-01-19 22:39 - 123731968 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-12-31 01:30 - 2017-12-31 01:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-12-30 22:13 - 2017-12-30 22:13 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2432438A.sys
2017-12-30 20:31 - 2017-12-30 20:31 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-12-30 20:21 - 2017-12-30 20:30 - 000000000 ____D C:\Users\james\AppData\Roaming\Apple Computer
2017-12-30 20:21 - 2017-12-30 20:21 - 000000000 ____D C:\Users\james\AppData\Local\Apple Computer
2017-12-30 20:17 - 2018-01-13 19:52 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-30 20:17 - 2018-01-13 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-30 20:17 - 2017-12-30 20:17 - 000000000 ____D C:\Program Files\iPod
2017-12-30 20:16 - 2017-12-30 20:16 - 000000000 ____D C:\ProgramData\Apple Computer
2017-12-30 20:15 - 2017-12-30 20:15 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Users\james\AppData\Local\Apple
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files\Bonjour
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-30 20:14 - 2017-12-30 20:15 - 000000000 ____D C:\ProgramData\Apple
2017-12-30 20:14 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-12-30 19:04 - 2017-12-30 19:04 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_01009.Wdf
2017-12-30 19:03 - 2017-12-30 19:03 - 000002739 _____ C:\Users\Public\Desktop\Lenovo Diagnostics Tool Lite.lnk
2017-12-30 18:18 - 2017-12-30 19:03 - 000000000 ____D C:\Users\james\AppData\Local\Downloaded Installations
2017-12-30 18:18 - 2017-12-30 18:18 - 000000000 ____D C:\Program Files (x86)\Silicon Power
2017-12-30 18:15 - 2017-12-30 18:18 - 000000000 ____D C:\Users\james\Downloads\Silicon Power
2017-12-30 17:18 - 2017-12-30 17:18 - 000133442 _____ C:\Users\james\Documents\ADWA783.pdf
2017-12-30 17:18 - 2017-12-30 17:18 - 000067758 _____ C:\Users\james\Documents\James Tallach W9 Childrens Theater 2016.pdf
2017-12-30 17:00 - 2017-12-30 17:00 - 000119331 _____ C:\Users\james\Documents\fw9 (2).pdf
2017-12-30 11:12 - 2017-12-30 11:12 - 000000000 ____D C:\Users\james\Documents\Zoom
2017-12-30 10:37 - 2017-12-30 10:37 - 001099005 _____ C:\Users\james\Documents\Puck and Oberon together .pdf
2017-12-30 10:34 - 2017-12-30 10:34 - 000166115 _____ C:\Users\james\Documents\Jakle Email.pdf
2017-12-30 10:34 - 2017-12-30 10:34 - 000162134 _____ C:\Users\james\Documents\James EMail.pdf
2017-12-29 22:31 - 2018-01-17 16:53 - 000000000 ____D C:\ProgramData\Logishrd
2017-12-29 22:31 - 2017-12-29 22:31 - 000000000 ____D C:\Users\james\AppData\Local\Logitech
2017-12-29 22:29 - 2018-01-17 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-12-29 22:29 - 2018-01-17 13:40 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2017-12-29 22:28 - 2017-12-29 22:28 - 000000000 ____D C:\Users\james\AppData\Roaming\Logitech
2017-12-29 22:28 - 2017-12-29 22:28 - 000000000 ____D C:\Users\james\AppData\Roaming\Logishrd
2017-12-29 22:25 - 2017-12-29 22:25 - 000106077 _____ C:\Users\james\Documents\Logitech drive mount amazon invoice.pdf
2017-12-29 21:13 - 2017-12-29 21:13 - 000000000 ____D C:\Program Files\Common Files\logishrd
2017-12-29 13:23 - 2017-12-29 13:23 - 002189323 _____ C:\Users\james\Documents\TALLACH BILL.pdf
2017-12-29 10:14 - 2017-12-29 10:14 - 000165421 _____ C:\Users\james\Documents\READ ME FIRST.pdf
2017-12-29 09:49 - 2017-12-29 09:49 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-12-29 09:49 - 2017-12-29 09:49 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-12-29 09:39 - 2017-12-29 09:39 - 000006335 _____ C:\Users\james\Documents\Cisco_AnyConnect_VPN_Statistics.txt
2017-12-29 09:30 - 2017-12-29 09:30 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-12-29 09:30 - 2017-12-29 09:30 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-12-29 09:30 - 2017-12-29 09:30 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-12-29 09:29 - 2017-12-29 09:31 - 000000000 ____D C:\WINDOWS\SHELLNEW
2017-12-29 09:29 - 2017-12-29 09:29 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2017-12-29 09:29 - 2017-12-29 09:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-12-29 09:28 - 2017-12-29 09:28 - 000000000 __RHD C:\MSOCache
2017-12-29 09:28 - 2017-12-29 09:28 - 000000000 ____D C:\Users\james\AppData\Local\Microsoft Help
2017-12-29 09:07 - 2017-12-29 22:24 - 000000000 ____D C:\Users\james\AppData\LocalLow\Adobe
2017-12-29 09:07 - 2017-12-29 09:07 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-12-29 09:03 - 2018-01-19 21:37 - 000004572 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-12-29 09:03 - 2017-12-29 09:11 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 2017.lnk
2017-12-29 09:03 - 2017-12-29 09:11 - 000002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller 2017.lnk
2017-12-29 09:03 - 2017-12-29 09:07 - 000000000 ____D C:\Users\james\AppData\Local\Adobe
2017-12-29 09:03 - 2017-12-29 09:03 - 000002108 _____ C:\Users\Public\Desktop\Adobe Acrobat 2017.lnk
2017-12-29 09:03 - 2017-12-29 09:03 - 000000040 ____H C:\B00ABA8F9801
2017-12-29 09:02 - 2017-12-29 09:08 - 000000000 ____D C:\ProgramData\Adobe
2017-12-29 09:02 - 2017-12-29 09:02 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-12-29 08:40 - 2017-12-29 08:40 - 000000000 ____D C:\Users\james\.cisco
2017-12-29 08:39 - 2018-01-05 07:08 - 000000000 ____D C:\ProgramData\Cisco
2017-12-29 08:39 - 2017-12-29 08:39 - 000000000 ____D C:\Users\james\AppData\Local\Cisco
2017-12-29 08:28 - 2017-12-29 08:28 - 000001662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CertAid for Windows.lnk
2017-12-29 08:28 - 2017-12-29 08:28 - 000001650 _____ C:\Users\Public\Desktop\CertAid for Windows.lnk
2017-12-29 08:28 - 2017-12-29 08:28 - 000000000 ____D C:\Program Files (x86)\CertAid
2017-12-29 08:19 - 2017-12-29 08:19 - 000000000 ____D C:\ProgramData\Firewall_Scanner
2017-12-29 08:19 - 2017-12-29 08:19 - 000000000 ____D C:\LOG
2017-12-29 07:38 - 2017-12-29 07:42 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2017-12-29 07:38 - 2017-12-29 07:38 - 000000000 ____D C:\Users\james\AppData\Local\AntiLogger Free
2017-12-29 07:38 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2017-12-29 07:17 - 2018-01-15 16:04 - 000003800 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-12-29 07:16 - 2017-12-29 07:16 - 000000000 ____D C:\Users\james\Intel
2017-12-29 06:45 - 2017-12-29 06:45 - 000000000 ____D C:\Users\james\AppData\Local\Visicom Media
2017-12-28 18:55 - 2017-12-28 18:55 - 000000000 ____D C:\Users\james\Documents\Custom Office Templates
2017-12-28 13:23 - 2018-01-19 14:24 - 000000000 ____D C:\Users\james\AppData\Roaming\Telegram Desktop
2017-12-28 13:23 - 2017-12-28 13:23 - 000001039 _____ C:\Users\james\Desktop\Telegram.lnk
2017-12-28 13:23 - 2017-12-28 13:23 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2017-12-28 11:47 - 2018-01-19 11:26 - 000000000 ____D C:\Users\james\AppData\Roaming\uTorrent
2017-12-28 11:47 - 2017-12-28 11:47 - 000000903 _____ C:\Users\james\Desktop\µTorrent.lnk
2017-12-28 11:47 - 2017-12-28 11:47 - 000000883 _____ C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-12-28 11:45 - 2018-01-20 07:59 - 000000000 ____D C:\Users\james\Downloads\torrents
2017-12-28 10:51 - 2017-12-28 10:51 - 000000000 ____D C:\Users\james\AppData\Local\NVIDIA
2017-12-28 10:51 - 2017-12-28 10:51 - 000000000 ____D C:\Users\james\AppData\Local\CEF
2017-12-28 10:00 - 2018-01-04 18:51 - 000000000 ____D C:\QualityStats
2017-12-28 09:57 - 2017-12-29 07:17 - 000000000 ____D C:\BIOS
2017-12-28 09:56 - 2017-12-28 09:56 - 000000000 ____D C:\driver
2017-12-28 09:55 - 2018-01-19 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-12-28 09:55 - 2017-12-31 14:49 - 000000000 ____D C:\Users\Public\Documents\Lenovo
2017-12-28 09:44 - 2017-12-28 09:44 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-12-28 09:38 - 2017-12-28 09:38 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-12-28 09:33 - 2018-01-09 10:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-12-28 09:26 - 2017-12-28 09:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2017-12-28 09:17 - 2017-12-28 09:17 - 000000000 ____D C:\ProgramData\Coronet_Security
2017-12-28 05:05 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-12-28 05:04 - 2018-01-19 22:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-28 05:04 - 2018-01-04 21:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-12-28 05:04 - 2017-12-28 05:04 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002768 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-12-28 05:04 - 2017-12-28 05:04 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000000000 _SHDL C:\Users\Default User
2017-12-28 05:04 - 2017-12-28 05:04 - 000000000 _SHDL C:\Users\All Users
2017-12-28 05:04 - 2017-12-28 05:04 - 000000000 _SHDL C:\Documents and Settings
2017-12-28 05:03 - 2017-12-28 05:03 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-12-28 05:02 - 2017-12-28 05:02 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-12-28 05:00 - 2017-12-28 05:00 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-12-28 04:58 - 2018-01-20 07:09 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-28 04:58 - 2018-01-10 10:58 - 000000000 ____D C:\Program Files\Intel
2017-12-28 04:58 - 2018-01-08 21:37 - 000312687 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-12-28 04:58 - 2018-01-08 21:37 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-12-28 04:58 - 2018-01-08 21:37 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-12-28 04:58 - 2017-12-28 10:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-28 04:58 - 2017-12-28 09:54 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Pen.lnk
2017-12-28 04:58 - 2017-12-28 05:01 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-28 04:58 - 2017-12-28 05:01 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-28 04:58 - 2017-12-28 05:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-28 04:58 - 2017-12-28 04:58 - 000000092 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_iMDriver_01_11_00.Wdf
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_wachidrouter_isd_01011.Wdf
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\WINDOWS\system32\Intel
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\ProgramData\Validity
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\Program Files\Realtek
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\Program Files\Dolby
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-12-28 04:58 - 2017-09-18 02:22 - 000140312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-12-28 04:58 - 2017-09-18 02:22 - 000116760 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-12-28 04:58 - 2017-09-02 00:12 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000549496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000147576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-12-28 04:58 - 2017-09-02 00:08 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-12-28 04:58 - 2017-09-01 03:45 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-12-28 04:58 - 2017-02-24 18:23 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-12-28 04:58 - 2017-02-24 18:23 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-12-28 04:58 - 2017-02-24 18:23 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-12-28 04:58 - 2017-02-24 18:23 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-12-28 04:57 - 2018-01-19 20:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-28 04:57 - 2018-01-10 11:35 - 000192087 _____ C:\WINDOWS\system32\catroot2.bak
2017-12-28 04:57 - 2017-12-28 04:57 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-12-28 03:25 - 2018-01-08 16:04 - 000001938 _____ C:\Users\james\Desktop\Zoom.lnk
2017-12-28 03:24 - 2018-01-08 16:04 - 000000000 ____D C:\Users\james\AppData\Roaming\Zoom
2017-12-28 03:17 - 2017-12-28 03:17 - 000002087 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Users\james\AppData\Local\IsolatedStorage
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Users\james\AppData\Local\ExpressVPN
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\ProgramData\ExpressVPN
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Program Files (x86)\ExpressVpn Tap Driver Win10
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Program Files (x86)\ExpressVpn SplitTunnel Driver
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2017-12-28 03:14 - 2017-12-28 03:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2017-12-28 03:14 - 2017-12-28 03:14 - 000000000 ____D C:\Program Files (x86)\LAV Filters
2017-12-28 03:12 - 2018-01-19 15:08 - 000000000 ____D C:\Users\james\AppData\Local\ManyCam
2017-12-28 03:12 - 2018-01-19 02:49 - 000000000 ____D C:\Users\james\AppData\Roaming\NVIDIA
2017-12-28 03:12 - 2017-12-28 03:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2017-12-28 03:12 - 2017-12-28 03:12 - 000000000 ____D C:\ProgramData\ManyCam
2017-12-28 03:11 - 2018-01-19 15:08 - 000000000 ____D C:\Users\james\AppData\Roaming\ManyCam
2017-12-28 03:11 - 2017-12-28 03:12 - 000000000 ____D C:\Program Files (x86)\ManyCam
2017-12-28 03:09 - 2018-01-19 03:14 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-12-28 03:09 - 2018-01-19 03:10 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2017-12-28 02:52 - 2017-12-28 02:52 - 000000000 ____D C:\Users\james\AppData\Local\DBG
2017-12-28 02:50 - 2017-12-28 02:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3020531464-1668614112-2457240111-1001
2017-12-28 02:42 - 2018-01-16 20:28 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-28 02:42 - 2017-12-28 02:42 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\56752408.sys
2017-12-28 02:39 - 2018-01-12 08:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-28 02:39 - 2017-12-28 02:39 - 000000000 ___HD C:\OneDriveTemp
2017-12-28 02:37 - 2018-01-03 20:50 - 000000000 ____D C:\Program Files\Recuva
2017-12-28 02:37 - 2017-12-28 02:37 - 000001706 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-12-28 02:37 - 2017-12-28 02:37 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-12-28 02:37 - 2017-12-28 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-12-28 02:37 - 2017-12-28 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-12-28 02:37 - 2017-12-28 02:37 - 000000000 ____D C:\Program Files\Speccy
2017-12-28 02:35 - 2017-12-28 02:35 - 000001772 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-12-28 02:35 - 2017-12-28 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-12-28 02:35 - 2017-12-28 02:35 - 000000000 ____D C:\Program Files\Defraggler
2017-12-28 02:29 - 2018-01-20 10:32 - 000367559 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-28 02:29 - 2018-01-19 22:40 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-28 02:29 - 2018-01-19 22:32 - 000798433 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-28 02:29 - 2017-12-28 02:29 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-12-28 02:28 - 2017-12-28 02:28 - 000000000 ____D C:\Users\james\AppData\Local\Zemana
2017-12-28 02:26 - 2018-01-18 09:09 - 000000000 ____D C:\Users\james\AppData\Local\PlaceholderTileLogoFolder
2017-12-28 02:23 - 2018-01-11 12:08 - 000000000 ____D C:\Users\james\AppData\Roaming\Google
2017-12-28 02:17 - 2018-01-20 07:21 - 000095119 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-12-28 02:17 - 2018-01-11 11:52 - 000000000 ____D C:\Users\james\AppData\Local\Google
2017-12-28 02:17 - 2017-12-30 19:04 - 000000000 ____D C:\Users\james\AppData\Local\Lenovo
2017-12-28 02:12 - 2018-01-10 19:00 - 000000000 ____D C:\Users\james\AppData\Local\PackageStaging
2017-12-28 02:12 - 2018-01-09 20:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-28 02:12 - 2018-01-09 20:55 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-28 02:12 - 2018-01-09 20:54 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-28 02:12 - 2017-12-29 10:14 - 000000000 ____D C:\Users\james\AppData\Roaming\Adobe
2017-12-28 02:12 - 2017-12-28 02:12 - 000000000 ____D C:\Users\james\AppData\Roaming\Macromedia
2017-12-28 02:12 - 2017-12-28 02:12 - 000000000 ____D C:\Users\james\AppData\Local\Comms
2017-12-28 02:11 - 2017-12-28 02:11 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3020531464-1668614112-2457240111-1001
2017-12-28 02:11 - 2017-12-28 02:11 - 000000000 ____D C:\Users\Public\Lenovo App Explorer
2017-12-28 02:10 - 2018-01-19 22:46 - 001982376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-28 02:10 - 2017-12-28 10:53 - 000000000 ____D C:\Users\james\AppData\Local\NVIDIA Corporation
2017-12-28 02:10 - 2017-12-28 02:40 - 000000000 ___RD C:\Users\james\OneDrive
2017-12-28 02:10 - 2017-12-28 02:11 - 000002374 _____ C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-28 02:10 - 2017-12-28 02:10 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-28 02:09 - 2017-12-28 02:30 - 000000000 ____D C:\Users\james\AppData\Local\Publishers
2017-12-28 02:09 - 2017-12-28 02:09 - 000000000 ___HD C:\Users\james\MicrosoftEdgeBackups
2017-12-28 02:09 - 2017-12-28 02:09 - 000000000 ____D C:\Users\james\AppData\Local\MicrosoftEdge
2017-12-28 02:08 - 2018-01-20 07:07 - 000000000 __SHD C:\Users\james\IntelGraphicsProfiles
2017-12-28 02:08 - 2018-01-19 22:41 - 000000000 ____D C:\Users\james\AppData\Local\Packages
2017-12-28 02:08 - 2018-01-06 17:36 - 000000000 ___RD C:\Users\james\3D Objects
2017-12-28 02:08 - 2017-12-28 02:10 - 000000000 ____D C:\Users\james\AppData\Local\ConnectedDevicesPlatform
2017-12-28 02:08 - 2017-12-28 02:08 - 000000000 ____D C:\Users\james\AppData\Roaming\WTablet
2017-12-28 02:08 - 2017-12-28 02:08 - 000000000 ____D C:\Users\james\AppData\Local\VirtualStore
2017-12-28 02:07 - 2018-01-19 20:59 - 000000000 ____D C:\Users\james
2017-12-28 02:07 - 2017-12-28 02:07 - 000000020 ___SH C:\Users\james\ntuser.ini
2017-12-28 02:07 - 2017-12-28 02:07 - 000000000 ____D C:\ProgramData\USOShared
2017-12-28 01:49 - 2017-12-28 01:49 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-12-28 01:49 - 2015-04-28 13:06 - 000043256 _____ C:\WINDOWS\system32\oemlogo.bmp
2017-12-28 01:48 - 2017-12-28 01:48 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-12-28 01:47 - 2018-01-19 01:47 - 000000000 ____D C:\ProgramData\Lenovo
2017-12-28 01:47 - 2018-01-19 01:47 - 000000000 ____D C:\Program Files (x86)\Lenovo
2017-12-28 01:47 - 2017-12-30 19:03 - 000000000 ____D C:\Program Files\Lenovo
2017-12-28 01:47 - 2017-12-28 09:33 - 000000000 ____D C:\WINDOWS\IAStorAfsService
2017-12-28 01:47 - 2017-12-28 04:58 - 000000000 ____D C:\Intel
2017-12-28 01:47 - 2017-12-28 01:47 - 000000000 ____D C:\WINDOWS\Firmware
2017-12-28 01:47 - 2017-12-28 01:47 - 000000000 ____D C:\Program Files\Tablet
2017-12-28 01:45 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\Setup
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\te-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\si-LK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\or-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\km-KH
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\is-IS
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\id-ID
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\be-BY
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\as-IN
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\am-ET
2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\0409
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\OCR
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files\MSBuild
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-12-28 01:43 - 2017-12-22 08:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-12-28 01:43 - 2017-12-22 08:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-12-28 01:41 - 2018-01-20 07:11 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2017-12-28 01:41 - 2018-01-20 07:10 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-28 01:41 - 2018-01-20 07:10 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-12-28 01:41 - 2018-01-19 22:35 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-28 01:41 - 2018-01-19 22:00 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-12-28 01:41 - 2018-01-19 21:50 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-12-28 01:41 - 2018-01-19 21:31 - 000000000 ___RD C:\Program Files (x86)
2017-12-28 01:41 - 2018-01-19 02:30 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-12-28 01:41 - 2018-01-17 00:05 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-12-28 01:41 - 2018-01-15 09:30 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-12-28 01:41 - 2018-01-12 19:54 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-28 01:41 - 2018-01-07 19:36 - 000000000 ____D C:\WINDOWS\Registration
2017-12-28 01:41 - 2018-01-07 09:39 - 000000000 ____D C:\WINDOWS\rescache
2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\TextInput
2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\Provisioning
2017-12-28 01:41 - 2017-12-29 09:29 - 000000000 ____D C:\Program Files\Common Files\system
2017-12-28 01:41 - 2017-12-28 09:33 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-12-28 01:41 - 2017-12-28 07:53 - 000000000 ____D C:\WINDOWS\appcompat
2017-12-28 01:41 - 2017-12-28 05:05 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-12-28 01:41 - 2017-12-28 05:04 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-12-28 01:41 - 2017-12-28 05:01 - 000000000 ____D C:\WINDOWS\system32\spool
2017-12-28 01:41 - 2017-12-28 04:59 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-12-28 01:41 - 2017-12-28 04:59 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-12-28 01:41 - 2017-12-28 04:59 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-12-28 01:41 - 2017-12-28 04:58 - 000000000 ____D C:\WINDOWS\Help
2017-12-28 01:41 - 2017-12-28 04:57 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-12-28 01:41 - 2017-12-28 02:07 - 000000000 ____D C:\ProgramData\USOPrivate
2017-12-28 01:41 - 2017-12-28 01:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-12-28 01:41 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-12-28 01:41 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-12-28 01:41 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-12-28 01:41 - 2017-12-28 01:45 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\setup
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\com
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\IME
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 __RSD C:\WINDOWS\media
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 __RHD C:\Users\Public\Libraries
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\system32\UNP
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Web
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Vss
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\tracing
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\TAPI
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SystemResources
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SystemApps
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\ras
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\IME
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\ias
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\System
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SKB
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\security
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\schemas
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SchCache
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Resources
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\PLA
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Performance
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\InputMethod
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Globalization
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Cursors
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Branding
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\addins
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\Windows Security
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\windows nt
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\Common Files\Services
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files (x86)\windows nt
2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-12-28 01:41 - 2017-12-28 01:40 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-12-28 01:41 - 2017-12-28 01:40 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-12-28 01:41 - 2017-12-28 01:40 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-12-28 01:41 - 2017-12-28 01:40 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-12-28 01:41 - 2017-12-28 01:40 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-12-28 01:41 - 2017-12-28 01:40 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-12-28 01:41 - 2017-12-28 01:40 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-12-28 01:41 - 2017-12-28 01:40 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-12-28 01:41 - 2017-12-28 01:40 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-12-28 01:41 - 2017-12-28 01:40 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-12-28 01:40 - 2018-01-17 20:21 - 000000000 ____D C:\WINDOWS\INF
2017-12-28 01:37 - 2018-01-19 22:39 - 025165824 _____ C:\WINDOWS\system32\config\SYSTEM
2017-12-28 01:37 - 2018-01-19 22:39 - 005505024 _____ C:\WINDOWS\system32\config\DEFAULT
2017-12-28 01:37 - 2018-01-19 22:39 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-12-28 01:37 - 2018-01-19 22:39 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2017-12-28 01:37 - 2018-01-16 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-12-28 01:37 - 2018-01-11 14:39 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2017-12-28 01:37 - 2018-01-11 12:33 - 000000000 ____D C:\WINDOWS\Panther
2017-12-28 01:37 - 2017-12-28 02:57 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-12-28 01:37 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\servicing
2017-12-28 01:37 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-12-27 22:34 - 2017-12-28 01:49 - 000000000 ___HD C:\$SysReset
2017-12-26 08:42 - 2017-05-24 11:10 - 002371160 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_Tablet.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 002205272 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\wintab32.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 001813336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01011.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 001779288 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\ISD_Tablet.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 001632344 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\wintab32.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 000142424 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Drivers\wachidrouter_isd.sys
2017-12-26 08:42 - 2017-05-24 11:10 - 000139864 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_INFInstallCoinst73438.dll


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2018-01-19 20:56 - 2017-09-29 08:42 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-01-19 20:56 - 2017-09-29 08:42 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
2018-01-15 16:04 - 2017-07-24 17:11 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-12 06:58 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-01-10 13:32 - 2017-07-24 17:12 - 000000000 ____D C:\ProgramData\Intel
2018-01-10 10:58 - 2017-07-24 17:12 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-06 17:36 - 2017-03-23 12:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-05 07:06 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-05 07:06 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-05 07:06 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-03 20:52 - 2017-07-24 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stagelight
2017-12-28 05:01 - 2017-07-24 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-28 05:01 - 2017-07-24 16:50 - 000000000 ___HD C:\UserGuidePDF
2017-12-28 05:01 - 2017-03-18 21:32 - 000000000 ____D C:\WINDOWS\HoloShell
2017-12-28 01:39 - 2017-09-29 08:40 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys


==================== Files in the root of some directories =======


2018-01-19 09:24 - 2018-01-19 20:23 - 000007603 _____ () C:\Users\james\AppData\Local\Resmon.ResmonCfg


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2018-01-19 22:00


==================== End of FRST.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
Ran by james (20-01-2018 10:33:10)
Running from C:\Users\james\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-28 10:04:56)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-3020531464-1668614112-2457240111-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3020531464-1668614112-2457240111-503 - Limited - Disabled)
Guest (S-1-5-21-3020531464-1668614112-2457240111-501 - Limited - Disabled)
james (S-1-5-21-3020531464-1668614112-2457240111-1001 - Administrator - Enabled) => C:\Users\james
WDAGUtilityAccount (S-1-5-21-3020531464-1668614112-2457240111-504 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


. . (HKLM\...\{BDB21711-3628-4159-B1E2-0BF55D105E2E}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{46267326-17DC-4A08-94BB-0FB32E31ACC2}) (Version: 3.1.1.2 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat 2017 (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E1108756300}) (Version: 17.011.30070 - Adobe Systems Incorporated)
Air Keyboard (HKLM-x32\...\{DBEBC979-5914-4DD2-A2CD-923BDC23A819}) (Version: 1.8.2 - SkyGears)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.67 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Boost (HKLM\...\{115FB0FD-1A0A-4C26-82A7-A6689A799BB9}) (Version: 1.0.2 - Reason Software Company Inc.) Hidden <==== ATTENTION
Boost (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Boost 1.0.2) (Version: 1.0.2 - Reason Software Company Inc.) <==== ATTENTION
CertAid for Windows (HKLM-x32\...\{8FBCE0EB-9A40-49D8-85ED-8202131C9532}) (Version: 2.1.0.0 - MIT IS&T)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.5.02036 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{158B6CE6-296E-4AC9-AC51-92E9B8D39BA0}) (Version: 4.5.02036 - Cisco Systems, Inc.) Hidden
Click Install if prompted (HKLM-x32\...\{40830C8E-936E-4E08-AE37-240FF3343927}) (Version: 1.0.6.0 - ExpressVpn) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
ExpressVPN (HKLM-x32\...\{503dd6bc-3d13-4682-9181-1175568a148a}) (Version: 6.4.1.3300 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{73BA4AC9-B34B-4B95-84BD-AFCB55C04188}) (Version: 6.4.1.3300 - ExpressVPN) Hidden
Extensis Suitcase Fusion (HKLM-x32\...\{D57342AC-0B8D-482D-8156-1730C0C70488}) (Version: 19.0.4.28 - Extensis) Hidden
Extensis Suitcase Fusion (HKLM-x32\...\{dce98dc3-bcfc-4a6e-98e0-bff7f76632c6}) (Version: 19.0.4.28 - 2017 Celartem, Inc. d.b.a Extensis All rights reserved)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{a2167b7c-e567-4ae5-9c88-8e1349a01363}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000010-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.10.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{35fa0dcf-eda2-402b-b1f0-64973bb1938a}) (Version: 3.1.1.2 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6da487a6-c50d-494e-aaa0-6d8ce9c37ef3}) (Version: 20.10.2 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
Lenovo Diagnostics Tool Lite (HKLM\...\{7B3D3612-92C8-483A-9E2C-C2A50EE8343C}) (Version: 4.20.0 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.8 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0065 - Lenovo)
Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Lenovo Yoga Mode Control (Inf Install) (HKLM\...\ACPIVPC) (Version: 15.11.28.179 - Lenovo)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
ManyCam 6.2.0 (HKLM-x32\...\ManyCam) (Version: 6.2.0 - Visicom Media Inc.)
Microsoft OneDrive (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 381.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.67 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 r2989 - Rainmeter)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Split Tunneling Driver (HKLM-x32\...\{F078B0B5-2F41-42C2-9162-B8C628D5E6FE}) (Version: 1.0.0.0 - ExpressVpn) Hidden
Telegram Desktop version 1.2.6 (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram Messenger LLP)
Thunderboltâ„¢ Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation)
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.3.2.0 - Manuel Hoefs (Zottel))
VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat Elements\ContextMenuShim64.dll [2017-04-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-02] (NVIDIA Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat Elements\ContextMenuShim64.dll [2017-04-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {00CFD4B0-F2E9-4486-9AD3-37EAA63069A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5038034e-a27d-4353-baf4-fa40e5c27fea => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {0146F54C-5AAB-4529-986B-04CB3F263D4A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {09669286-AFEA-468C-B0B2-34220BFC49D3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {0DB36EEE-5B2A-44DC-B621-619C08534340} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-27] (NVIDIA Corporation)
Task: {0F22F19D-2D33-4FB3-9A00-94C69AF78619} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\80ae859a-d81c-48a5-aa54-972f83ee126c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {19D31931-5CB2-4B2D-9940-F2F6D5242261} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => ConditionalAppStarter.exe
Task: {2029E031-7411-4699-B02D-C45E16851556} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {2287C187-CF78-466D-AAA7-4717C316033B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {26015898-EB3D-485B-AADE-3AB60C98623A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe
Task: {2822EBE7-CF3F-45FA-97BE-1F65CF3B165E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {2DB9E2C9-3BEE-48B9-B383-029D490EDACD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\847bd137-c909-4a47-8ef1-e991c7700838 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {2F742418-7D67-4EE8-B805-F3C44A2FED92} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
Task: {33686B51-2460-45CD-AFC4-54110F826954} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {37D08C82-6ACF-4EFB-B017-857469307017} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {3DD002F7-9010-4B04-9818-350A70244B17} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
Task: {4727C534-5D26-43C0-A3E1-588A6D2F6D9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
Task: {4FD80A8C-CDC1-49B0-98CD-16C9935E1743} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {5157ACC7-0820-453A-A4DB-A863A5C26D9D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
Task: {5570B756-A9D9-4716-9A19-26B479D3F21C} - System32\Tasks\Boost => C:\Users\james\AppData\Roaming\Reason\Boost\boost.exe [2013-12-27] (Reason Software Company Inc.)
Task: {61D6C19C-1478-4C09-9C6C-F33CB7B17A58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {6910CCC6-1DCE-45BC-B6DF-414FA5A72EAC} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
Task: {6A41D0BC-245B-40AE-A3D3-DF4B5646CD75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-11] (Google Inc.)
Task: {78E2E914-5DC0-42B8-8F4D-B4BD7DC62FB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-11] (Google Inc.)
Task: {8D689698-7A10-4381-83EE-CDC33D092D2E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-03-27] (NVIDIA Corporation)
Task: {8DD36695-5985-4927-8BF1-5A812E9208A1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
Task: {8EF9CE67-6777-4CD6-B57A-AAD924490B6E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {A233E987-CD69-47CF-9B00-5B35522F4EBC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {A2B1663A-2C30-4A72-AA44-943B228B1E7E} - System32\Tasks\S-1-5-21-3020531464-1668614112-2457240111-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {A7B2304D-B9E2-4CA0-AC65-AA2A7D476118} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-03-27] (NVIDIA Corporation)
Task: {A948594B-2F99-4119-85D6-D643D8F41C87} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {ABA9B300-AADC-46A7-8BCA-387704372D51} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\228e65cb-8d59-4adf-9237-c727694139cb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {AFE975AE-BF22-42D8-88E0-E69F1F051C90} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B0420967-E52E-41B0-9CD5-C7A0C990A071} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
Task: {B5546E91-24E2-4502-8E73-ED9E7C0EB1AC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {BBEF1DCB-FF2D-4CC9-9ABD-115ED48150B1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
Task: {C43DE457-C9AD-4D5F-8190-56ADC2279941} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe
Task: {CA95E85F-7926-485E-ACE1-DCE36CF51B96} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
Task: {CDB3B68A-F186-417A-84CE-A2482E41B27B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {CFFF80B3-1C83-4E43-A16D-A0DD9B825F5A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
Task: {DED5A65B-97BC-48CF-B607-CB907317B194} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {E9E904AD-3D95-42FC-9ABB-F884E85D035B} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3020531464-1668614112-2457240111-1001 => C:\Users\james\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-01-04] (Lenovo Group Limited)
Task: {F22D8761-E4E6-4C22-A2E2-FE4374400556} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Test.job => C:\Users\james\AppData\Local\Temp\SP Widget 3.0\SP Widget 3.0.exe <==== ATTENTION


==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




==================== Loaded Modules (Whitelisted) ==============


2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-04-28 02:01 - 2017-04-28 02:01 - 000212784 _____ () C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
2017-04-28 02:02 - 2017-04-28 02:02 - 000298288 _____ () C:\Program Files\Dolby\Dolby DAX3\API\RuntimeController.dll
2017-04-28 02:01 - 2017-04-28 02:01 - 000303408 _____ () C:\Program Files\Dolby\Dolby DAX3\API\TuningFileParser.dll
2017-12-13 16:43 - 2017-12-13 16:43 - 000339168 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2017-07-24 17:14 - 2017-03-27 22:31 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000181992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2017-07-24 17:00 - 2015-06-27 04:34 - 000029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2017-12-13 16:45 - 2017-12-13 16:45 - 008475776 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2018-01-19 01:47 - 2017-08-16 15:07 - 000023928 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2017-12-07 23:29 - 2017-12-07 23:29 - 000885992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2017-12-07 23:29 - 2017-12-07 23:29 - 002309864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000270056 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000260328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000306920 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000231144 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000277736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000638696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000212200 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000447208 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000375528 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000609512 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000295144 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000248040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000708328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-12-09 19:07 - 2017-12-09 19:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-09 19:07 - 2017-12-09 19:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-12-13 16:43 - 2017-12-13 16:43 - 000225792 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\liblzo2-2.dll
2017-12-13 16:43 - 2017-12-13 16:43 - 000096776 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\libpkcs11-helper-1.dll
2018-01-11 11:52 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-11 11:52 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-12-13 16:45 - 2017-12-13 16:45 - 005757056 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\expressvpn-browser-helper.exe
2017-12-07 23:29 - 2017-12-07 23:29 - 000818408 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2017-12-07 23:29 - 2017-12-07 23:29 - 000214760 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\foreground_window_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000279272 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000207080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2017-12-28 02:35 - 2017-12-28 02:35 - 000023552 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.8.255.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
2018-01-02 17:16 - 2018-01-02 17:17 - 026507776 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-01-02 17:16 - 2018-01-02 17:17 - 008370176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-12-28 02:32 - 2017-12-28 02:32 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-13 16:45 - 2017-12-13 16:45 - 006164864 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\libxvclient.dll
2017-12-13 16:46 - 2017-12-13 16:46 - 000080512 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.NetworkUtils.dll
2017-12-13 16:46 - 2017-12-13 16:46 - 000447616 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2017-11-09 00:44 - 2017-11-09 00:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-07-24 17:14 - 2017-03-27 22:31 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-07-24 17:14 - 2017-03-20 23:27 - 002442176 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000363576 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000469048 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000571840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-12-28 02:35 - 2017-12-28 02:35 - 031003136 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.8.255.0_x86__k1h2ywk1493x8\Lenovo.Discovery.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"


==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com


There are 7865 more sites.


IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\com -> hxxp://stapleslink.com
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\hec.mit.edu -> hxxps://vhmitacdci.hec.mit.edu
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\i9servicecenter.com -> hxxps://mit.i9servicecenter.com
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\mit.edu -> hxxps://adminapps.mit.edu
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\sciquest.com -> hxxps://solutions.sciquest.com
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\scripts.mit.edu -> hxxps://mitcho.scripts.mit.edu
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\sharepoint.com -> hxxps://mitprod-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\xfinity.com -> hxxps://university.xfinity.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123simsen.com -> www.123simsen.com


There are 7865 more sites.




==================== Hosts content: ==========================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2017-03-18 16:03 - 2018-01-03 21:49 - 000450709 ____N C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com


There are 15463 more lines.




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\Control Panel\Desktop\\Wallpaper -> c:\users\james\desktop\the_doctor_is____by_flamedreamer-d525cx9.jpg
DNS Servers: 10.46.0.1 - 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==


HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "Extensis Suitcase Fusion Font Core"
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\StartupFolder: => "BetterStartMenuHelper.lnk"
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\Run: => "ManyCam"
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\Run: => "CCleaner"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{835CF333-4E78-4B7D-900B-8E144F01B99F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E91D9B81-5CA7-40E0-AE9B-046CC80C4A29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{25F62A31-A110-47BA-83B4-2C71F8567A90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{89B7A544-6FA0-4D94-B593-F452A76437AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C36DFD7C-D2A6-42CC-B49F-9058AF549F9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B798C04E-98AA-4E65-982C-0F51C63F7A44}] => (Allow) C:\Users\james\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3C939B4D-42B8-4314-8A9A-6DE6FC37D4E7}] => (Allow) C:\Users\james\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{1603D5B0-327D-442C-AFC0-813AB2FBFFC3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{215F1CF9-BC9F-4FEC-9AE9-64CF967105B1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{4083B1E1-1E8C-4A06-B712-997E650947A9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{88AC55A6-528E-4F86-A3F6-97E319193A57}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C69E469-758C-4158-BD71-0BC3CFB847FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F9485517-FCC8-4DAE-A11C-82DECB5676C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F72654F1-8C37-4C2E-A66F-D1F85AABCB97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D24AD2DA-4471-4BD7-A2F2-571FFD18C5EB}] => (Allow) E:\iTunes\iTunes.exe
FirewallRules: [TCP Query User{1F79CF3C-A043-4FE4-8F8D-94B8B92EEF90}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
FirewallRules: [UDP Query User{96F5DE4B-4983-4B86-9EA3-B742888733B2}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
FirewallRules: [{74CB9321-BE69-4BBB-A245-6C95DB41FECE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{21E443DF-3C7D-4149-96A9-E38DB25D2766}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{683EF072-D02F-4E6B-B42F-0909A0011A16}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8E5A7F7D-89A6-476E-B698-268A8F75E8B3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8B9D772A-FB64-41F6-91F2-81ED4E24D236}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A3779C9D-98CF-4B4F-BC8F-BB3AA460CA2F}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{DB0F3E16-1D15-4F48-8B54-1D984189A59D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{F06F0701-9FBB-408A-AF34-44F7E2492F33}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{3E2358F8-FA74-4D69-92DB-117A815F6809}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{D22ED457-C2AC-40F1-B17E-CACFF17F84A7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0D7B0627-05B8-4C58-8259-81F7955D0E3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{5EA0A525-1418-448B-AB09-C8622726015E}F:\itunes\itunes.exe] => (Block) F:\itunes\itunes.exe
FirewallRules: [UDP Query User{51814FEA-AD45-4BB8-BCDD-A6F309B87E3D}F:\itunes\itunes.exe] => (Block) F:\itunes\itunes.exe
FirewallRules: [TCP Query User{9C6BCB2C-71BE-486B-95A1-DC1BDFDF7763}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [UDP Query User{C38AC035-7C3B-4924-8F49-D2401F6758F0}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
FirewallRules: [{727E53FA-036C-46B2-B51E-9E9C27A302AE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3FAFFE32-57EE-4C41-B57D-C2BA8C3F5C89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B9022FB9-D64B-45AC-9EAE-AF495B1EA346}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{D41BD923-0B7F-4F72-86D7-99B994175F52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A6110280-EBAF-4C54-8AFA-D6FBE9BD7B03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{792154DA-0FC2-47A8-A70E-E6B8C09556A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{DEBEAD67-7B5E-4979-9271-A2CE6A2479DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{BA19F220-4A56-4AFE-8779-729FBDFDC9D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5602607A-46D3-480C-B7A5-C725C265B670}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{5EDA6AED-A148-4C3A-B9AD-590034DC46BD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{5EA3CEE3-7158-4858-AA40-FFFBE4F08E91}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{AE5E5DA7-A894-4F2B-8F94-9CA75980073B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{45E883E7-8CB1-447E-9490-C6B5BBAC47D1}] => (Allow) %systemroot%\system32\alg.exe


==================== Restore Points =========================


16-01-2018 20:23:55 End of disinfection
19-01-2018 00:43:15 PRe Window 10 Transformation
19-01-2018 21:31:30 Installed Should I Remove It
19-01-2018 21:34:31 Installed Boost
19-01-2018 21:50:09 Before Boost


==================== Faulty Device Manager Devices =============


Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.




==================== Event log errors: =========================


Application errors:
==================
Error: (01/20/2018 12:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1203


Error: (01/20/2018 12:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1203


Error: (01/20/2018 12:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


Error: (01/19/2018 10:40:06 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.


Error: (01/19/2018 08:57:37 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.


Error: (01/19/2018 08:51:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (01/19/2018 08:46:51 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.


Error: (01/19/2018 08:18:50 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={90523A46-B804-471A-B08C-BE1113DFAB9F}: The user SYSTEM dialed a connection named ExpressVPN which has failed. The error code returned on failure is 1231.


Error: (01/19/2018 08:18:48 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={FD6E54D4-FD92-4529-A548-A281E18896FF}: The user SYSTEM dialed a connection named ExpressVPN which has failed. The error code returned on failure is 1231.


Error: (01/19/2018 08:13:19 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL Outlook. The first four bytes (DWORD) of the Data section contains the Windows error code.




System errors:
=============
Error: (01/20/2018 07:23:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (01/20/2018 07:21:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (01/20/2018 07:10:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (01/20/2018 07:09:06 AM) (Source: DCOM) (EventID: 10016) (User: JAMES-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user JAMES-LAPTOP\james SID (S-1-5-21-3020531464-1668614112-2457240111-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (01/20/2018 07:07:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (01/20/2018 07:07:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (01/19/2018 11:28:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (01/19/2018 10:58:53 PM) (Source: DCOM) (EventID: 10016) (User: JAMES-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user JAMES-LAPTOP\james SID (S-1-5-21-3020531464-1668614112-2457240111-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (01/19/2018 10:55:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Error: (01/19/2018 10:50:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.




CodeIntegrity:
===================================
Date: 2018-01-20 10:22:01.520
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-01-20 10:22:01.519
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-01-20 10:08:24.845
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-01-20 10:08:24.844
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-01-20 10:08:18.583
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-01-20 10:08:18.582
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-01-20 10:05:30.398
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-01-20 10:05:30.397
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-01-20 10:05:29.242
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


Date: 2018-01-20 10:05:29.241
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.




==================== Memory info ===========================


Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 33%
Total physical RAM: 16207.89 MB
Available physical RAM: 10852.34 MB
Total Virtual: 17231.89 MB
Available Virtual: 11013.97 MB


==================== Drives ================================


Drive c: (Windows) (Fixed) (Total:450.69 GB) (Free:354.94 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.33 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 3E4A1A1D)


Partition: GPT.


==================== End of Addition.txt ============================
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

OK, please re-install Zemana. We're going to be uninstalling it again very shortly so don't worry about any configurations at this point. Just install it and let me know when done.
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Hi there - Zemana is installed
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Hi there - so i did the clean boot - i've stopped though as it gives instructions on what to do after you boot (Install, Uninstall or run an application) and i wasn't clear if i was to do that or stop after restarting
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Good. I just wanted you to reboot in a Clean Boot state. Please check for Windows Updates and let me know what shows up.
 
Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

Please do the following.

Step#1 - Run Windows Repairs
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
1. Download Windows Repair (All-in-One) Portable to your desktop.
2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...
3. Keep the defaults and click the Extract button.
4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.
6. Double-click on Repair_Windows.exe to open. Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
7. When the program opens, click the Reboot to Safe Mode button at the bottom of the screen. Answer Yes to allow.
8. Once rebooted into Safe Mode, open the program again. When the program opens, click the Repairs tab and click the Open Repairs button.
9. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
10. Please click the Unselect All button and then click to enable only the following ones:

05 - Repair WMI
06 - Repair Windows Firewall
10 - Remove Policies Set By Infection
14 - Remove Temp Files
15 - Repair Proxy Settings
17 - Repair Windows Updates
21 - Repair MSI (Windows Installer)


11. Ensure the Restart check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.
12. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top