Page 1 of 3 123 Last
  1. #1

    [10v1709b16299 x64] Windows keeps installing the same updates

    Hi there - I'm having an issue with Windows finding/installing the same set of updates every day.

    I though i might have a virus so contacted bleeding computer ( topic thread can be found here Zemana flagging suspicious root CA - Am I infected? What do I do? and
    here Zemana flagging suspicious root CA - Virus, Trojan, Spyware, and Malware Removal Logs

    They suggested i come here and seek advice.

    If i go to Settings/Update and Security and click View Installed Update History it shows 50 updates relating to various aspects of Microsoft Office 2016.
    If i click Check for Updates it finds the same updates listed under installed updates, downloads and installs them. Every day. I noticed it 1/5/2018 and it's been doing it every day since then.

    When i go to Control Panel and serach update and click on View Installed Updates, NONE of those updates are listed as being installed. The most recent one listed is on 1.9.2018.

    I followed the instructions on the posting instructions

    Results of SFCFix.txt

    SFCFix version 3.0.0.0 by niemiro.
    Start time: 2018-01-16 07:38:59.976
    Microsoft Windows 10 Build 16299 - amd64
    Not using a script file.








    AutoAnalysis::
    SUMMARY: No corruptions were detected.
    AutoAnalysis:: directive completed successfully.








    Successfully processed all directives.






    Failed to generate a complete zip file. Upload aborted.




    SFCFix version 3.0.0.0 by niemiro has completed.
    Currently storing 0 datablocks.
    Finish time: 2018-01-16 07:41:50.201
    ----------------------EOF-----------------------

    CBS file is attached.
    Attached Files Attached Files


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Hi and welcome to Sysnative. Let's take a look. Please do the following so I can gather some info.

    Retrieve Components/Software Hives
    Note: The Software have has confidential and sensitive information in it so please send me a PM with a link to that particular hive so it's not in the public form.
    • Please download the Freeware RegBak from here: Acelogix Software - Download products
      You will find it at the bottom of the page that the link brings you to.
    • Go ahead and install this program and accept all the defaults. After the last install screen the program should open.
    • Click the New Backup button. Accept the defaults and simply click Start.
    • When it says Finished successfully, click the Close button.
    • This will bring you back to the main screen of the program. You will see one entry in this list with the date that you did it. Right-click on this line-item and select Explore Backup...
    • This will bring you into the folder where the backup was made. You should see a Users folder and a Windows folder along with a couple other files. Double-click on the Windows folder to open it. Then open the System32 folder and then config folder. You should see around 6 files in here, two of which are named COMPONENTS and SOFTWARE.
    • Copy these two files to your Desktop. If the COMPONENTS file does not exist, please fetch it instead from C:\Windows\System32\config\COMPONENTS.
    • Now right click on these files on your desktop and select Send to > Compressed (zipped) folder.
    • Then please upload the zip file(s) to your favourite file sharing website (it will be too big to upload here). Examples of services to upload to are Dropbox or One Drive or SendSpace and then just provide the link in your reply.
    • You can close any open windows you have as well as the RegBack program now.

  3. #3

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Hi there - thanks for response. I ran the sofware and there was no COMPONENTS file created. I copied it from the directory you suggested.

    Both files are zipped in one folder- link sent via PM.

    Thanks

    James

  4. #4
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Thanks for the info. I assume you have a copy of Office 2016 so if you uninstall it then you will be able to re-install it without issue correct?

  5. #5

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Yes - my husband works for MIT and they get licensed software made available to them.

  6. #6
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    OK, good. Two things I would like to do temporarily. If you can uninstall Office 2016 as well as your antivirus software. The default Windows Defender antivirus will get enabled and keep you protected while we work on your issue.

    Let me know if you are able to do this. Thanks.

  7. #7

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Sure i can do that- when i installed office i had uninstall the pre-installed software using the Microsoft Office REmoval tool (or something like that).

    As for my anti-virus software - i have pro versions of Zemana Antimalware (includes access to advanced options to run FRST)
    CCLleaner PRo (includes, Speedy, Recuva, Defragger)

    I just need to check my license make sure i can reinstall and register again - otherwise i can let you know when i've uninstalled Office, Zemana and CCleaner

    James

    PS - I use a VPN ( ExpressVPN) - should need to remove that too right ?

  8. #8
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    No need to remove the VPN software.

  9. #9

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Hi there - so Zemana, CCleaner and Microsoft Office are all uninstalled

  10. #10
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Excellent. Check for Windows Updates and let me know which KBs show up that need to be installed.

  11. #11

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Hi there

    I checked for updates and it did the usual - i've attached screenshots
    Attached Files Attached Files

  12. #12
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    No problem. We'll get there. Now please do the following.

    Fresh Set of Logs

    1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
    2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
    3. Press Scan button.
    4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
    5. Please copy and paste log back here.
    6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.

  13. #13

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Here you go

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.01.2018 01
    Ran by james (administrator) on JAMES-LAPTOP (20-01-2018 10:32:41)
    Running from C:\Users\james\Downloads
    Loaded Profiles: james (Available Profiles: james)
    Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
    (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
    (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    () C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
    (Lenovo) C:\Windows\System32\ymc.exe
    () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
    () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    (Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Reason Software Company Inc.) C:\Users\james\AppData\Roaming\Reason\Boost\boost.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
    (Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Thunderbolt Software\Thunderbolt.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
    (Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
    (The OpenVPN Project) C:\Program Files (x86)\ExpressVPN\xvpnd\windows\openvpn.exe
    (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    (Lenovo Group Limited) C:\Users\james\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\cmd.exe
    () C:\Program Files (x86)\ExpressVPN\xvpnd\expressvpn-browser-helper.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
    (Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\acrotray.exe
    (Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.8.255.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
    () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe


    ==================== Registry (Whitelisted) ===========================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor)
    HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [894376 2017-04-14] (Lenovo(beijing) Limited)
    HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-19] (Intel)
    HKLM-x32\...\Run: [Extensis Suitcase Fusion Font Core] => C:\Program Files (x86)\Extensis\Suitcase Fusion\FMCore.exe [9286656 2018-01-09] (Celartem, Inc., doing business as Extensis.)
    HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [809088 2017-12-13] (ExpressVPN)
    HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\AdobeCollabSync.exe [887280 2017-11-27] (Adobe Systems Incorporated)
    Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BetterStartMenuHelper.lnk [2018-01-19]
    ShortcutTarget: BetterStartMenuHelper.lnk -> C:\Users\james\Downloads\BetterStartMenuHelper\BetterStartMenuHelper.exe (No File)
    Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2018-01-20]
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Rainmeter)
    BootExecute: autocheck autochk * sdnclean64.exe


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 10.46.0.1
    Tcpip\..\Interfaces\{5A8B91FA-BC65-4FFF-9633-9488EBA43DF7}: [DhcpNameServer] 10.0.1.1
    Tcpip\..\Interfaces\{7cc351c3-7b79-4c9d-8fde-9da2e2093c81}: [DhcpNameServer] 10.0.0.1
    Tcpip\..\Interfaces\{b0fb7110-d11a-4cea-b679-324bb31b696f}: [DhcpNameServer] 10.0.0.1
    Tcpip\..\Interfaces\{ba741fe3-19a4-4bfa-8046-12526a399eb5}: [DhcpNameServer] 10.46.0.1


    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll => No File
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll => No File
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
    BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
    Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File
    Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL No File


    FireFox:
    ========
    FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
    FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [No File]
    FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [No File]
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [No File]
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Air\nppdf32.dll [2017-11-27] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-3020531464-1668614112-2457240111-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\james\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-01-08] (Zoom Video Communications, Inc.)


    Chrome:
    =======
    CHR HomePage: Default -> hxxps://google.com/
    CHR StartupUrls: Default -> "hxxps://inbox.google.com/?cid=imp&pli=1"
    CHR Profile: C:\Users\james\AppData\Local\Google\Chrome\User Data\Default [2018-01-20]
    CHR Extension: (Slides) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-11]
    CHR Extension: (Docs) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-11]
    CHR Extension: (Google Drive) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-11]
    CHR Extension: (YouTube) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-11]
    CHR Extension: (Video Downloader professional) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2018-01-19]
    CHR Extension: (Sheets) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-11]
    CHR Extension: (ExpressVPN for Chrome) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2018-01-11]
    CHR Extension: (Google Docs Offline) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-11]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-01-11]
    CHR Extension: (Merge PDF - Split PDF - Sejda.com) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcknfplofcnpdjalbhnjognbpncojbi [2018-01-11]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-11]
    CHR Extension: (Click&Clean App) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2018-01-11]
    CHR Extension: (Gmail) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-11]
    CHR Extension: (Chrome Media Router) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-11]
    CHR Profile: C:\Users\james\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-19]
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3089680 2017-11-12] (Intel Corporation)
    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
    S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)
    R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] ()
    R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2017-12-19] (Intel)
    R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2218544 2017-03-31] (Intel Corporation)
    R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2017-12-07] ()
    R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2017-12-13] ()
    S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413752 2017-08-19] (Intel Corporation)
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542392 2017-11-17] (Intel Corporation)
    R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68408 2017-11-12] (Lenovo Group Limited)
    S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation)
    S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
    S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
    S3 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
    S3 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-11-12] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-08-10] (Realtek Semiconductor)
    R3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [23928 2017-08-16] ()
    R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [181992 2017-12-07] ()
    R2 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2150120 2017-03-16] (Intel Corporation)
    S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2017-12-07] ()
    R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
    R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
    R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [1645656 2017-05-24] (Wacom Technology, Corp.)
    R2 YMC; C:\WINDOWS\system32\ymc.exe [75056 2017-10-15] (Lenovo)
    R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-11-12] (Intel® Corporation)
    R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
    S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
    R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72584 2017-03-31] (Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67976 2017-03-31] (Intel Corporation)
    S3 DSI_SiUSBXp_3_1; C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355200 2017-03-31] (Intel Corporation)
    R3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [28160 2017-12-13] ()
    R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98976 2017-06-28] (Intel Corporation)
    S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70664 2017-08-18] (Intel Corporation)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136200 2017-11-17] (Intel Corporation)
    S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
    R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
    S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2017-08-18] (Logitech Inc.)
    S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2017-08-18] (Logitech Inc.)
    R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
    S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2017-08-18] (Logitech Inc.)
    S3 LGSUsbFilt; C:\WINDOWS\System32\drivers\LGSUsbFilt.Sys [41752 2017-08-18] (Logitech Inc.)
    R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [58792 2017-03-05] (Visicom Media Inc.)
    R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
    R1 MpKsl8dcc2c9c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BDF73FE-177E-4424-BABE-95AD6CDB60C3}\MpKsl8dcc2c9c.sys [58120 2018-01-20] (Microsoft Corporation)
    U5 Netwtw04; C:\Windows\System32\Drivers\Netwtw04.sys [7617792 2017-02-25] (Intel Corporation)
    R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [7728640 2017-11-08] (Intel Corporation)
    S3 nhi; C:\WINDOWS\System32\drivers\tbt81x.sys [129608 2017-04-03] (Intel Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_13db3f1b79423b44\nvlddmkm.sys [15607408 2017-10-02] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31800 2017-03-27] (NVIDIA Corporation)
    S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [26560 2017-07-27] (Windows (R) Win 7 DDK provider)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-27] (NVIDIA Corporation)
    R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-27] (NVIDIA Corporation)
    S3 PELBTKBD; C:\WINDOWS\System32\drivers\PELBTKBD.sys [31512 2016-07-11] (TPMX Electronics Ltd.)
    S3 pelbtm; C:\WINDOWS\System32\drivers\pelbtm.sys [19664 2016-07-05] (Primax Electronics Ltd.)
    R1 pelmoubt; C:\WINDOWS\System32\drivers\pelmoubt.sys [26368 2016-07-11] (Primax Electronics Ltd.)
    U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92992 2018-01-13] (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs)
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3228664 2017-04-12] (Realtek Semiconductor Corp.)
    S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [354624 2016-08-07] (Realtek )
    S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2017-12-07] ()
    R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2017-11-03] (The OpenVPN Project)
    S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2017-10-18] (Cisco Systems, Inc.)
    S3 vwhid; C:\WINDOWS\System32\drivers\vwhid.sys [27264 2015-11-22] (Windows (R) Win 7 DDK provider)
    R3 WacHidRouterISD; C:\WINDOWS\System32\drivers\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology, Corp.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-28] (Zemana Ltd.)
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2018-01-20 10:32 - 2018-01-20 10:32 - 000026534 _____ C:\Users\james\Downloads\FRST.txt
    2018-01-20 10:31 - 2018-01-20 10:32 - 000000000 ____D C:\FRST
    2018-01-20 10:30 - 2018-01-20 10:30 - 002393088 _____ (Farbar) C:\Users\james\Downloads\FRST64.exe
    2018-01-20 08:30 - 2018-01-20 08:30 - 000001754 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter.lnk
    2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\Users\james\Documents\Rainmeter
    2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\Users\james\AppData\Roaming\Rainmeter
    2018-01-20 08:30 - 2018-01-20 08:30 - 000000000 ____D C:\Program Files\Rainmeter
    2018-01-20 08:00 - 2018-01-20 10:29 - 000000000 ____D C:\Users\james\Downloads\Everything Themes
    2018-01-20 00:02 - 2018-01-20 00:02 - 000031090 _____ C:\Users\james\Downloads\glows_by_eternalstay-d3ap7fa.zip
    2018-01-19 22:52 - 2018-01-19 22:52 - 000000000 ____D C:\Users\james\Downloads\penumbra_10___windows_10_visual_style_by_scope10-d9em2vq
    2018-01-19 22:48 - 2017-08-16 15:37 - 000253952 _____ (StartIsBack: real start menu for Windows 8 and Windows 10) C:\Users\james\Downloads\OldNewExplorer32.dll
    2018-01-19 22:40 - 2018-01-19 22:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-01-19 22:31 - 2018-01-19 22:31 - 000000081 _____ C:\Users\james\Documents\Virus Software Licenses.txt
    2018-01-19 21:59 - 2018-01-19 21:59 - 000001032 _____ C:\WINDOWS\system32\cc_20180119_215909.reg
    2018-01-19 21:57 - 2018-01-19 21:58 - 000078016 _____ C:\WINDOWS\system32\cc_20180119_215740.reg
    2018-01-19 21:57 - 2018-01-19 21:57 - 000848298 _____ C:\WINDOWS\system32\cc_20180119_215700.reg
    2018-01-19 21:34 - 2018-01-19 21:34 - 000003978 _____ C:\WINDOWS\System32\Tasks\Boost
    2018-01-19 21:34 - 2018-01-19 21:34 - 000000000 ____D C:\Users\james\AppData\Roaming\Reason
    2018-01-19 21:34 - 2018-01-19 21:34 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Boost
    2018-01-19 21:31 - 2018-01-19 21:34 - 000000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
    2018-01-19 21:31 - 2018-01-19 21:31 - 000001353 _____ C:\Users\james\Desktop\Should I Remove It.lnk
    2018-01-19 21:31 - 2018-01-19 21:31 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
    2018-01-19 21:31 - 2018-01-19 21:31 - 000000000 ____D C:\Program Files (x86)\Reason
    2018-01-19 21:06 - 2018-01-19 21:06 - 036283986 _____ C:\Users\james\Desktop\SOFTWARE and COMPONENT.zip
    2018-01-19 21:03 - 2018-01-19 20:57 - 123731968 _____ C:\Users\james\Desktop\SOFTWARE
    2018-01-19 21:01 - 2018-01-19 21:01 - 000000078 _____ C:\WINDOWS\system32\JAMES-LAPTOP.Windows 10 (build 16299).txt
    2018-01-19 21:01 - 2018-01-19 21:01 - 000000000 ____D C:\WINDOWS\RegBak
    2018-01-19 21:01 - 2018-01-19 21:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Backup and Restore
    2018-01-19 21:01 - 2018-01-19 21:01 - 000000000 ____D C:\Program Files\Acelogix
    2018-01-19 20:56 - 2018-01-19 20:56 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltraUXThemePatcher
    2018-01-19 20:56 - 2018-01-19 20:56 - 000000000 ____D C:\Program Files (x86)\UltraUXThemePatcher
    2018-01-19 20:56 - 2017-09-29 08:42 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll.backup
    2018-01-19 20:56 - 2017-09-29 08:42 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll.backup
    2018-01-19 20:11 - 2018-01-20 07:13 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
    2018-01-19 20:04 - 2018-01-19 20:04 - 000000000 ____D C:\Users\james\Downloads\Collected Fonts
    2018-01-19 18:52 - 2018-01-19 19:46 - 000000000 ____D C:\Users\james\Desktop\SIH Cast Cards
    2018-01-19 18:29 - 2018-01-19 18:35 - 000000000 ____D C:\Users\james\Downloads\Designs
    2018-01-19 09:24 - 2018-01-19 20:23 - 000007603 _____ C:\Users\james\AppData\Local\Resmon.ResmonCfg
    2018-01-19 03:14 - 2018-01-19 15:07 - 000000000 ____D C:\Users\james\AppData\Roaming\vlc
    2018-01-19 03:14 - 2018-01-19 03:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2018-01-19 03:14 - 2018-01-19 03:14 - 000000000 ____D C:\Program Files\VideoLAN
    2018-01-19 03:13 - 2018-01-19 03:13 - 032024776 _____ C:\Users\james\Downloads\vlc-2.2.8-win64.exe
    2018-01-19 02:24 - 2018-01-19 19:29 - 000000439 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2018-01-19 01:47 - 2018-01-19 01:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\TVT
    2018-01-19 01:05 - 2018-01-19 01:05 - 004488655 _____ C:\Users\james\Desktop\Your-Complete-Guide-to-Windows-10-Customization.pdf
    2018-01-19 00:20 - 2018-01-19 00:20 - 000001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
    2018-01-19 00:20 - 2018-01-19 00:20 - 000001055 _____ C:\Users\Public\Desktop\WinRAR.lnk
    2018-01-19 00:20 - 2018-01-19 00:20 - 000000000 ____D C:\Users\james\AppData\Roaming\WinRAR
    2018-01-19 00:20 - 2018-01-19 00:20 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2018-01-19 00:20 - 2018-01-19 00:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2018-01-19 00:20 - 2018-01-19 00:20 - 000000000 ____D C:\Program Files\WinRAR
    2018-01-18 17:32 - 2018-01-18 17:44 - 000000000 ____D C:\Users\james\Downloads\ICONS
    2018-01-18 08:40 - 2018-01-18 22:49 - 000000000 ____D C:\Users\james\Desktop\SIH Sound files
    2018-01-18 08:26 - 2018-01-18 08:26 - 000038222 _____ C:\Users\james\Documents\ROIreceipt for Mt Auburn Bill.pdf
    2018-01-17 20:13 - 2018-01-19 18:23 - 000000000 ____D C:\Users\james\Desktop\Immigration
    2018-01-17 00:20 - 2018-01-19 13:57 - 000000000 ____D C:\Users\james\Downloads\Telegram Desktop
    2018-01-16 23:55 - 2018-01-16 23:55 - 000000085 _____ C:\WINDOWS\wininit.ini
    2018-01-16 20:23 - 2018-01-16 20:24 - 000001232 _____ C:\DelFix.txt
    2018-01-16 20:23 - 2018-01-16 20:23 - 000000000 ____D C:\WINDOWS\ERUNT
    2018-01-16 07:43 - 2018-01-16 07:43 - 000165260 _____ C:\Users\james\Desktop\CBS.zip
    2018-01-16 07:43 - 2018-01-16 07:43 - 000000000 ____D C:\Users\james\Desktop\CBS
    2018-01-16 07:41 - 2018-01-16 07:41 - 000001080 _____ C:\Users\james\Desktop\SFCFix.txt
    2018-01-16 07:41 - 2018-01-16 07:41 - 000000000 ____D C:\SFCFix
    2018-01-16 07:38 - 2018-01-16 07:41 - 000000000 ____D C:\Users\james\AppData\Local\niemiro
    2018-01-13 19:51 - 2018-01-13 19:52 - 000000000 ____D C:\Program Files\iTunes
    2018-01-13 15:52 - 2018-01-13 15:52 - 000092992 ____H (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
    2018-01-13 00:42 - 2018-01-13 00:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Air Keyboard
    2018-01-13 00:42 - 2018-01-13 00:42 - 000000000 ____D C:\Program Files (x86)\Air Keyboard
    2018-01-13 00:41 - 2018-01-13 00:41 - 000604160 _____ C:\Users\james\Downloads\AirKeyboardSetup-1.8.2.msi
    2018-01-12 22:50 - 2018-01-12 22:50 - 000000000 ____D C:\WINDOWS\system32\DAX3
    2018-01-12 19:53 - 2018-01-12 19:53 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
    2018-01-12 08:16 - 2018-01-12 08:16 - 000000000 ____D C:\Users\james\Downloads\Children of Eden
    2018-01-12 07:04 - 2018-01-12 07:04 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7266D177.sys
    2018-01-11 13:43 - 2018-01-11 13:43 - 000000000 ____D C:\Users\james\Downloads\Thunderbolt-3-Firmware-Update-Tool-Version25
    2018-01-11 11:52 - 2018-01-11 11:52 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2018-01-11 11:52 - 2018-01-11 11:52 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2018-01-11 11:52 - 2018-01-11 11:52 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2018-01-11 11:52 - 2018-01-11 11:52 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2018-01-11 11:52 - 2018-01-11 11:52 - 000000000 ____D C:\Program Files (x86)\Google
    2018-01-11 10:30 - 2018-01-11 10:30 - 000000000 ____D C:\Users\james\AppData\Local\Extensis
    2018-01-11 10:30 - 2018-01-11 10:30 - 000000000 ____D C:\ProgramData\Extensis
    2018-01-11 10:29 - 2018-01-11 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extensis
    2018-01-11 10:29 - 2018-01-11 10:29 - 000000000 ____D C:\Program Files (x86)\Extensis
    2018-01-11 10:25 - 2018-01-11 10:26 - 000000000 ____D C:\Users\james\Downloads\SuitcaseFusion8-W-19-0-4
    2018-01-10 13:32 - 2018-01-11 08:33 - 000003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
    2018-01-10 11:19 - 2018-01-10 11:19 - 000000000 ____D C:\APP
    2018-01-10 10:59 - 2018-01-10 10:59 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
    2018-01-10 10:59 - 2018-01-10 10:59 - 000000000 ____D C:\Users\james\AppData\Roaming\Intel
    2018-01-10 10:58 - 2018-01-10 10:58 - 000000000 ____D C:\Program Files\Common Files\Intel
    2018-01-10 10:55 - 2018-01-17 10:56 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
    2018-01-10 10:55 - 2018-01-10 10:55 - 000003762 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
    2018-01-10 10:55 - 2018-01-10 10:55 - 000003528 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
    2018-01-10 10:55 - 2018-01-10 10:55 - 000000000 ____D C:\Users\james\Downloads\Intel Components
    2018-01-10 10:55 - 2018-01-10 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
    2018-01-10 10:54 - 2018-01-10 10:55 - 000002690 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
    2018-01-10 10:54 - 2017-12-07 23:29 - 000041512 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
    2018-01-10 09:25 - 2018-01-15 18:28 - 000000000 ____D C:\Users\james\Desktop\MY STUFF
    2018-01-09 23:12 - 2018-01-09 23:25 - 000249790 _____ C:\Users\james\Documents\Rehearsal Report 0192018.pdf
    2018-01-09 20:28 - 2018-01-09 20:28 - 000012762 _____ C:\Users\james\Documents\Rehearsal Report 12172017 (1).pdf
    2018-01-09 20:26 - 2018-01-09 20:26 - 000012762 _____ C:\Users\james\Documents\Rehearsal Report 12172017.pdf
    2018-01-09 10:21 - 2018-01-09 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
    2018-01-09 06:04 - 2018-01-09 06:04 - 000123453 _____ C:\Users\james\Documents\Amazon prime info on checkout page.pdf
    2018-01-09 06:03 - 2018-01-09 06:03 - 000295977 _____ C:\Users\james\Documents\amazon - prmie info on order page.pdf
    2018-01-08 21:39 - 2018-01-08 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
    2018-01-08 21:39 - 2018-01-08 21:39 - 000000000 ____D C:\Program Files\Common Files\Dolby
    2018-01-08 21:37 - 2017-08-10 05:47 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
    2018-01-08 21:37 - 2017-08-10 05:47 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 002211304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 001347144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 001159184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 000447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 000134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
    2018-01-08 21:37 - 2017-08-10 05:47 - 000084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
    2018-01-08 21:37 - 2017-08-10 02:01 - 013064373 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
    2018-01-08 21:02 - 2018-01-08 21:04 - 000000000 ____D C:\Lenovo System Interface Foundation for Windows 10 (32-bit, 64-bit) - ThinkPad, ThinkCentre, IdeaPad,…
    2018-01-08 16:04 - 2018-01-08 16:04 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
    2018-01-07 07:48 - 2018-01-07 07:48 - 000000000 ____D C:\Users\james\AppData\Local\Edraw
    2018-01-06 22:20 - 2018-01-06 22:20 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2018-01-06 20:09 - 2018-01-07 10:32 - 000012672 _____ C:\Users\james\Documents\Kitchen Knives Project.xlsx
    2018-01-06 17:49 - 2018-01-06 17:49 - 000000000 ____D C:\Users\james\AppData\Roaming\Skype
    2018-01-06 17:34 - 2018-01-06 17:34 - 000000000 ____D C:\Users\james\Documents\FeedbackHub
    2018-01-06 17:29 - 2018-01-06 17:29 - 000000279 _____ C:\Users\james\Documents\Knives.txt
    2018-01-05 07:11 - 2018-01-05 07:13 - 997179392 _____ C:\Users\james\Desktop\Microsoft_Office_Professional_Plus_Edition_2016_64bit.iso
    2018-01-05 07:08 - 2018-01-05 07:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
    2018-01-05 07:08 - 2018-01-05 07:08 - 000000000 ____D C:\Program Files (x86)\Cisco
    2018-01-05 07:08 - 2017-10-18 08:43 - 000258464 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
    2018-01-05 07:06 - 2018-01-01 12:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
    2018-01-05 07:06 - 2018-01-01 07:51 - 001414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2018-01-05 07:06 - 2018-01-01 07:51 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2018-01-05 07:06 - 2018-01-01 07:51 - 001055128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
    2018-01-05 07:06 - 2018-01-01 07:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
    2018-01-05 07:06 - 2018-01-01 07:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
    2018-01-05 07:06 - 2018-01-01 07:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2018-01-05 07:06 - 2018-01-01 07:49 - 008605080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2018-01-05 07:06 - 2018-01-01 07:49 - 000319352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
    2018-01-05 07:06 - 2018-01-01 07:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2018-01-05 07:06 - 2018-01-01 07:48 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2018-01-05 07:06 - 2018-01-01 07:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
    2018-01-05 07:06 - 2018-01-01 07:46 - 002709704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2018-01-05 07:06 - 2018-01-01 07:46 - 000471960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2018-01-05 07:06 - 2018-01-01 07:45 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2018-01-05 07:06 - 2018-01-01 07:45 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2018-01-05 07:06 - 2018-01-01 07:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
    2018-01-05 07:06 - 2018-01-01 07:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2018-01-05 07:06 - 2018-01-01 07:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2018-01-05 07:06 - 2018-01-01 07:41 - 007676296 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2018-01-05 07:06 - 2018-01-01 07:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2018-01-05 07:06 - 2018-01-01 07:40 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
    2018-01-05 07:06 - 2018-01-01 07:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2018-01-05 07:06 - 2018-01-01 07:39 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2018-01-05 07:06 - 2018-01-01 07:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2018-01-05 07:06 - 2018-01-01 07:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
    2018-01-05 07:06 - 2018-01-01 07:38 - 003904808 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2018-01-05 07:06 - 2018-01-01 07:38 - 000519152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
    2018-01-05 07:06 - 2018-01-01 07:37 - 001426664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2018-01-05 07:06 - 2018-01-01 07:36 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
    2018-01-05 07:06 - 2018-01-01 07:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2018-01-05 07:06 - 2018-01-01 07:35 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2018-01-05 07:06 - 2018-01-01 07:34 - 007385088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2018-01-05 07:06 - 2018-01-01 07:33 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2018-01-05 07:06 - 2018-01-01 07:32 - 004481240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2018-01-05 07:06 - 2018-01-01 07:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2018-01-05 07:06 - 2018-01-01 07:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2018-01-05 07:06 - 2018-01-01 07:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2018-01-05 07:06 - 2018-01-01 07:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
    2018-01-05 07:06 - 2018-01-01 07:23 - 021352144 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2018-01-05 07:06 - 2018-01-01 07:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2018-01-05 07:06 - 2018-01-01 07:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2018-01-05 07:06 - 2018-01-01 06:53 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2018-01-05 07:06 - 2018-01-01 06:46 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2018-01-05 07:06 - 2018-01-01 06:45 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2018-01-05 07:06 - 2018-01-01 06:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2018-01-05 07:06 - 2018-01-01 06:45 - 002192624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2018-01-05 07:06 - 2018-01-01 06:43 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2018-01-05 07:06 - 2018-01-01 06:42 - 006479552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2018-01-05 07:06 - 2018-01-01 06:42 - 004644912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2018-01-05 07:06 - 2018-01-01 06:42 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2018-01-05 07:06 - 2018-01-01 06:42 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2018-01-05 07:06 - 2018-01-01 06:37 - 025247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2018-01-05 07:06 - 2018-01-01 06:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2018-01-05 07:06 - 2018-01-01 06:25 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2018-01-05 07:06 - 2018-01-01 06:25 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
    2018-01-05 07:06 - 2018-01-01 06:25 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
    2018-01-05 07:06 - 2018-01-01 06:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
    2018-01-05 07:06 - 2018-01-01 06:24 - 003668480 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2018-01-05 07:06 - 2018-01-01 06:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2018-01-05 07:06 - 2018-01-01 06:23 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
    2018-01-05 07:06 - 2018-01-01 06:23 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
    2018-01-05 07:06 - 2018-01-01 06:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2018-01-05 07:06 - 2018-01-01 06:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
    2018-01-05 07:06 - 2018-01-01 06:20 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2018-01-05 07:06 - 2018-01-01 06:20 - 018917888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2018-01-05 07:06 - 2018-01-01 06:19 - 008014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2018-01-05 07:06 - 2018-01-01 06:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2018-01-05 07:06 - 2018-01-01 06:19 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
    2018-01-05 07:06 - 2018-01-01 06:19 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2018-01-05 07:06 - 2018-01-01 06:19 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2018-01-05 07:06 - 2018-01-01 06:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
    2018-01-05 07:06 - 2018-01-01 06:18 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2018-01-05 07:06 - 2018-01-01 06:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
    2018-01-05 07:06 - 2018-01-01 06:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2018-01-05 07:06 - 2018-01-01 06:17 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2018-01-05 07:06 - 2018-01-01 06:17 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2018-01-05 07:06 - 2018-01-01 06:17 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2018-01-05 07:06 - 2018-01-01 06:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2018-01-05 07:06 - 2018-01-01 06:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
    2018-01-05 07:06 - 2018-01-01 06:16 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2018-01-05 07:06 - 2018-01-01 06:16 - 003676672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2018-01-05 07:06 - 2018-01-01 06:16 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2018-01-05 07:06 - 2018-01-01 06:16 - 000812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2018-01-05 07:06 - 2018-01-01 06:16 - 000720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2018-01-05 07:06 - 2018-01-01 06:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2018-01-05 07:06 - 2018-01-01 06:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2018-01-05 07:06 - 2018-01-01 06:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2018-01-05 07:06 - 2018-01-01 06:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2018-01-05 07:06 - 2018-01-01 06:15 - 006029312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2018-01-05 07:06 - 2018-01-01 06:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2018-01-05 07:06 - 2018-01-01 06:14 - 023655936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2018-01-05 07:06 - 2018-01-01 06:14 - 002465280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2018-01-05 07:06 - 2018-01-01 06:14 - 001495040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2018-01-05 07:06 - 2018-01-01 06:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2018-01-05 07:06 - 2018-01-01 06:13 - 012830208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2018-01-05 07:06 - 2018-01-01 06:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
    2018-01-05 07:06 - 2018-01-01 06:13 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2018-01-05 07:06 - 2018-01-01 06:13 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2018-01-05 07:06 - 2018-01-01 06:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2018-01-05 07:06 - 2018-01-01 06:12 - 002208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2018-01-05 07:06 - 2018-01-01 06:12 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2018-01-05 07:06 - 2018-01-01 06:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2018-01-05 07:06 - 2018-01-01 06:11 - 008108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2018-01-05 07:06 - 2018-01-01 06:11 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2018-01-05 07:06 - 2018-01-01 06:11 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2018-01-05 07:06 - 2018-01-01 06:11 - 003165696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2018-01-05 07:06 - 2018-01-01 06:11 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2018-01-05 07:06 - 2018-01-01 06:11 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2018-01-05 07:06 - 2018-01-01 06:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2018-01-05 07:06 - 2018-01-01 06:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2018-01-05 07:06 - 2018-01-01 06:09 - 001487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2018-01-05 07:06 - 2018-01-01 06:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2018-01-05 07:06 - 2018-01-01 06:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2018-01-05 07:06 - 2018-01-01 06:08 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2018-01-05 07:06 - 2018-01-01 06:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
    2018-01-05 07:06 - 2018-01-01 06:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2018-01-05 07:05 - 2018-01-01 07:54 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2018-01-05 07:05 - 2018-01-01 07:53 - 001090984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2018-01-05 07:05 - 2018-01-01 07:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
    2018-01-05 07:05 - 2018-01-01 07:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
    2018-01-05 07:05 - 2018-01-01 07:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
    2018-01-05 07:05 - 2018-01-01 07:50 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
    2018-01-05 07:05 - 2018-01-01 07:49 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2018-01-05 07:05 - 2018-01-01 07:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2018-01-05 07:05 - 2018-01-01 07:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2018-01-05 07:05 - 2018-01-01 07:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2018-01-05 07:05 - 2018-01-01 07:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2018-01-05 07:05 - 2018-01-01 07:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2018-01-05 07:05 - 2018-01-01 07:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2018-01-05 07:05 - 2018-01-01 07:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2018-01-05 07:05 - 2018-01-01 07:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
    2018-01-05 07:05 - 2018-01-01 07:42 - 001029016 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2018-01-05 07:05 - 2018-01-01 07:42 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2018-01-05 07:05 - 2018-01-01 07:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
    2018-01-05 07:05 - 2018-01-01 07:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2018-01-05 07:05 - 2018-01-01 07:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2018-01-05 07:05 - 2018-01-01 07:38 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2018-01-05 07:05 - 2018-01-01 07:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
    2018-01-05 07:05 - 2018-01-01 07:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
    2018-01-05 07:05 - 2018-01-01 07:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2018-01-05 07:05 - 2018-01-01 07:36 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2018-01-05 07:05 - 2018-01-01 07:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
    2018-01-05 07:05 - 2018-01-01 07:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
    2018-01-05 07:05 - 2018-01-01 07:35 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
    2018-01-05 07:05 - 2018-01-01 07:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2018-01-05 07:05 - 2018-01-01 07:34 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2018-01-05 07:05 - 2018-01-01 07:34 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2018-01-05 07:05 - 2018-01-01 07:33 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2018-01-05 07:05 - 2018-01-01 07:32 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2018-01-05 07:05 - 2018-01-01 07:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2018-01-05 07:05 - 2018-01-01 07:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
    2018-01-05 07:05 - 2018-01-01 07:21 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2018-01-05 07:05 - 2018-01-01 07:21 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2018-01-05 07:05 - 2018-01-01 07:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2018-01-05 07:05 - 2018-01-01 07:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2018-01-05 07:05 - 2018-01-01 07:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2018-01-05 07:05 - 2018-01-01 06:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2018-01-05 07:05 - 2018-01-01 06:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
    2018-01-05 07:05 - 2018-01-01 06:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2018-01-05 07:05 - 2018-01-01 06:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2018-01-05 07:05 - 2018-01-01 06:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2018-01-05 07:05 - 2018-01-01 06:42 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2018-01-05 07:05 - 2018-01-01 06:42 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2018-01-05 07:05 - 2018-01-01 06:42 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2018-01-05 07:05 - 2018-01-01 06:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2018-01-05 07:05 - 2018-01-01 06:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
    2018-01-05 07:05 - 2018-01-01 06:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2018-01-05 07:05 - 2018-01-01 06:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2018-01-05 07:05 - 2018-01-01 06:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2018-01-05 07:05 - 2018-01-01 06:23 - 000385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
    2018-01-05 07:05 - 2018-01-01 06:23 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
    2018-01-05 07:05 - 2018-01-01 06:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2018-01-05 07:05 - 2018-01-01 06:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
    2018-01-05 07:05 - 2018-01-01 06:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2018-01-05 07:05 - 2018-01-01 06:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2018-01-05 07:05 - 2018-01-01 06:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
    2018-01-05 07:05 - 2018-01-01 06:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
    2018-01-05 07:05 - 2018-01-01 06:21 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2018-01-05 07:05 - 2018-01-01 06:21 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
    2018-01-05 07:05 - 2018-01-01 06:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2018-01-05 07:05 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
    2018-01-05 07:05 - 2018-01-01 06:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
    2018-01-05 07:05 - 2018-01-01 06:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2018-01-05 07:05 - 2018-01-01 06:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
    2018-01-05 07:05 - 2018-01-01 06:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
    2018-01-05 07:05 - 2018-01-01 06:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
    2018-01-05 07:05 - 2018-01-01 06:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
    2018-01-05 07:05 - 2018-01-01 06:20 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2018-01-05 07:05 - 2018-01-01 06:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2018-01-05 07:05 - 2018-01-01 06:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
    2018-01-05 07:05 - 2018-01-01 06:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2018-01-05 07:05 - 2018-01-01 06:19 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
    2018-01-05 07:05 - 2018-01-01 06:19 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2018-01-05 07:05 - 2018-01-01 06:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 006564864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 000594432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
    2018-01-05 07:05 - 2018-01-01 06:17 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2018-01-05 07:05 - 2018-01-01 06:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
    2018-01-05 07:05 - 2018-01-01 06:16 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
    2018-01-05 07:05 - 2018-01-01 06:15 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2018-01-05 07:05 - 2018-01-01 06:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
    2018-01-05 07:05 - 2018-01-01 06:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2018-01-05 07:05 - 2018-01-01 06:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2018-01-05 07:05 - 2018-01-01 06:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2018-01-05 07:05 - 2018-01-01 06:15 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2018-01-05 07:05 - 2018-01-01 06:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
    2018-01-05 07:05 - 2018-01-01 06:15 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
    2018-01-05 07:05 - 2018-01-01 06:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
    2018-01-05 07:05 - 2018-01-01 06:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
    2018-01-05 07:05 - 2018-01-01 06:14 - 001003008 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2018-01-05 07:05 - 2018-01-01 06:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2018-01-05 07:05 - 2018-01-01 06:14 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2018-01-05 07:05 - 2018-01-01 06:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
    2018-01-05 07:05 - 2018-01-01 06:13 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2018-01-05 07:05 - 2018-01-01 06:13 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2018-01-05 07:05 - 2018-01-01 06:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2018-01-05 07:05 - 2018-01-01 06:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2018-01-05 07:05 - 2018-01-01 06:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2018-01-05 07:05 - 2018-01-01 06:12 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2018-01-05 07:05 - 2018-01-01 06:11 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2018-01-05 07:05 - 2018-01-01 06:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
    2018-01-05 07:05 - 2018-01-01 06:11 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2018-01-05 07:05 - 2018-01-01 06:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2018-01-05 07:05 - 2018-01-01 06:11 - 001231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2018-01-05 07:05 - 2018-01-01 06:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2018-01-05 07:05 - 2018-01-01 06:10 - 003126272 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2018-01-05 07:05 - 2018-01-01 06:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2018-01-05 07:05 - 2018-01-01 06:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
    2018-01-05 07:05 - 2018-01-01 06:09 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
    2018-01-05 07:05 - 2018-01-01 06:09 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2018-01-05 07:05 - 2018-01-01 06:08 - 000963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2018-01-05 07:05 - 2018-01-01 06:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
    2018-01-05 07:05 - 2018-01-01 06:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
    2018-01-05 07:05 - 2018-01-01 06:05 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
    2018-01-05 06:56 - 2018-01-19 20:10 - 002479912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-01-05 06:55 - 2018-01-17 20:48 - 000000000 ____D C:\Users\james\AppData\Local\ElevatedDiagnostics
    2018-01-05 05:40 - 2018-01-19 01:47 - 000000000 ____D C:\Users\james\AppData\Local\LenovoServiceBridge
    2018-01-04 21:20 - 2018-01-04 21:20 - 000000000 ____D C:\Users\james\Downloads\Hill-House
    2018-01-04 21:04 - 2018-01-04 21:04 - 000000000 ____D C:\Users\james\AppData\Local\OfficeBSCache-OD-jamesscotman1@gmail.com
    2018-01-04 21:00 - 2018-01-12 21:14 - 000000000 ____D C:\Users\james\AppData\LocalLow\Temp
    2018-01-04 01:37 - 2018-01-04 01:37 - 000000000 ____D C:\Users\james\AppData\Local\SkyGears
    2018-01-03 22:00 - 2018-01-03 22:00 - 000041800 _____ (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
    2018-01-03 21:49 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180103-214914.backup
    2018-01-03 21:47 - 2018-01-17 13:42 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2018-01-03 21:47 - 2018-01-16 23:55 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2018-01-03 21:47 - 2018-01-03 21:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2018-01-03 21:08 - 2018-01-03 21:08 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4253E7E1.sys
    2018-01-03 21:00 - 2018-01-03 21:00 - 006625600 _____ (Zemana Ltd. ) C:\Users\james\Desktop\Zemana.AntiMalware.Setup.exe
    2017-12-31 15:30 - 2017-12-31 15:30 - 000000000 ____D C:\Users\james\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
    2017-12-31 14:53 - 2018-01-03 21:19 - 000000290 _____ C:\WINDOWS\Tasks\Test.job
    2017-12-31 01:34 - 2018-01-19 22:39 - 123731968 _____ C:\WINDOWS\system32\config\SOFTWARE
    2017-12-31 01:30 - 2017-12-31 01:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
    2017-12-30 22:13 - 2017-12-30 22:13 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2432438A.sys
    2017-12-30 20:31 - 2017-12-30 20:31 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2017-12-30 20:21 - 2017-12-30 20:30 - 000000000 ____D C:\Users\james\AppData\Roaming\Apple Computer
    2017-12-30 20:21 - 2017-12-30 20:21 - 000000000 ____D C:\Users\james\AppData\Local\Apple Computer
    2017-12-30 20:17 - 2018-01-13 19:52 - 000001823 _____ C:\Users\Public\Desktop\iTunes.lnk
    2017-12-30 20:17 - 2018-01-13 19:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2017-12-30 20:17 - 2017-12-30 20:17 - 000000000 ____D C:\Program Files\iPod
    2017-12-30 20:16 - 2017-12-30 20:16 - 000000000 ____D C:\ProgramData\Apple Computer
    2017-12-30 20:15 - 2017-12-30 20:15 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Users\james\AppData\Local\Apple
    2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files\Bonjour
    2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files (x86)\Bonjour
    2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
    2017-12-30 20:14 - 2017-12-30 20:15 - 000000000 ____D C:\ProgramData\Apple
    2017-12-30 20:14 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files\Common Files\Apple
    2017-12-30 19:04 - 2017-12-30 19:04 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_01009.Wdf
    2017-12-30 19:03 - 2017-12-30 19:03 - 000002739 _____ C:\Users\Public\Desktop\Lenovo Diagnostics Tool Lite.lnk
    2017-12-30 18:18 - 2017-12-30 19:03 - 000000000 ____D C:\Users\james\AppData\Local\Downloaded Installations
    2017-12-30 18:18 - 2017-12-30 18:18 - 000000000 ____D C:\Program Files (x86)\Silicon Power
    2017-12-30 18:15 - 2017-12-30 18:18 - 000000000 ____D C:\Users\james\Downloads\Silicon Power
    2017-12-30 17:18 - 2017-12-30 17:18 - 000133442 _____ C:\Users\james\Documents\ADWA783.pdf
    2017-12-30 17:18 - 2017-12-30 17:18 - 000067758 _____ C:\Users\james\Documents\James Tallach W9 Childrens Theater 2016.pdf
    2017-12-30 17:00 - 2017-12-30 17:00 - 000119331 _____ C:\Users\james\Documents\fw9 (2).pdf
    2017-12-30 11:12 - 2017-12-30 11:12 - 000000000 ____D C:\Users\james\Documents\Zoom
    2017-12-30 10:37 - 2017-12-30 10:37 - 001099005 _____ C:\Users\james\Documents\Puck and Oberon together .pdf
    2017-12-30 10:34 - 2017-12-30 10:34 - 000166115 _____ C:\Users\james\Documents\Jakle Email.pdf
    2017-12-30 10:34 - 2017-12-30 10:34 - 000162134 _____ C:\Users\james\Documents\James EMail.pdf
    2017-12-29 22:31 - 2018-01-17 16:53 - 000000000 ____D C:\ProgramData\Logishrd
    2017-12-29 22:31 - 2017-12-29 22:31 - 000000000 ____D C:\Users\james\AppData\Local\Logitech
    2017-12-29 22:29 - 2018-01-17 13:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    2017-12-29 22:29 - 2018-01-17 13:40 - 000000000 ____D C:\Program Files\Logitech Gaming Software
    2017-12-29 22:28 - 2017-12-29 22:28 - 000000000 ____D C:\Users\james\AppData\Roaming\Logitech
    2017-12-29 22:28 - 2017-12-29 22:28 - 000000000 ____D C:\Users\james\AppData\Roaming\Logishrd
    2017-12-29 22:25 - 2017-12-29 22:25 - 000106077 _____ C:\Users\james\Documents\Logitech drive mount amazon invoice.pdf
    2017-12-29 21:13 - 2017-12-29 21:13 - 000000000 ____D C:\Program Files\Common Files\logishrd
    2017-12-29 13:23 - 2017-12-29 13:23 - 002189323 _____ C:\Users\james\Documents\TALLACH BILL.pdf
    2017-12-29 10:14 - 2017-12-29 10:14 - 000165421 _____ C:\Users\james\Documents\READ ME FIRST.pdf
    2017-12-29 09:49 - 2017-12-29 09:49 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2017-12-29 09:49 - 2017-12-29 09:49 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2017-12-29 09:39 - 2017-12-29 09:39 - 000006335 _____ C:\Users\james\Documents\Cisco_AnyConnect_VPN_Statistics.txt
    2017-12-29 09:30 - 2017-12-29 09:30 - 000000000 ____D C:\WINDOWS\PCHEALTH
    2017-12-29 09:30 - 2017-12-29 09:30 - 000000000 ____D C:\Program Files\Microsoft SQL Server
    2017-12-29 09:30 - 2017-12-29 09:30 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
    2017-12-29 09:29 - 2017-12-29 09:31 - 000000000 ____D C:\WINDOWS\SHELLNEW
    2017-12-29 09:29 - 2017-12-29 09:29 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
    2017-12-29 09:29 - 2017-12-29 09:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
    2017-12-29 09:28 - 2017-12-29 09:28 - 000000000 __RHD C:\MSOCache
    2017-12-29 09:28 - 2017-12-29 09:28 - 000000000 ____D C:\Users\james\AppData\Local\Microsoft Help
    2017-12-29 09:07 - 2017-12-29 22:24 - 000000000 ____D C:\Users\james\AppData\LocalLow\Adobe
    2017-12-29 09:07 - 2017-12-29 09:07 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
    2017-12-29 09:03 - 2018-01-19 21:37 - 000004572 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2017-12-29 09:03 - 2017-12-29 09:11 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 2017.lnk
    2017-12-29 09:03 - 2017-12-29 09:11 - 000002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller 2017.lnk
    2017-12-29 09:03 - 2017-12-29 09:07 - 000000000 ____D C:\Users\james\AppData\Local\Adobe
    2017-12-29 09:03 - 2017-12-29 09:03 - 000002108 _____ C:\Users\Public\Desktop\Adobe Acrobat 2017.lnk
    2017-12-29 09:03 - 2017-12-29 09:03 - 000000040 ____H C:\B00ABA8F9801
    2017-12-29 09:02 - 2017-12-29 09:08 - 000000000 ____D C:\ProgramData\Adobe
    2017-12-29 09:02 - 2017-12-29 09:02 - 000000000 ____D C:\Program Files (x86)\Adobe
    2017-12-29 08:40 - 2017-12-29 08:40 - 000000000 ____D C:\Users\james\.cisco
    2017-12-29 08:39 - 2018-01-05 07:08 - 000000000 ____D C:\ProgramData\Cisco
    2017-12-29 08:39 - 2017-12-29 08:39 - 000000000 ____D C:\Users\james\AppData\Local\Cisco
    2017-12-29 08:28 - 2017-12-29 08:28 - 000001662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CertAid for Windows.lnk
    2017-12-29 08:28 - 2017-12-29 08:28 - 000001650 _____ C:\Users\Public\Desktop\CertAid for Windows.lnk
    2017-12-29 08:28 - 2017-12-29 08:28 - 000000000 ____D C:\Program Files (x86)\CertAid
    2017-12-29 08:19 - 2017-12-29 08:19 - 000000000 ____D C:\ProgramData\Firewall_Scanner
    2017-12-29 08:19 - 2017-12-29 08:19 - 000000000 ____D C:\LOG
    2017-12-29 07:38 - 2017-12-29 07:42 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
    2017-12-29 07:38 - 2017-12-29 07:38 - 000000000 ____D C:\Users\james\AppData\Local\AntiLogger Free
    2017-12-29 07:38 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
    2017-12-29 07:17 - 2018-01-15 16:04 - 000003800 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
    2017-12-29 07:16 - 2017-12-29 07:16 - 000000000 ____D C:\Users\james\Intel
    2017-12-29 06:45 - 2017-12-29 06:45 - 000000000 ____D C:\Users\james\AppData\Local\Visicom Media
    2017-12-28 18:55 - 2017-12-28 18:55 - 000000000 ____D C:\Users\james\Documents\Custom Office Templates
    2017-12-28 13:23 - 2018-01-19 14:24 - 000000000 ____D C:\Users\james\AppData\Roaming\Telegram Desktop
    2017-12-28 13:23 - 2017-12-28 13:23 - 000001039 _____ C:\Users\james\Desktop\Telegram.lnk
    2017-12-28 13:23 - 2017-12-28 13:23 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
    2017-12-28 11:47 - 2018-01-19 11:26 - 000000000 ____D C:\Users\james\AppData\Roaming\uTorrent
    2017-12-28 11:47 - 2017-12-28 11:47 - 000000903 _____ C:\Users\james\Desktop\µTorrent.lnk
    2017-12-28 11:47 - 2017-12-28 11:47 - 000000883 _____ C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
    2017-12-28 11:45 - 2018-01-20 07:59 - 000000000 ____D C:\Users\james\Downloads\torrents
    2017-12-28 10:51 - 2017-12-28 10:51 - 000000000 ____D C:\Users\james\AppData\Local\NVIDIA
    2017-12-28 10:51 - 2017-12-28 10:51 - 000000000 ____D C:\Users\james\AppData\Local\CEF
    2017-12-28 10:00 - 2018-01-04 18:51 - 000000000 ____D C:\QualityStats
    2017-12-28 09:57 - 2017-12-29 07:17 - 000000000 ____D C:\BIOS
    2017-12-28 09:56 - 2017-12-28 09:56 - 000000000 ____D C:\driver
    2017-12-28 09:55 - 2018-01-19 01:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
    2017-12-28 09:55 - 2017-12-31 14:49 - 000000000 ____D C:\Users\Public\Documents\Lenovo
    2017-12-28 09:44 - 2017-12-28 09:44 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
    2017-12-28 09:38 - 2017-12-28 09:38 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2017-12-28 09:33 - 2018-01-09 10:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
    2017-12-28 09:26 - 2017-12-28 09:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
    2017-12-28 09:17 - 2017-12-28 09:17 - 000000000 ____D C:\ProgramData\Coronet_Security
    2017-12-28 05:05 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2017-12-28 05:04 - 2018-01-19 22:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-12-28 05:04 - 2018-01-04 21:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
    2017-12-28 05:04 - 2017-12-28 05:04 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-12-28 05:04 - 2017-12-28 05:04 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-12-28 05:04 - 2017-12-28 05:04 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-12-28 05:04 - 2017-12-28 05:04 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-12-28 05:04 - 2017-12-28 05:04 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-12-28 05:04 - 2017-12-28 05:04 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-12-28 05:04 - 2017-12-28 05:04 - 000002768 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
    2017-12-28 05:04 - 2017-12-28 05:04 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
    2017-12-28 05:04 - 2017-12-28 05:04 - 000000000 _SHDL C:\Users\Default User
    2017-12-28 05:04 - 2017-12-28 05:04 - 000000000 _SHDL C:\Users\All Users
    2017-12-28 05:04 - 2017-12-28 05:04 - 000000000 _SHDL C:\Documents and Settings
    2017-12-28 05:03 - 2017-12-28 05:03 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2017-12-28 05:02 - 2017-12-28 05:02 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2017-12-28 05:00 - 2017-12-28 05:00 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2017-12-28 04:58 - 2018-01-20 07:09 - 000000000 ____D C:\ProgramData\NVIDIA
    2017-12-28 04:58 - 2018-01-10 10:58 - 000000000 ____D C:\Program Files\Intel
    2017-12-28 04:58 - 2018-01-08 21:37 - 000312687 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
    2017-12-28 04:58 - 2018-01-08 21:37 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2017-12-28 04:58 - 2018-01-08 21:37 - 000000000 ____D C:\WINDOWS\system32\DAX2
    2017-12-28 04:58 - 2017-12-28 10:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2017-12-28 04:58 - 2017-12-28 09:54 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Pen.lnk
    2017-12-28 04:58 - 2017-12-28 05:01 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2017-12-28 04:58 - 2017-12-28 05:01 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2017-12-28 04:58 - 2017-12-28 05:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000092 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_iMDriver_01_11_00.Wdf
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_wachidrouter_isd_01011.Wdf
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\ProgramData\DP45977C.lfl
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\WINDOWS\system32\Intel
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\ProgramData\Validity
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\Program Files\Realtek
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\Program Files\Dolby
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\Program Files (x86)\Realtek
    2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
    2017-12-28 04:58 - 2017-09-18 02:22 - 000140312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2017-12-28 04:58 - 2017-09-18 02:22 - 000116760 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
    2017-12-28 04:58 - 2017-09-02 00:12 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2017-12-28 04:58 - 2017-09-02 00:12 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2017-12-28 04:58 - 2017-09-02 00:12 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2017-12-28 04:58 - 2017-09-02 00:12 - 000549496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2017-12-28 04:58 - 2017-09-02 00:12 - 000392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2017-12-28 04:58 - 2017-09-02 00:12 - 000147576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
    2017-12-28 04:58 - 2017-09-02 00:12 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2017-12-28 04:58 - 2017-09-02 00:12 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2017-12-28 04:58 - 2017-09-02 00:08 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
    2017-12-28 04:58 - 2017-09-01 03:45 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin
    2017-12-28 04:58 - 2017-02-24 18:23 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
    2017-12-28 04:58 - 2017-02-24 18:23 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2017-12-28 04:58 - 2017-02-24 18:23 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2017-12-28 04:58 - 2017-02-24 18:23 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2017-12-28 04:57 - 2018-01-19 20:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-12-28 04:57 - 2018-01-10 11:35 - 000192087 _____ C:\WINDOWS\system32\catroot2.bak
    2017-12-28 04:57 - 2017-12-28 04:57 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2017-12-28 03:25 - 2018-01-08 16:04 - 000001938 _____ C:\Users\james\Desktop\Zoom.lnk
    2017-12-28 03:24 - 2018-01-08 16:04 - 000000000 ____D C:\Users\james\AppData\Roaming\Zoom
    2017-12-28 03:17 - 2017-12-28 03:17 - 000002087 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
    2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Users\james\AppData\Local\IsolatedStorage
    2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Users\james\AppData\Local\ExpressVPN
    2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
    2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\ProgramData\ExpressVPN
    2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Program Files (x86)\ExpressVpn Tap Driver Win10
    2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Program Files (x86)\ExpressVpn SplitTunnel Driver
    2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
    2017-12-28 03:14 - 2017-12-28 03:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
    2017-12-28 03:14 - 2017-12-28 03:14 - 000000000 ____D C:\Program Files (x86)\LAV Filters
    2017-12-28 03:12 - 2018-01-19 15:08 - 000000000 ____D C:\Users\james\AppData\Local\ManyCam
    2017-12-28 03:12 - 2018-01-19 02:49 - 000000000 ____D C:\Users\james\AppData\Roaming\NVIDIA
    2017-12-28 03:12 - 2017-12-28 03:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
    2017-12-28 03:12 - 2017-12-28 03:12 - 000000000 ____D C:\ProgramData\ManyCam
    2017-12-28 03:11 - 2018-01-19 15:08 - 000000000 ____D C:\Users\james\AppData\Roaming\ManyCam
    2017-12-28 03:11 - 2017-12-28 03:12 - 000000000 ____D C:\Program Files (x86)\ManyCam
    2017-12-28 03:09 - 2018-01-19 03:14 - 000000923 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2017-12-28 03:09 - 2018-01-19 03:10 - 000000000 ____D C:\Program Files (x86)\VideoLAN
    2017-12-28 02:52 - 2017-12-28 02:52 - 000000000 ____D C:\Users\james\AppData\Local\DBG
    2017-12-28 02:50 - 2017-12-28 02:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3020531464-1668614112-2457240111-1001
    2017-12-28 02:42 - 2018-01-16 20:28 - 000000000 ____D C:\ProgramData\Malwarebytes
    2017-12-28 02:42 - 2017-12-28 02:42 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\56752408.sys
    2017-12-28 02:39 - 2018-01-12 08:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2017-12-28 02:39 - 2017-12-28 02:39 - 000000000 ___HD C:\OneDriveTemp
    2017-12-28 02:37 - 2018-01-03 20:50 - 000000000 ____D C:\Program Files\Recuva
    2017-12-28 02:37 - 2017-12-28 02:37 - 000001706 _____ C:\Users\Public\Desktop\Recuva.lnk
    2017-12-28 02:37 - 2017-12-28 02:37 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
    2017-12-28 02:37 - 2017-12-28 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
    2017-12-28 02:37 - 2017-12-28 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    2017-12-28 02:37 - 2017-12-28 02:37 - 000000000 ____D C:\Program Files\Speccy
    2017-12-28 02:35 - 2017-12-28 02:35 - 000001772 _____ C:\Users\Public\Desktop\Defraggler.lnk
    2017-12-28 02:35 - 2017-12-28 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
    2017-12-28 02:35 - 2017-12-28 02:35 - 000000000 ____D C:\Program Files\Defraggler
    2017-12-28 02:29 - 2018-01-20 10:32 - 000367559 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2017-12-28 02:29 - 2018-01-19 22:40 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2017-12-28 02:29 - 2018-01-19 22:32 - 000798433 _____ C:\WINDOWS\ZAM.krnl.trace
    2017-12-28 02:29 - 2017-12-28 02:29 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
    2017-12-28 02:28 - 2017-12-28 02:28 - 000000000 ____D C:\Users\james\AppData\Local\Zemana
    2017-12-28 02:26 - 2018-01-18 09:09 - 000000000 ____D C:\Users\james\AppData\Local\PlaceholderTileLogoFolder
    2017-12-28 02:23 - 2018-01-11 12:08 - 000000000 ____D C:\Users\james\AppData\Roaming\Google
    2017-12-28 02:17 - 2018-01-20 07:21 - 000095119 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
    2017-12-28 02:17 - 2018-01-11 11:52 - 000000000 ____D C:\Users\james\AppData\Local\Google
    2017-12-28 02:17 - 2017-12-30 19:04 - 000000000 ____D C:\Users\james\AppData\Local\Lenovo
    2017-12-28 02:12 - 2018-01-10 19:00 - 000000000 ____D C:\Users\james\AppData\Local\PackageStaging
    2017-12-28 02:12 - 2018-01-09 20:58 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-12-28 02:12 - 2018-01-09 20:55 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
    2017-12-28 02:12 - 2018-01-09 20:54 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-12-28 02:12 - 2017-12-29 10:14 - 000000000 ____D C:\Users\james\AppData\Roaming\Adobe
    2017-12-28 02:12 - 2017-12-28 02:12 - 000000000 ____D C:\Users\james\AppData\Roaming\Macromedia
    2017-12-28 02:12 - 2017-12-28 02:12 - 000000000 ____D C:\Users\james\AppData\Local\Comms
    2017-12-28 02:11 - 2017-12-28 02:11 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3020531464-1668614112-2457240111-1001
    2017-12-28 02:11 - 2017-12-28 02:11 - 000000000 ____D C:\Users\Public\Lenovo App Explorer
    2017-12-28 02:10 - 2018-01-19 22:46 - 001982376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-12-28 02:10 - 2017-12-28 10:53 - 000000000 ____D C:\Users\james\AppData\Local\NVIDIA Corporation
    2017-12-28 02:10 - 2017-12-28 02:40 - 000000000 ___RD C:\Users\james\OneDrive
    2017-12-28 02:10 - 2017-12-28 02:11 - 000002374 _____ C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2017-12-28 02:10 - 2017-12-28 02:10 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2017-12-28 02:09 - 2017-12-28 02:30 - 000000000 ____D C:\Users\james\AppData\Local\Publishers
    2017-12-28 02:09 - 2017-12-28 02:09 - 000000000 ___HD C:\Users\james\MicrosoftEdgeBackups
    2017-12-28 02:09 - 2017-12-28 02:09 - 000000000 ____D C:\Users\james\AppData\Local\MicrosoftEdge
    2017-12-28 02:08 - 2018-01-20 07:07 - 000000000 __SHD C:\Users\james\IntelGraphicsProfiles
    2017-12-28 02:08 - 2018-01-19 22:41 - 000000000 ____D C:\Users\james\AppData\Local\Packages
    2017-12-28 02:08 - 2018-01-06 17:36 - 000000000 ___RD C:\Users\james\3D Objects
    2017-12-28 02:08 - 2017-12-28 02:10 - 000000000 ____D C:\Users\james\AppData\Local\ConnectedDevicesPlatform
    2017-12-28 02:08 - 2017-12-28 02:08 - 000000000 ____D C:\Users\james\AppData\Roaming\WTablet
    2017-12-28 02:08 - 2017-12-28 02:08 - 000000000 ____D C:\Users\james\AppData\Local\VirtualStore
    2017-12-28 02:07 - 2018-01-19 20:59 - 000000000 ____D C:\Users\james
    2017-12-28 02:07 - 2017-12-28 02:07 - 000000020 ___SH C:\Users\james\ntuser.ini
    2017-12-28 02:07 - 2017-12-28 02:07 - 000000000 ____D C:\ProgramData\USOShared
    2017-12-28 01:49 - 2017-12-28 01:49 - 000000000 ____D C:\WINDOWS\InfusedApps
    2017-12-28 01:49 - 2015-04-28 13:06 - 000043256 _____ C:\WINDOWS\system32\oemlogo.bmp
    2017-12-28 01:48 - 2017-12-28 01:48 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2017-12-28 01:47 - 2018-01-19 01:47 - 000000000 ____D C:\ProgramData\Lenovo
    2017-12-28 01:47 - 2018-01-19 01:47 - 000000000 ____D C:\Program Files (x86)\Lenovo
    2017-12-28 01:47 - 2017-12-30 19:03 - 000000000 ____D C:\Program Files\Lenovo
    2017-12-28 01:47 - 2017-12-28 09:33 - 000000000 ____D C:\WINDOWS\IAStorAfsService
    2017-12-28 01:47 - 2017-12-28 04:58 - 000000000 ____D C:\Intel
    2017-12-28 01:47 - 2017-12-28 01:47 - 000000000 ____D C:\WINDOWS\Firmware
    2017-12-28 01:47 - 2017-12-28 01:47 - 000000000 ____D C:\Program Files\Tablet
    2017-12-28 01:45 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\Setup
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\vi-VN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ur-PK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ug-CN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\tt-RU
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\tk-TM
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\te-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ta-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sw-KE
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sq-AL
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\si-LK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\quz-PE
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\prs-AF
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\pa-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\or-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\nn-NO
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ne-NP
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mt-MT
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mr-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mn-MN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ml-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mk-MK
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\lo-LA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\lb-LU
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ky-KG
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\kok-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\kn-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\km-KH
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ka-GE
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\is-IS
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\id-ID
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\hy-AM
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\gu-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\gd-GB
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ga-IE
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\fil-PH
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\fa-IR
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\cy-GB
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\bn-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\bn-BD
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\be-BY
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\as-IN
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\am-ET
    2017-12-28 01:44 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\af-ZA
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\winrm
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\WCN
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\slmgr
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\hi-IN
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\gl-ES
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\eu-ES
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\ca-ES
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\0409
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\OCR
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\DigitalLocker
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files\Reference Assemblies
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files\MSBuild
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2017-12-28 01:44 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2017-12-28 01:43 - 2017-12-22 08:45 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2017-12-28 01:43 - 2017-12-22 08:45 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2017-12-28 01:41 - 2018-01-20 07:11 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
    2017-12-28 01:41 - 2018-01-20 07:10 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-12-28 01:41 - 2018-01-20 07:10 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-12-28 01:41 - 2018-01-19 22:35 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2017-12-28 01:41 - 2018-01-19 22:00 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
    2017-12-28 01:41 - 2018-01-19 21:50 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
    2017-12-28 01:41 - 2018-01-19 21:31 - 000000000 ___RD C:\Program Files (x86)
    2017-12-28 01:41 - 2018-01-19 02:30 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-12-28 01:41 - 2018-01-17 00:05 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-12-28 01:41 - 2018-01-15 09:30 - 000000000 ____D C:\WINDOWS\system32\AppLocker
    2017-12-28 01:41 - 2018-01-12 19:54 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2017-12-28 01:41 - 2018-01-07 19:36 - 000000000 ____D C:\WINDOWS\Registration
    2017-12-28 01:41 - 2018-01-07 09:39 - 000000000 ____D C:\WINDOWS\rescache
    2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ___SD C:\WINDOWS\system32\F12
    2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\TextInput
    2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\system32\Dism
    2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2017-12-28 01:41 - 2018-01-06 17:35 - 000000000 ____D C:\WINDOWS\Provisioning
    2017-12-28 01:41 - 2017-12-29 09:29 - 000000000 ____D C:\Program Files\Common Files\system
    2017-12-28 01:41 - 2017-12-28 09:33 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-12-28 01:41 - 2017-12-28 07:53 - 000000000 ____D C:\WINDOWS\appcompat
    2017-12-28 01:41 - 2017-12-28 05:05 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2017-12-28 01:41 - 2017-12-28 05:04 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2017-12-28 01:41 - 2017-12-28 05:01 - 000000000 ____D C:\WINDOWS\system32\spool
    2017-12-28 01:41 - 2017-12-28 04:59 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2017-12-28 01:41 - 2017-12-28 04:59 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-12-28 01:41 - 2017-12-28 04:59 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2017-12-28 01:41 - 2017-12-28 04:58 - 000000000 ____D C:\WINDOWS\Help
    2017-12-28 01:41 - 2017-12-28 04:57 - 000000000 ____D C:\WINDOWS\system32\config\TxR
    2017-12-28 01:41 - 2017-12-28 02:07 - 000000000 ____D C:\ProgramData\USOPrivate
    2017-12-28 01:41 - 2017-12-28 01:49 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2017-12-28 01:41 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2017-12-28 01:41 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2017-12-28 01:41 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2017-12-28 01:41 - 2017-12-28 01:45 - 000000000 ____D C:\Program Files\Windows Defender
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ___SD C:\WINDOWS\system32\dsc
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\SysWOW64\com
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\setup
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\MUI
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\system32\com
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\IME
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-12-28 01:41 - 2017-12-28 01:44 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 __SHD C:\Program Files\Windows Sidebar
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 __RSD C:\WINDOWS\media
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 __RHD C:\Users\Public\Libraries
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\system32\Nui
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___SD C:\WINDOWS\system32\Configuration
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Web
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Vss
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\tracing
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\TAPI
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SystemResources
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SystemApps
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\winevt
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\ras
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\PointOfService
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\MsDtc
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\Ipmi
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\InputMethod
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\IME
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\icsxml
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\ias
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\hydrogen
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\downlevel
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\DDFs
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\config\Journal
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\Bthprops
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\System
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SKB
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\security
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\schemas
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\SchCache
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Resources
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\PLA
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Performance
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\ModemLogs
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\L2Schemas
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\InputMethod
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Globalization
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Cursors
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\Branding
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\bcastdvr
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\addins
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\Windows Security
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\Windows Portable Devices
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\windows nt
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files\Common Files\Services
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files (x86)\windows nt
    2017-12-28 01:41 - 2017-12-28 01:41 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2017-12-28 01:41 - 2017-12-28 01:40 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2017-12-28 01:41 - 2017-12-28 01:40 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
    2017-12-28 01:41 - 2017-12-28 01:40 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
    2017-12-28 01:41 - 2017-12-28 01:40 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
    2017-12-28 01:41 - 2017-12-28 01:40 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2017-12-28 01:41 - 2017-12-28 01:40 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
    2017-12-28 01:41 - 2017-12-28 01:40 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
    2017-12-28 01:41 - 2017-12-28 01:40 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
    2017-12-28 01:41 - 2017-12-28 01:40 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
    2017-12-28 01:41 - 2017-12-28 01:40 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
    2017-12-28 01:40 - 2018-01-17 20:21 - 000000000 ____D C:\WINDOWS\INF
    2017-12-28 01:37 - 2018-01-19 22:39 - 025165824 _____ C:\WINDOWS\system32\config\SYSTEM
    2017-12-28 01:37 - 2018-01-19 22:39 - 005505024 _____ C:\WINDOWS\system32\config\DEFAULT
    2017-12-28 01:37 - 2018-01-19 22:39 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2017-12-28 01:37 - 2018-01-19 22:39 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
    2017-12-28 01:37 - 2018-01-16 07:37 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-12-28 01:37 - 2018-01-11 14:39 - 000131072 _____ C:\WINDOWS\system32\config\SAM
    2017-12-28 01:37 - 2018-01-11 12:33 - 000000000 ____D C:\WINDOWS\Panther
    2017-12-28 01:37 - 2017-12-28 02:57 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2017-12-28 01:37 - 2017-12-28 01:44 - 000000000 ____D C:\WINDOWS\servicing
    2017-12-28 01:37 - 2017-12-28 01:41 - 000000000 ____D C:\WINDOWS\system32\SMI
    2017-12-27 22:34 - 2017-12-28 01:49 - 000000000 ___HD C:\$SysReset
    2017-12-26 08:42 - 2017-05-24 11:10 - 002371160 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_Tablet.dll
    2017-12-26 08:42 - 2017-05-24 11:10 - 002205272 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\wintab32.dll
    2017-12-26 08:42 - 2017-05-24 11:10 - 001813336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01011.dll
    2017-12-26 08:42 - 2017-05-24 11:10 - 001779288 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\ISD_Tablet.dll
    2017-12-26 08:42 - 2017-05-24 11:10 - 001632344 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\wintab32.dll
    2017-12-26 08:42 - 2017-05-24 11:10 - 000142424 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Drivers\wachidrouter_isd.sys
    2017-12-26 08:42 - 2017-05-24 11:10 - 000139864 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_INFInstallCoinst73438.dll


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2018-01-19 20:56 - 2017-09-29 08:42 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
    2018-01-19 20:56 - 2017-09-29 08:42 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxinit.dll
    2018-01-15 16:04 - 2017-07-24 17:11 - 000000000 ____D C:\ProgramData\Package Cache
    2018-01-12 06:58 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2018-01-10 13:32 - 2017-07-24 17:12 - 000000000 ____D C:\ProgramData\Intel
    2018-01-10 10:58 - 2017-07-24 17:12 - 000000000 ____D C:\Program Files (x86)\Intel
    2018-01-06 17:36 - 2017-03-23 12:27 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-01-05 07:06 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
    2018-01-05 07:06 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2018-01-05 07:06 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2018-01-03 20:52 - 2017-07-24 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stagelight
    2017-12-28 05:01 - 2017-07-24 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2017-12-28 05:01 - 2017-07-24 16:50 - 000000000 ___HD C:\UserGuidePDF
    2017-12-28 05:01 - 2017-03-18 21:32 - 000000000 ____D C:\WINDOWS\HoloShell
    2017-12-28 01:39 - 2017-09-29 08:40 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys


    ==================== Files in the root of some directories =======


    2018-01-19 09:24 - 2018-01-19 20:23 - 000007603 _____ () C:\Users\james\AppData\Local\Resmon.ResmonCfg


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2018-01-19 22:00


    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.01.2018 01
    Ran by james (20-01-2018 10:33:10)
    Running from C:\Users\james\Downloads
    Windows 10 Home Version 1709 16299.192 (X64) (2017-12-28 10:04:56)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-3020531464-1668614112-2457240111-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-3020531464-1668614112-2457240111-503 - Limited - Disabled)
    Guest (S-1-5-21-3020531464-1668614112-2457240111-501 - Limited - Disabled)
    james (S-1-5-21-3020531464-1668614112-2457240111-1001 - Administrator - Enabled) => C:\Users\james
    WDAGUtilityAccount (S-1-5-21-3020531464-1668614112-2457240111-504 - Limited - Disabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    . . (HKLM\...\{BDB21711-3628-4159-B1E2-0BF55D105E2E}) (Version: 7.1 - Intel) Hidden
    . . . (HKLM-x32\...\{46267326-17DC-4A08-94BB-0FB32E31ACC2}) (Version: 3.1.1.2 - Intel) Hidden
    µTorrent (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
    Adobe Acrobat 2017 (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E1108756300}) (Version: 17.011.30070 - Adobe Systems Incorporated)
    Air Keyboard (HKLM-x32\...\{DBEBC979-5914-4DD2-A2CD-923BDC23A819}) (Version: 1.8.2 - SkyGears)
    Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.67 - NVIDIA Corporation) Hidden
    Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    Boost (HKLM\...\{115FB0FD-1A0A-4C26-82A7-A6689A799BB9}) (Version: 1.0.2 - Reason Software Company Inc.) Hidden <==== ATTENTION
    Boost (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Boost 1.0.2) (Version: 1.0.2 - Reason Software Company Inc.) <==== ATTENTION
    CertAid for Windows (HKLM-x32\...\{8FBCE0EB-9A40-49D8-85ED-8202131C9532}) (Version: 2.1.0.0 - MIT IS&T)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.5.02036 - Cisco Systems, Inc.)
    Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{158B6CE6-296E-4AC9-AC51-92E9B8D39BA0}) (Version: 4.5.02036 - Cisco Systems, Inc.) Hidden
    Click Install if prompted (HKLM-x32\...\{40830C8E-936E-4E08-AE37-240FF3343927}) (Version: 1.0.6.0 - ExpressVpn) Hidden
    Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
    Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
    Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
    ExpressVPN (HKLM-x32\...\{503dd6bc-3d13-4682-9181-1175568a148a}) (Version: 6.4.1.3300 - ExpressVPN)
    ExpressVPN (HKLM-x32\...\{73BA4AC9-B34B-4B95-84BD-AFCB55C04188}) (Version: 6.4.1.3300 - ExpressVPN) Hidden
    Extensis Suitcase Fusion (HKLM-x32\...\{D57342AC-0B8D-482D-8156-1730C0C70488}) (Version: 19.0.4.28 - Extensis) Hidden
    Extensis Suitcase Fusion (HKLM-x32\...\{dce98dc3-bcfc-4a6e-98e0-bff7f76632c6}) (Version: 19.0.4.28 - 2017 Celartem, Inc. d.b.a Extensis All rights reserved)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
    Intel(R) Chipset Device Software (HKLM-x32\...\{a2167b7c-e567-4ae5-9c88-8e1349a01363}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
    Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
    Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00000010-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.10.0 - Intel Corporation)
    Intel® Driver & Support Assistant (HKLM-x32\...\{35fa0dcf-eda2-402b-b1f0-64973bb1938a}) (Version: 3.1.1.2 - Intel)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{6da487a6-c50d-494e-aaa0-6d8ce9c37ef3}) (Version: 20.10.2 - Intel Corporation)
    Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
    iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
    LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
    Lenovo Diagnostics Tool Lite (HKLM\...\{7B3D3612-92C8-483A-9E2C-C2A50EE8343C}) (Version: 4.20.0 - Lenovo)
    Lenovo Service Bridge (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.8 - Lenovo)
    Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0065 - Lenovo)
    Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
    Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
    Lenovo Yoga Mode Control (Inf Install) (HKLM\...\ACPIVPC) (Version: 15.11.28.179 - Lenovo)
    Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
    ManyCam 6.2.0 (HKLM-x32\...\ManyCam) (Version: 6.2.0 - Visicom Media Inc.)
    Microsoft OneDrive (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
    NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)
    NVIDIA Graphics Driver 381.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.67 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
    NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
    NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
    NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
    Rainmeter (HKLM-x32\...\Rainmeter) (Version: 4.1 r2989 - Rainmeter)
    Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
    Registry Backup and Restore (HKLM\...\Registry Backup and Restore_is1) (Version: - Acelogix)
    SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0360 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
    Should I Remove It (HKLM-x32\...\{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}) (Version: 1.0.4 - Reason Software Company Inc.) Hidden
    Should I Remove It (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
    Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
    Split Tunneling Driver (HKLM-x32\...\{F078B0B5-2F41-42C2-9162-B8C628D5E6FE}) (Version: 1.0.0.0 - ExpressVpn) Hidden
    Telegram Desktop version 1.2.6 (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram Messenger LLP)
    Thunderbolt™ Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation)
    UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 3.3.2.0 - Manuel Hoefs (Zottel))
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.8 - VideoLAN)
    Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
    Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
    Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
    WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
    Zoom (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => -> No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => -> No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => -> No File
    ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat Elements\ContextMenuShim64.dll [2017-04-24] (Adobe Systems Inc.)
    ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
    ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
    ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
    ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
    ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Intel Corporation)
    ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-02] (NVIDIA Corporation)
    ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat Elements\ContextMenuShim64.dll [2017-04-24] (Adobe Systems Inc.)
    ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
    ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
    ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
    ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)


    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {00CFD4B0-F2E9-4486-9AD3-37EAA63069A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5038034e-a27d-4353-baf4-fa40e5c27fea => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
    Task: {0146F54C-5AAB-4529-986B-04CB3F263D4A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
    Task: {09669286-AFEA-468C-B0B2-34220BFC49D3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
    Task: {0DB36EEE-5B2A-44DC-B621-619C08534340} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-27] (NVIDIA Corporation)
    Task: {0F22F19D-2D33-4FB3-9A00-94C69AF78619} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\80ae859a-d81c-48a5-aa54-972f83ee126c => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
    Task: {19D31931-5CB2-4B2D-9940-F2F6D5242261} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => ConditionalAppStarter.exe
    Task: {2029E031-7411-4699-B02D-C45E16851556} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
    Task: {2287C187-CF78-466D-AAA7-4717C316033B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
    Task: {26015898-EB3D-485B-AADE-3AB60C98623A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe
    Task: {2822EBE7-CF3F-45FA-97BE-1F65CF3B165E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
    Task: {2DB9E2C9-3BEE-48B9-B383-029D490EDACD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\847bd137-c909-4a47-8ef1-e991c7700838 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
    Task: {2F742418-7D67-4EE8-B805-F3C44A2FED92} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
    Task: {33686B51-2460-45CD-AFC4-54110F826954} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
    Task: {37D08C82-6ACF-4EFB-B017-857469307017} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
    Task: {3DD002F7-9010-4B04-9818-350A70244B17} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
    Task: {4727C534-5D26-43C0-A3E1-588A6D2F6D9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
    Task: {4FD80A8C-CDC1-49B0-98CD-16C9935E1743} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
    Task: {5157ACC7-0820-453A-A4DB-A863A5C26D9D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
    Task: {5570B756-A9D9-4716-9A19-26B479D3F21C} - System32\Tasks\Boost => C:\Users\james\AppData\Roaming\Reason\Boost\boost.exe [2013-12-27] (Reason Software Company Inc.)
    Task: {61D6C19C-1478-4C09-9C6C-F33CB7B17A58} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
    Task: {6910CCC6-1DCE-45BC-B6DF-414FA5A72EAC} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation)
    Task: {6A41D0BC-245B-40AE-A3D3-DF4B5646CD75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-11] (Google Inc.)
    Task: {78E2E914-5DC0-42B8-8F4D-B4BD7DC62FB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-11] (Google Inc.)
    Task: {8D689698-7A10-4381-83EE-CDC33D092D2E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-03-27] (NVIDIA Corporation)
    Task: {8DD36695-5985-4927-8BF1-5A812E9208A1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
    Task: {8EF9CE67-6777-4CD6-B57A-AAD924490B6E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
    Task: {A233E987-CD69-47CF-9B00-5B35522F4EBC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
    Task: {A2B1663A-2C30-4A72-AA44-943B228B1E7E} - System32\Tasks\S-1-5-21-3020531464-1668614112-2457240111-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
    Task: {A7B2304D-B9E2-4CA0-AC65-AA2A7D476118} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-03-27] (NVIDIA Corporation)
    Task: {A948594B-2F99-4119-85D6-D643D8F41C87} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
    Task: {ABA9B300-AADC-46A7-8BCA-387704372D51} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\228e65cb-8d59-4adf-9237-c727694139cb => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
    Task: {AFE975AE-BF22-42D8-88E0-E69F1F051C90} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
    Task: {B0420967-E52E-41B0-9CD5-C7A0C990A071} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
    Task: {B5546E91-24E2-4502-8E73-ED9E7C0EB1AC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe
    Task: {BBEF1DCB-FF2D-4CC9-9ABD-115ED48150B1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe
    Task: {C43DE457-C9AD-4D5F-8190-56ADC2279941} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe
    Task: {CA95E85F-7926-485E-ACE1-DCE36CF51B96} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-08-16] ()
    Task: {CDB3B68A-F186-417A-84CE-A2482E41B27B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
    Task: {CFFF80B3-1C83-4E43-A16D-A0DD9B825F5A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe
    Task: {DED5A65B-97BC-48CF-B607-CB907317B194} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
    Task: {E9E904AD-3D95-42FC-9ABB-F884E85D035B} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3020531464-1668614112-2457240111-1001 => C:\Users\james\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-01-04] (Lenovo Group Limited)
    Task: {F22D8761-E4E6-4C22-A2E2-FE4374400556} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\Test.job => C:\Users\james\AppData\Local\Temp\SP Widget 3.0\SP Widget 3.0.exe <==== ATTENTION


    ==================== Shortcuts & WMI ========================


    (The entries could be listed to be restored or removed.)




    ==================== Loaded Modules (Whitelisted) ==============


    2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-04-28 02:01 - 2017-04-28 02:01 - 000212784 _____ () C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
    2017-04-28 02:02 - 2017-04-28 02:02 - 000298288 _____ () C:\Program Files\Dolby\Dolby DAX3\API\RuntimeController.dll
    2017-04-28 02:01 - 2017-04-28 02:01 - 000303408 _____ () C:\Program Files\Dolby\Dolby DAX3\API\TuningFileParser.dll
    2017-12-13 16:43 - 2017-12-13 16:43 - 000339168 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
    2017-07-24 17:14 - 2017-03-27 22:31 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000181992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
    2017-07-24 17:00 - 2015-06-27 04:34 - 000029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
    2017-12-13 16:45 - 2017-12-13 16:45 - 008475776 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
    2018-01-19 01:47 - 2017-08-16 15:07 - 000023928 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
    2017-12-07 23:29 - 2017-12-07 23:29 - 000885992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    2017-12-07 23:29 - 2017-12-07 23:29 - 002309864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000270056 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000260328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000306920 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000231144 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000277736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000638696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000212200 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000447208 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000375528 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000609512 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000295144 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000248040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000708328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
    2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
    2017-12-28 04:58 - 2017-09-02 00:12 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2017-12-09 19:07 - 2017-12-09 19:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-12-09 19:07 - 2017-12-09 19:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-12-13 16:43 - 2017-12-13 16:43 - 000225792 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\liblzo2-2.dll
    2017-12-13 16:43 - 2017-12-13 16:43 - 000096776 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\libpkcs11-helper-1.dll
    2018-01-11 11:52 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
    2018-01-11 11:52 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
    2017-12-13 16:45 - 2017-12-13 16:45 - 005757056 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\expressvpn-browser-helper.exe
    2017-12-07 23:29 - 2017-12-07 23:29 - 000818408 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
    2017-12-07 23:29 - 2017-12-07 23:29 - 000214760 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\foreground_window_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000279272 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
    2017-12-07 23:29 - 2017-12-07 23:29 - 000207080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
    2017-12-28 02:35 - 2017-12-28 02:35 - 000023552 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.8.255.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
    2018-01-02 17:16 - 2018-01-02 17:17 - 026507776 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
    2018-01-02 17:16 - 2018-01-02 17:17 - 008370176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
    2017-12-28 02:32 - 2017-12-28 02:32 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
    2017-12-13 16:45 - 2017-12-13 16:45 - 006164864 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\libxvclient.dll
    2017-12-13 16:46 - 2017-12-13 16:46 - 000080512 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.NetworkUtils.dll
    2017-12-13 16:46 - 2017-12-13 16:46 - 000447616 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
    2017-11-09 00:44 - 2017-11-09 00:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
    2017-07-24 17:14 - 2017-03-27 22:31 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
    2017-07-24 17:14 - 2017-03-20 23:27 - 002442176 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
    2017-07-24 17:14 - 2017-03-20 23:27 - 000363576 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
    2017-07-24 17:14 - 2017-03-20 23:27 - 000254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
    2017-07-24 17:14 - 2017-03-20 23:27 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
    2017-07-24 17:14 - 2017-03-20 23:27 - 000469048 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
    2017-07-24 17:14 - 2017-03-20 23:27 - 000571840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
    2017-12-28 02:35 - 2017-12-28 02:35 - 031003136 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.8.255.0_x86__k1h2ywk1493x8\Lenovo.Discovery.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)




    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"


    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)


    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com


    There are 7865 more sites.


    IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\com -> hxxp://stapleslink.com
    IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\hec.mit.edu -> hxxps://vhmitacdci.hec.mit.edu
    IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\i9servicecenter.com -> hxxps://mit.i9servicecenter.com
    IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\mit.edu -> hxxps://adminapps.mit.edu
    IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\sciquest.com -> hxxps://solutions.sciquest.com
    IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\scripts.mit.edu -> hxxps://mitcho.scripts.mit.edu
    IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\sharepoint.com -> hxxps://mitprod-files.sharepoint.com
    IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\xfinity.com -> hxxps://university.xfinity.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123simsen.com -> www.123simsen.com


    There are 7865 more sites.




    ==================== Hosts content: ==========================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2017-03-18 16:03 - 2018-01-03 21:49 - 000450709 ____N C:\WINDOWS\system32\Drivers\etc\hosts


    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com


    There are 15463 more lines.




    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\Control Panel\Desktop\\Wallpaper -> c:\users\james\desktop\the_doctor_is____by_flamedreamer-d525cx9.jpg
    DNS Servers: 10.46.0.1 - 10.0.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==


    HKLM\...\StartupApproved\Run: => "RtHDVBg_Dolby"
    HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
    HKLM\...\StartupApproved\Run: => "ShadowPlay"
    HKLM\...\StartupApproved\Run: => "Launch LCore"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "WindowsDefender"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
    HKLM\...\StartupApproved\Run32: => "SDTray"
    HKLM\...\StartupApproved\Run32: => "Extensis Suitcase Fusion Font Core"
    HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\StartupFolder: => "BetterStartMenuHelper.lnk"
    HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\Run: => "ManyCam"
    HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
    HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\Run: => "CCleaner"


    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [{835CF333-4E78-4B7D-900B-8E144F01B99F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{E91D9B81-5CA7-40E0-AE9B-046CC80C4A29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{25F62A31-A110-47BA-83B4-2C71F8567A90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{89B7A544-6FA0-4D94-B593-F452A76437AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{C36DFD7C-D2A6-42CC-B49F-9058AF549F9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    FirewallRules: [{B798C04E-98AA-4E65-982C-0F51C63F7A44}] => (Allow) C:\Users\james\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{3C939B4D-42B8-4314-8A9A-6DE6FC37D4E7}] => (Allow) C:\Users\james\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [TCP Query User{1603D5B0-327D-442C-AFC0-813AB2FBFFC3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [UDP Query User{215F1CF9-BC9F-4FEC-9AE9-64CF967105B1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
    FirewallRules: [{4083B1E1-1E8C-4A06-B712-997E650947A9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
    FirewallRules: [{88AC55A6-528E-4F86-A3F6-97E319193A57}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1C69E469-758C-4158-BD71-0BC3CFB847FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{F9485517-FCC8-4DAE-A11C-82DECB5676C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{F72654F1-8C37-4C2E-A66F-D1F85AABCB97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{D24AD2DA-4471-4BD7-A2F2-571FFD18C5EB}] => (Allow) E:\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{1F79CF3C-A043-4FE4-8F8D-94B8B92EEF90}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
    FirewallRules: [UDP Query User{96F5DE4B-4983-4B86-9EA3-B742888733B2}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
    FirewallRules: [{74CB9321-BE69-4BBB-A245-6C95DB41FECE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
    FirewallRules: [{21E443DF-3C7D-4149-96A9-E38DB25D2766}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{683EF072-D02F-4E6B-B42F-0909A0011A16}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
    FirewallRules: [{8E5A7F7D-89A6-476E-B698-268A8F75E8B3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{8B9D772A-FB64-41F6-91F2-81ED4E24D236}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
    FirewallRules: [{A3779C9D-98CF-4B4F-BC8F-BB3AA460CA2F}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    FirewallRules: [{DB0F3E16-1D15-4F48-8B54-1D984189A59D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    FirewallRules: [{F06F0701-9FBB-408A-AF34-44F7E2492F33}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    FirewallRules: [{3E2358F8-FA74-4D69-92DB-117A815F6809}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
    FirewallRules: [{D22ED457-C2AC-40F1-B17E-CACFF17F84A7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{0D7B0627-05B8-4C58-8259-81F7955D0E3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{5EA0A525-1418-448B-AB09-C8622726015E}F:\itunes\itunes.exe] => (Block) F:\itunes\itunes.exe
    FirewallRules: [UDP Query User{51814FEA-AD45-4BB8-BCDD-A6F309B87E3D}F:\itunes\itunes.exe] => (Block) F:\itunes\itunes.exe
    FirewallRules: [TCP Query User{9C6BCB2C-71BE-486B-95A1-DC1BDFDF7763}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
    FirewallRules: [UDP Query User{C38AC035-7C3B-4924-8F49-D2401F6758F0}C:\program files\itunes\itunes.exe] => (Allow) C:\program files\itunes\itunes.exe
    FirewallRules: [{727E53FA-036C-46B2-B51E-9E9C27A302AE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{3FAFFE32-57EE-4C41-B57D-C2BA8C3F5C89}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{B9022FB9-D64B-45AC-9EAE-AF495B1EA346}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{D41BD923-0B7F-4F72-86D7-99B994175F52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{A6110280-EBAF-4C54-8AFA-D6FBE9BD7B03}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{792154DA-0FC2-47A8-A70E-E6B8C09556A5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{DEBEAD67-7B5E-4979-9271-A2CE6A2479DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{BA19F220-4A56-4AFE-8779-729FBDFDC9D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\Spotify.exe
    FirewallRules: [{5602607A-46D3-480C-B7A5-C725C265B670}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{5EDA6AED-A148-4C3A-B9AD-590034DC46BD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.72.117.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
    FirewallRules: [{5EA3CEE3-7158-4858-AA40-FFFBE4F08E91}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
    FirewallRules: [{AE5E5DA7-A894-4F2B-8F94-9CA75980073B}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
    FirewallRules: [{45E883E7-8CB1-447E-9490-C6B5BBAC47D1}] => (Allow) %systemroot%\system32\alg.exe


    ==================== Restore Points =========================


    16-01-2018 20:23:55 End of disinfection
    19-01-2018 00:43:15 PRe Window 10 Transformation
    19-01-2018 21:31:30 Installed Should I Remove It
    19-01-2018 21:34:31 Installed Boost
    19-01-2018 21:50:09 Before Boost


    ==================== Faulty Device Manager Devices =============


    Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Cisco Systems
    Service: vpnva
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (01/20/2018 12:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1203


    Error: (01/20/2018 12:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1203


    Error: (01/20/2018 12:16:20 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    Error: (01/19/2018 10:40:06 PM) (Source: nssm) (EventID: 1018) (User: )
    Description: Failed to read registry value AppDirectory:
    The operation completed successfully.


    Error: (01/19/2018 08:57:37 PM) (Source: nssm) (EventID: 1018) (User: )
    Description: Failed to read registry value AppDirectory:
    The operation completed successfully.


    Error: (01/19/2018 08:51:07 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (01/19/2018 08:46:51 PM) (Source: nssm) (EventID: 1018) (User: )
    Description: Failed to read registry value AppDirectory:
    The operation completed successfully.


    Error: (01/19/2018 08:18:50 PM) (Source: RasClient) (EventID: 20227) (User: )
    Description: CoId={90523A46-B804-471A-B08C-BE1113DFAB9F}: The user SYSTEM dialed a connection named ExpressVPN which has failed. The error code returned on failure is 1231.


    Error: (01/19/2018 08:18:48 PM) (Source: RasClient) (EventID: 20227) (User: )
    Description: CoId={FD6E54D4-FD92-4529-A548-A281E18896FF}: The user SYSTEM dialed a connection named ExpressVPN which has failed. The error code returned on failure is 1231.


    Error: (01/19/2018 08:13:19 PM) (Source: Perflib) (EventID: 1023) (User: )
    Description: Windows cannot load the extensible counter DLL Outlook. The first four bytes (DWORD) of the Data section contains the Windows error code.




    System errors:
    =============
    Error: (01/20/2018 07:23:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Error: (01/20/2018 07:21:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Error: (01/20/2018 07:10:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Error: (01/20/2018 07:09:06 AM) (Source: DCOM) (EventID: 10016) (User: JAMES-LAPTOP)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user JAMES-LAPTOP\james SID (S-1-5-21-3020531464-1668614112-2457240111-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Error: (01/20/2018 07:07:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Error: (01/20/2018 07:07:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
    and APPID
    {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Error: (01/19/2018 11:28:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Error: (01/19/2018 10:58:53 PM) (Source: DCOM) (EventID: 10016) (User: JAMES-LAPTOP)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user JAMES-LAPTOP\james SID (S-1-5-21-3020531464-1668614112-2457240111-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Error: (01/19/2018 10:55:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    Error: (01/19/2018 10:50:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
    and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
    to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.




    CodeIntegrity:
    ===================================
    Date: 2018-01-20 10:22:01.520
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    Date: 2018-01-20 10:22:01.519
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    Date: 2018-01-20 10:08:24.845
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    Date: 2018-01-20 10:08:24.844
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    Date: 2018-01-20 10:08:18.583
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    Date: 2018-01-20 10:08:18.582
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    Date: 2018-01-20 10:05:30.398
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    Date: 2018-01-20 10:05:30.397
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    Date: 2018-01-20 10:05:29.242
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


    Date: 2018-01-20 10:05:29.241
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i7-7700HQ CPU @ 2.80GHz
    Percentage of memory in use: 33%
    Total physical RAM: 16207.89 MB
    Available physical RAM: 10852.34 MB
    Total Virtual: 17231.89 MB
    Available Virtual: 11013.97 MB


    ==================== Drives ================================


    Drive c: (Windows) (Fixed) (Total:450.69 GB) (Free:354.94 GB) NTFS
    Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.33 GB) NTFS


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (Size: 476.9 GB) (Disk ID: 3E4A1A1D)


    Partition: GPT.


    ==================== End of Addition.txt ============================

  14. #14
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    OK, please re-install Zemana. We're going to be uninstalling it again very shortly so don't worry about any configurations at this point. Just install it and let me know when done.

  15. #15

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Hi there - Zemana is installed

  16. #16
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    OK, please perform a clean boot following the instructions below.

    https://support.microsoft.com/en-us/...oot-in-windows

  17. #17

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Hi there - so i did the clean boot - i've stopped though as it gives instructions on what to do after you boot (Install, Uninstall or run an application) and i wasn't clear if i was to do that or stop after restarting

  18. #18
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Good. I just wanted you to reboot in a Clean Boot state. Please check for Windows Updates and let me know what shows up.

  19. #19

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Here you go
    Attached Files Attached Files

  20. #20
    Administrator
    Windows Update Instructor
    Security Analyst

    Join Date
    Oct 2014
    Posts
    17,349

    Re: Windows keeps installing the same updates - Windows 10 home 64 bit 1709 (16299.19

    Please do the following.

    Step#1 - Run Windows Repairs
    Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.
    1. Download Windows Repair (All-in-One) Portable to your desktop.
    2. Once the file is downloaded, right-click on the file on your desktop and choose Extract All...
    3. Keep the defaults and click the Extract button.
    4. A folder named tweaking.com_windows_repair_aio will be extracted to the desktop. Once the extraction is complete the folder will open.
    5. Inside this folder, there is a folder named Tweaking.com - Windows Repair. Open this folder as well.
    6. Double-click on Repair_Windows.exe to open. Note: Please make sure all of your programs are closed and anything you were working on is saved as we will be rebooting.
    7. When the program opens, click the Reboot to Safe Mode button at the bottom of the screen. Answer Yes to allow.
    8. Once rebooted into Safe Mode, open the program again. When the program opens, click the Repairs tab and click the Open Repairs button.
    9. A backup of your registry will be made. After a few moments you will have many options from which you can choose.
    10. Please click the Unselect All button and then click to enable only the following ones:

    05 - Repair WMI
    06 - Repair Windows Firewall
    10 - Remove Policies Set By Infection
    14 - Remove Temp Files
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)



    11. Ensure the Restart check box is selected and click the Start Repairs button in the lower right of the screen. This may take some time to run so be patient.
    12. Once the fixes are complete you will be prompted to restart your machine. Answer Yes.

Page 1 of 3 123 Last

Similar Threads

  1. [SOLVED] Windows Updates Not Installing, SURT corruption
    By rainmaker in forum Windows Update
    Replies: 3
    Last Post: 01-11-2017, 10:59 PM
  2. Windows Upate not Installing Updates
    By mzm in forum Windows Update
    Replies: 4
    Last Post: 05-17-2016, 02:33 PM
  3. Windows Updates not downloading/installing
    By Haelu in forum Windows Update
    Replies: 25
    Last Post: 04-23-2015, 03:34 AM
  4. Windows 8.1 Not Downloading or Installing Updates
    By Rick5150 in forum Windows 8 | Windows RT
    Replies: 1
    Last Post: 03-23-2015, 11:29 AM
  5. Windows 8 not installing updates please help
    By Jake in forum Windows Update
    Replies: 2
    Last Post: 02-28-2014, 06:12 PM

Log in

Log in