Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zemana flagging suspicious root CA


  • This topic is locked This topic is locked
43 replies to this topic

#1 jtallach

jtallach

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:54 AM

Posted 12 January 2018 - 10:11 AM

Hi there - i post this https://www.bleepingcomputer.com/forums/t/667821/zemana-flagging-suspicious-root-ca/#entry4421469 
and was directed to post here too,  
 
I followed the guide here https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
 
and these are the results  ( i tried copy/paste but post was too long - so i attached the following )
 


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.01.2018
Ran by james (administrator) on JAMES-LAPTOP (12-01-2018 10:00:18)
Running from C:\Users\james\Downloads
Loaded Profiles: james (Available Profiles: james)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHDCPSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Visicom Media Inc.) C:\ProgramData\ManyCam\Service\ManyCamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Lenovo) C:\Windows\System32\ymc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\IntelCpHeciSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxEM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe
() C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
Failed to access process -> DAX3API.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSATray.exe
(Celartem, Inc., doing business as Extensis.) C:\Program Files (x86)\Extensis\Suitcase Fusion\FMCore.exe
(The OpenVPN Project) C:\Program Files (x86)\ExpressVPN\xvpnd\windows\openvpn.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Lenovo Group Limited) C:\Users\james\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\expressvpn-browser-helper.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
() C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.8.255.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2017-08-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-10] (Realtek Semiconductor)
HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [894376 2017-04-14] (Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Acrotray.exe [1871344 2017-11-27] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4174464 2017-05-23] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1226240 2017-10-18] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-19] (Intel)
HKLM-x32\...\Run: [Extensis Suitcase Fusion Font Core] => C:\Program Files (x86)\Extensis\Suitcase Fusion\FMCore.exe [9286656 2018-01-09] (Celartem, Inc., doing business as Extensis.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [12707344 2017-12-07] (Visicom Media Inc.)
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe [809088 2017-12-13] (ExpressVPN)
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\AdobeCollabSync.exe [887280 2017-11-27] (Adobe Systems Incorporated)
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-01] (Piriform Ltd)
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [10249048 2017-12-01] (Piriform Ltd)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.198.0.1
Tcpip\..\Interfaces\{5A8B91FA-BC65-4FFF-9633-9488EBA43DF7}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{7cc351c3-7b79-4c9d-8fde-9da2e2093c81}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{a4c6489c-60e5-4f75-a562-9620bcbcc3b5}: [DhcpNameServer] 169.254.23.227
Tcpip\..\Interfaces\{b0fb7110-d11a-4cea-b679-324bb31b696f}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{ba741fe3-19a4-4bfa-8046-12526a399eb5}: [DhcpNameServer] 10.198.0.1
Tcpip\..\Interfaces\{BBA50943-F0EA-4C75-A366-ABE40383118C}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-01-06] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-01-06] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL => No File
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\x64\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2017\AcroIEFavStub.dll [2017-04-24] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-06] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-06] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-06] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-06] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-06] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-06] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-01-06] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-01-06] (Microsoft Corporation)
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL No File

FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017-11-27]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-01-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-01-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-11-29] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat\Air\nppdf32.dll [2017-11-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3020531464-1668614112-2457240111-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\james\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-01-08] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxps://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\james\AppData\Local\Google\Chrome\User Data\Default [2018-01-12]
CHR Extension: (Slides) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-11]
CHR Extension: (Docs) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-11]
CHR Extension: (Google Drive) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-01-11]
CHR Extension: (YouTube) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-01-11]
CHR Extension: (Sheets) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-11]
CHR Extension: (ExpressVPN for Chrome) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgddmllnllkalaagkghckoinaemmogpe [2018-01-11]
CHR Extension: (Google Docs Offline) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-11]
CHR Extension: (Piggy - Automatic Coupons & Cash Back) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfapbcheiepjppjbnkphkmegjlipojba [2018-01-11]
CHR Extension: (Kindle Cloud Reader) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2018-01-11]
CHR Extension: (Merge PDF - Split PDF - Sejda.com) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhcknfplofcnpdjalbhnjognbpncojbi [2018-01-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-01-11]
CHR Extension: (Click&Clean App) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2018-01-11]
CHR Extension: (Gmail) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-01-11]
CHR Extension: (Chrome Media Router) - C:\Users\james\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-11]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3089680 2017-11-12] (Intel Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-11-27] (Apple Inc.)
S2 CCSDK; C:\Program Files (x86)\Lenovo\CCSDK\CCSDK.exe [688992 2017-02-27] (Lenovo)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7761576 2017-12-25] (Microsoft Corporation)
R2 Dolby DAX API Service; C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe [212784 2017-04-28] ()
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2017-12-19] (Intel)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2218544 2017-03-31] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2017-12-07] ()
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2017-12-13] ()
S3 iaStorAfsService; C:\WINDOWS\IAStorAfsService\iaStorAfsService.exe [2413752 2017-08-19] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542392 2017-11-17] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [68408 2017-11-12] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [742704 2017-10-11] (Intel® Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [668472 2017-10-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2017-11-12] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324584 2017-08-10] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1776864 2017-05-23] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2131760 2017-05-23] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233936 2017-05-23] (Safer-Networking Ltd.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [181992 2017-12-07] ()
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2150120 2017-03-16] (Intel Corporation)
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [885992 2017-12-07] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [1645656 2017-05-24] (Wacom Technology, Corp.)
R2 YMC; C:\WINDOWS\system32\ymc.exe [75056 2017-10-15] (Lenovo)
R2 YogaPLService; C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe [29112 2015-06-27] ()
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2017-11-12] (Intel® Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [79120 2016-03-03] (Advanced Micro Devices, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72584 2017-03-31] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67976 2017-03-31] (Intel Corporation)
S3 DSI_SiUSBXp_3_1; C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355200 2017-03-31] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-29] ()
R3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [28160 2017-12-13] ()
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98976 2017-06-28] (Intel Corporation)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70664 2017-08-18] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136200 2017-11-17] (Intel Corporation)
S3 keycrypt; C:\WINDOWS\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2017-08-18] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2017-08-18] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-08-18] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2017-08-18] (Logitech Inc.)
S3 LGSUsbFilt; C:\WINDOWS\System32\drivers\LGSUsbFilt.Sys [41752 2017-08-18] (Logitech Inc.)
R3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [58792 2017-03-05] (Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193968 2018-01-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2018-01-12] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2018-01-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-12] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-12] (Malwarebytes)
R3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-28] (Visicom Media Inc.)
U5 Netwtw04; C:\Windows\System32\Drivers\Netwtw04.sys [7617792 2017-02-25] (Intel Corporation)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [7728640 2017-11-08] (Intel Corporation)
S3 nhi; C:\WINDOWS\System32\drivers\tbt81x.sys [129608 2017-04-03] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_13db3f1b79423b44\nvlddmkm.sys [15607408 2017-10-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31800 2017-03-27] (NVIDIA Corporation)
S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [26560 2017-07-27] (Windows ® Win 7 DDK provider)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-27] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-27] (NVIDIA Corporation)
S3 PELBTKBD; C:\WINDOWS\System32\drivers\PELBTKBD.sys [31512 2016-07-11] (TPMX Electronics Ltd.)
S3 pelbtm; C:\WINDOWS\System32\drivers\pelbtm.sys [19664 2016-07-05] (Primax Electronics Ltd.)
R1 pelmoubt; C:\WINDOWS\System32\drivers\pelmoubt.sys [26368 2016-07-11] (Primax Electronics Ltd.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3228664 2017-04-12] (Realtek Semiconductor Corp.)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [354624 2016-08-07] (Realtek )
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41512 2017-12-07] ()
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2017-11-03] (The OpenVPN Project)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2017-10-18] (Cisco Systems, Inc.)
S3 vwhid; C:\WINDOWS\System32\drivers\vwhid.sys [27264 2015-11-22] (Windows ® Win 7 DDK provider)
R3 WacHidRouterISD; C:\WINDOWS\System32\drivers\wachidrouter_isd.sys [142424 2017-05-24] (Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-01-03] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-12-28] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-12 10:00 - 2018-01-12 10:00 - 000031586 _____ C:\Users\james\Downloads\FRST.txt
2018-01-12 09:59 - 2018-01-12 09:59 - 002393088 _____ (Farbar) C:\Users\james\Downloads\FRST64.exe
2018-01-12 08:16 - 2018-01-12 08:16 - 000000000 ____D C:\Users\james\Downloads\Children of Eden
2018-01-12 08:15 - 2018-01-12 08:15 - 181586982 _____ C:\Users\james\Downloads\Children of Eden.zip
2018-01-12 07:04 - 2018-01-12 08:16 - 000000000 ____D C:\Users\james\Desktop\mbar
2018-01-12 07:04 - 2018-01-12 07:04 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7266D177.sys
2018-01-12 07:03 - 2018-01-12 07:03 - 014178840 _____ (Malwarebytes Corp.) C:\Users\james\Downloads\mbar-1.10.3.1001.exe
2018-01-12 07:02 - 2018-01-12 07:02 - 000001241 _____ C:\Users\james\Desktop\Malwarebytes 01122018.txt
2018-01-12 06:53 - 2018-01-12 06:59 - 000000000 ____D C:\AdwCleaner
2018-01-12 06:53 - 2018-01-12 06:53 - 008198432 _____ (Malwarebytes) C:\Users\james\Downloads\AdwCleaner.exe
2018-01-12 06:40 - 2018-01-12 08:07 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-12 06:40 - 2018-01-12 06:58 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-01-12 06:40 - 2018-01-12 06:58 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-01-12 06:40 - 2018-01-12 06:58 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-01-12 06:40 - 2018-01-12 06:40 - 000193968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-01-12 06:40 - 2018-01-12 06:40 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-01-12 06:40 - 2018-01-12 06:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-01-12 06:40 - 2018-01-12 06:40 - 000000000 ____D C:\Program Files\Malwarebytes
2018-01-12 06:40 - 2017-11-29 09:11 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-01-12 06:39 - 2018-01-12 06:39 - 083316440 _____ (Malwarebytes ) C:\Users\james\Downloads\mb3-setup-1878.1878-3.3.1.2183.exe
2018-01-11 13:43 - 2018-01-11 13:43 - 000000000 ____D C:\Users\james\Downloads\Thunderbolt-3-Firmware-Update-Tool-Version25
2018-01-11 13:42 - 2018-01-11 13:42 - 008629285 _____ C:\Users\james\Downloads\Thunderbolt-3-Firmware-Update-Tool-Version25.zip
2018-01-11 13:34 - 2018-01-11 13:35 - 029162651 _____ (USB-IF) C:\Users\james\Downloads\USB3CV_2.1.6.0_Installer_-_x64_Release.exe
2018-01-11 13:20 - 2018-01-11 13:20 - 002989600 _____ (Lenovo Group Limited ) C:\Users\james\Downloads\fcy402af (1).exe
2018-01-11 12:35 - 2018-01-11 12:35 - 000195346 _____ C:\Users\james\Downloads\wu170509.diagcab
2018-01-11 12:32 - 2018-01-11 12:32 - 018617536 _____ (Microsoft Corporation) C:\Users\james\Downloads\MediaCreationTool.exe
2018-01-11 12:32 - 2018-01-11 12:32 - 000000000 ___HD C:\$Windows.~WS
2018-01-11 12:32 - 2018-01-11 12:32 - 000000000 ____D C:\$WINDOWS.~BT
2018-01-11 11:52 - 2018-01-11 11:52 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-11 11:52 - 2018-01-11 11:52 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-11 11:52 - 2018-01-11 11:52 - 000002355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-11 11:52 - 2018-01-11 11:52 - 000002343 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-01-11 11:52 - 2018-01-11 11:52 - 000000000 ____D C:\Program Files (x86)\Google
2018-01-11 11:51 - 2018-01-11 11:51 - 001129816 _____ (Google Inc.) C:\Users\james\Downloads\ChromeSetup.exe
2018-01-11 10:30 - 2018-01-11 10:30 - 000000000 ____D C:\Users\james\AppData\Local\Extensis
2018-01-11 10:30 - 2018-01-11 10:30 - 000000000 ____D C:\ProgramData\Extensis
2018-01-11 10:29 - 2018-01-11 10:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extensis
2018-01-11 10:29 - 2018-01-11 10:29 - 000000000 ____D C:\Program Files (x86)\Extensis
2018-01-11 10:25 - 2018-01-11 10:26 - 000000000 ____D C:\Users\james\Downloads\SuitcaseFusion8-W-19-0-4
2018-01-11 10:23 - 2018-01-11 10:23 - 073942140 _____ C:\Users\james\Downloads\SuitcaseFusion8-W-19-0-4.zip
2018-01-10 19:20 - 2018-01-10 19:20 - 000000000 ____D C:\WINDOWS\system32\xbgm
2018-01-10 19:12 - 2018-01-10 19:12 - 002209320 _____ (LogMeIn, Inc.) C:\Users\james\Downloads\Support-LogMeInRescue.exe
2018-01-10 18:51 - 2018-01-10 18:51 - 000004945 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2018-01-10 13:32 - 2018-01-11 08:33 - 000003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-01-10 12:02 - 2018-01-10 12:02 - 000000000 ____D C:\WINDOWS\LastGood
2018-01-10 11:38 - 2018-01-10 11:38 - 000004943 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2018-01-10 11:19 - 2018-01-10 11:19 - 000000000 ____D C:\APP
2018-01-10 11:02 - 2018-01-10 11:02 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-01-10 11:02 - 2018-01-10 11:02 - 000002864 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-01-10 11:02 - 2018-01-10 11:02 - 000000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-01-10 11:02 - 2018-01-10 11:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-01-10 11:02 - 2018-01-10 11:02 - 000000000 ____D C:\Program Files\CCleaner
2018-01-10 10:59 - 2018-01-10 10:59 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-01-10 10:59 - 2018-01-10 10:59 - 000000000 ____D C:\Users\james\AppData\Roaming\Intel
2018-01-10 10:58 - 2018-01-10 10:58 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-01-10 10:58 - 2018-01-10 10:58 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-01-10 10:55 - 2018-01-10 10:55 - 000003762 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-01-10 10:55 - 2018-01-10 10:55 - 000003528 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-01-10 10:55 - 2018-01-10 10:55 - 000000000 ____D C:\Users\james\Downloads\Intel Components
2018-01-10 10:55 - 2018-01-10 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-01-10 10:55 - 2018-01-10 10:55 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-01-10 10:54 - 2018-01-10 10:55 - 000002690 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-01-10 10:54 - 2017-12-07 23:29 - 000041512 _____ C:\WINDOWS\system32\Drivers\semav6msr64.sys
2018-01-10 09:25 - 2018-01-12 07:03 - 000000000 ____D C:\Users\james\Desktop\MY STUFF
2018-01-09 23:12 - 2018-01-09 23:25 - 000249790 _____ C:\Users\james\Documents\Rehearsal Report 0192018.pdf
2018-01-09 20:28 - 2018-01-09 20:28 - 000012762 _____ C:\Users\james\Documents\Rehearsal Report 12172017 (1).pdf
2018-01-09 20:26 - 2018-01-09 20:26 - 000012762 _____ C:\Users\james\Documents\Rehearsal Report 12172017.pdf
2018-01-09 10:21 - 2018-01-09 10:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt™ Software
2018-01-09 06:04 - 2018-01-09 06:04 - 000123453 _____ C:\Users\james\Documents\Amazon prime info on checkout page.pdf
2018-01-09 06:03 - 2018-01-09 06:03 - 000295977 _____ C:\Users\james\Documents\amazon - prmie info on order page.pdf
2018-01-08 21:39 - 2018-01-08 21:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby
2018-01-08 21:39 - 2018-01-08 21:39 - 000000000 ____D C:\Program Files\Common Files\Dolby
2018-01-08 21:37 - 2017-08-10 05:47 - 007172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 007096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 005346992 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-01-08 21:37 - 2017-08-10 05:47 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 002211304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 001965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 001347144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 001159184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000447720 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000134200 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-01-08 21:37 - 2017-08-10 05:47 - 000084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2018-01-08 21:37 - 2017-08-10 02:01 - 013064373 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-01-08 21:29 - 2018-01-08 21:29 - 074584380 _____ ( ) C:\Users\james\Downloads\fcy703af.exe
2018-01-08 21:18 - 2018-01-08 21:18 - 002720856 _____ (Lenovo ) C:\Users\james\Downloads\LSBSetup.exe
2018-01-08 21:14 - 2018-01-08 21:15 - 167930581 _____ ( ) C:\Users\james\Downloads\Unconfirmed 852295.crdownload
2018-01-08 21:02 - 2018-01-08 21:04 - 000000000 ____D C:\Lenovo System Interface Foundation for Windows 10 (32-bit, 64-bit) - ThinkPad, ThinkCentre, IdeaPad,…
2018-01-08 20:32 - 2018-01-08 20:33 - 002989600 _____ (Lenovo Group Limited ) C:\Users\james\Downloads\fcy402af.exe
2018-01-08 16:04 - 2018-01-08 16:04 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-01-07 13:47 - 2018-01-07 13:47 - 001265526 _____ C:\Users\james\Downloads\comparisonchart.eddx
2018-01-07 07:48 - 2018-01-07 07:48 - 000000000 ____D C:\Users\james\AppData\Local\Edraw
2018-01-07 07:45 - 2018-01-07 07:47 - 296833224 _____ (EdrawSoft ) C:\Users\james\Downloads\edrawmax.exe
2018-01-06 22:20 - 2018-01-06 22:20 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-06 21:55 - 2018-01-06 21:55 - 000000000 _____ C:\autoexec.bat
2018-01-06 20:09 - 2018-01-07 10:32 - 000012672 _____ C:\Users\james\Documents\Kitchen Knives Project.xlsx
2018-01-06 17:49 - 2018-01-06 17:49 - 000000000 ____D C:\Users\james\AppData\Roaming\Skype
2018-01-06 17:48 - 2018-01-06 17:48 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2018-01-06 17:48 - 2018-01-06 17:48 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-01-06 17:48 - 2018-01-06 17:48 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-01-06 17:48 - 2018-01-06 17:48 - 000002421 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-01-06 17:48 - 2018-01-06 17:48 - 000002420 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-01-06 17:48 - 2018-01-06 17:48 - 000002414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-01-06 17:48 - 2018-01-06 17:48 - 000002408 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-01-06 17:48 - 2018-01-06 17:48 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-01-06 17:48 - 2018-01-06 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-01-06 17:48 - 2018-01-06 17:48 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-01-06 17:42 - 2018-01-06 17:48 - 000000000 ____D C:\Program Files\Microsoft Office
2018-01-06 17:42 - 2018-01-06 17:42 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-01-06 17:34 - 2018-01-06 17:34 - 000000000 ____D C:\Users\james\Documents\FeedbackHub
2018-01-06 17:29 - 2018-01-06 17:29 - 000000279 _____ C:\Users\james\Documents\Knives.txt
2018-01-06 17:27 - 2018-01-06 17:27 - 007179040 _____ (Microsoft Corporation) C:\Users\james\Desktop\Setup.X64.en-us_O365ProPlusRetail_0d272f30-700c-4cf2-a3dc-edda2798d3bc_TX_PR_b_32_.exe
2018-01-05 20:29 - 2018-01-05 20:29 - 000193331 _____ C:\Users\james\Desktop\Oberon and puck Amazon.pdf
2018-01-05 07:11 - 2018-01-05 07:13 - 997179392 _____ C:\Users\james\Desktop\Microsoft_Office_Professional_Plus_Edition_2016_64bit.iso
2018-01-05 07:08 - 2018-01-05 07:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2018-01-05 07:08 - 2018-01-05 07:08 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-01-05 07:08 - 2017-10-18 08:43 - 000258464 ____R (Cisco Systems, Inc.) C:\WINDOWS\system32\Drivers\acsock64.sys
2018-01-05 07:07 - 2018-01-05 07:07 - 008989696 _____ C:\Users\james\Desktop\anyconnect-win-4.5.02036-pre-deploy-k9.msi
2018-01-05 06:56 - 2018-01-11 13:32 - 000429616 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-05 06:55 - 2018-01-09 10:45 - 000000000 ____D C:\Users\james\AppData\Local\ElevatedDiagnostics
2018-01-05 06:53 - 2018-01-05 06:53 - 000092993 _____ C:\Users\james\Desktop\o15-ctrremove.diagcab
2018-01-05 05:40 - 2018-01-05 05:40 - 000000000 ____D C:\Users\james\AppData\Local\LenovoServiceBridge
2018-01-04 22:11 - 2018-01-04 22:11 - 000472752 _____ C:\Users\james\Desktop\puck final.pdf
2018-01-04 21:52 - 2018-01-04 21:52 - 000317506 _____ C:\Users\james\Desktop\OBERON FINAL LOOKS.pdf
2018-01-04 21:20 - 2018-01-04 21:20 - 000000000 ____D C:\Users\james\Downloads\Hill-House
2018-01-04 21:04 - 2018-01-04 21:04 - 000000000 ____D C:\Users\james\AppData\Local\OfficeBSCache-OD-jamesscotman1@gmail.com
2018-01-04 21:00 - 2018-01-04 21:00 - 000000000 ____D C:\Users\james\AppData\LocalLow\Temp
2018-01-04 01:37 - 2018-01-04 01:37 - 000000000 ____D C:\Users\james\AppData\Local\SkyGears
2018-01-03 22:00 - 2018-01-03 22:00 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-01-03 21:49 - 2017-03-18 16:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20180103-214914.backup
2018-01-03 21:47 - 2018-01-03 21:53 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-01-03 21:47 - 2018-01-03 21:48 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-01-03 21:47 - 2018-01-03 21:47 - 000001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-01-03 21:47 - 2018-01-03 21:47 - 000001459 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-01-03 21:47 - 2018-01-03 21:47 - 000000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2018-01-03 21:47 - 2018-01-03 21:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-01-03 21:47 - 2017-05-23 09:22 - 000032240 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2018-01-03 21:08 - 2018-01-03 21:08 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4253E7E1.sys
2018-01-03 21:02 - 2018-01-03 21:02 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-01-03 21:02 - 2018-01-03 21:02 - 000001228 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-01-03 21:02 - 2018-01-03 21:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-01-03 21:00 - 2018-01-03 21:00 - 006625600 _____ (Zemana Ltd. ) C:\Users\james\Desktop\Zemana.AntiMalware.Setup.exe
2018-01-03 20:04 - 2018-01-03 20:04 - 000296839 _____ C:\Users\james\Desktop\KILLREAL Men's One-Shoulder Steampunk Gothic Brocade Waistcoat Corset Vest at Amazon Men’s Clothing store1_.pdf
2018-01-03 20:03 - 2018-01-03 20:03 - 000302699 _____ C:\Users\james\Desktop\KILLREAL Men's One-Shoulder Steampunk Gothic Brocade Waistcoat Corset Vest at Amazon Men’s Clothing store_.pdf
2018-01-03 19:50 - 2018-01-03 19:51 - 000234437 _____ C:\Users\james\Desktop\one side armor oberon.jpeg
2018-01-03 19:38 - 2018-01-03 22:29 - 001700003 _____ C:\Users\james\Desktop\Puck and Oberon together .pdf
2017-12-31 15:30 - 2017-12-31 15:30 - 000000000 ____D C:\Users\james\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
2017-12-31 14:53 - 2018-01-03 21:19 - 000000290 _____ C:\WINDOWS\Tasks\Test.job
2017-12-31 14:53 - 2017-12-31 14:53 - 000002688 _____ C:\WINDOWS\System32\Tasks\Test
2017-12-31 01:34 - 2018-01-12 06:58 - 120324096 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-12-31 01:30 - 2017-12-31 01:34 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-12-30 23:09 - 2017-12-30 23:09 - 000688980 _____ C:\Users\james\Downloads\NETGEAR_Orbi-mini.cfg
2017-12-30 22:13 - 2017-12-30 22:13 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2432438A.sys
2017-12-30 20:31 - 2017-12-30 20:31 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-12-30 20:21 - 2017-12-30 20:30 - 000000000 ____D C:\Users\james\AppData\Roaming\Apple Computer
2017-12-30 20:21 - 2017-12-30 20:21 - 000000000 ____D C:\Users\james\AppData\Local\Apple Computer
2017-12-30 20:17 - 2017-12-30 20:17 - 000001481 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-12-30 20:17 - 2017-12-30 20:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-12-30 20:17 - 2017-12-30 20:17 - 000000000 ____D C:\Program Files\iPod
2017-12-30 20:16 - 2017-12-30 20:16 - 000000000 ____D C:\ProgramData\Apple Computer
2017-12-30 20:15 - 2017-12-30 20:15 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Users\james\AppData\Local\Apple
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files\Bonjour
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files (x86)\Bonjour
2017-12-30 20:15 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2017-12-30 20:14 - 2017-12-30 20:15 - 000000000 ____D C:\ProgramData\Apple
2017-12-30 20:14 - 2017-12-30 20:15 - 000000000 ____D C:\Program Files\Common Files\Apple
2017-12-30 19:04 - 2017-12-30 19:04 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_01009.Wdf
2017-12-30 19:03 - 2017-12-30 19:03 - 000002739 _____ C:\Users\Public\Desktop\Lenovo Diagnostics Tool Lite.lnk
2017-12-30 18:38 - 2017-12-30 18:38 - 000006424 _____ C:\Users\james\Desktop\Hardware-Scan-2017-12-30T17_45_38.HTML
2017-12-30 18:18 - 2017-12-30 19:03 - 000000000 ____D C:\Users\james\AppData\Local\Downloaded Installations
2017-12-30 18:18 - 2017-12-30 18:18 - 000000000 ____D C:\Program Files (x86)\Silicon Power
2017-12-30 18:15 - 2017-12-30 18:18 - 000000000 ____D C:\Users\james\Downloads\Silicon Power
2017-12-30 17:18 - 2017-12-30 17:18 - 000133442 _____ C:\Users\james\Documents\ADWA783.pdf
2017-12-30 17:18 - 2017-12-30 17:18 - 000067758 _____ C:\Users\james\Documents\James Tallach W9 Childrens Theater 2016.pdf
2017-12-30 17:00 - 2017-12-30 17:00 - 000119331 _____ C:\Users\james\Documents\fw9 (2).pdf
2017-12-30 11:12 - 2017-12-30 11:12 - 000000000 ____D C:\Users\james\Documents\Zoom
2017-12-30 10:37 - 2017-12-30 10:37 - 001099005 _____ C:\Users\james\Documents\Puck and Oberon together .pdf
2017-12-30 10:34 - 2017-12-30 10:34 - 000166115 _____ C:\Users\james\Documents\Jakle Email.pdf
2017-12-30 10:34 - 2017-12-30 10:34 - 000162134 _____ C:\Users\james\Documents\James EMail.pdf
2017-12-29 22:31 - 2017-12-30 00:25 - 000000000 ____D C:\ProgramData\Logishrd
2017-12-29 22:31 - 2017-12-29 22:31 - 000000000 ____D C:\Users\james\AppData\Local\Logitech
2017-12-29 22:29 - 2017-12-29 22:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-12-29 22:29 - 2017-12-29 22:29 - 000000000 ____D C:\Program Files\Logitech Gaming Software
2017-12-29 22:28 - 2017-12-29 22:28 - 000000000 ____D C:\Users\james\AppData\Roaming\Logitech
2017-12-29 22:28 - 2017-12-29 22:28 - 000000000 ____D C:\Users\james\AppData\Roaming\Logishrd
2017-12-29 22:25 - 2017-12-29 22:25 - 000106077 _____ C:\Users\james\Documents\Logitech drive mount amazon invoice.pdf
2017-12-29 21:13 - 2017-12-29 21:13 - 000000000 ____D C:\Program Files\Common Files\logishrd
2017-12-29 13:23 - 2017-12-29 13:23 - 002189323 _____ C:\Users\james\Documents\TALLACH BILL.pdf
2017-12-29 10:14 - 2017-12-29 10:14 - 000165421 _____ C:\Users\james\Documents\READ ME FIRST.pdf
2017-12-29 09:49 - 2017-12-29 09:49 - 000000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2017-12-29 09:49 - 2017-12-29 09:49 - 000000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2017-12-29 09:39 - 2017-12-29 09:39 - 000006335 _____ C:\Users\james\Documents\Cisco_AnyConnect_VPN_Statistics.txt
2017-12-29 09:30 - 2017-12-29 09:30 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-12-29 09:30 - 2017-12-29 09:30 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-12-29 09:30 - 2017-12-29 09:30 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-12-29 09:29 - 2017-12-29 09:31 - 000000000 ____D C:\WINDOWS\SHELLNEW
2017-12-29 09:29 - 2017-12-29 09:29 - 000000000 ____D C:\Program Files\Microsoft Analysis Services
2017-12-29 09:29 - 2017-12-29 09:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2017-12-29 09:28 - 2017-12-29 09:28 - 000000000 __RHD C:\MSOCache
2017-12-29 09:28 - 2017-12-29 09:28 - 000000000 ____D C:\Users\james\AppData\Local\Microsoft Help
2017-12-29 09:07 - 2017-12-29 22:24 - 000000000 ____D C:\Users\james\AppData\LocalLow\Adobe
2017-12-29 09:07 - 2017-12-29 09:07 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-12-29 09:03 - 2017-12-29 09:11 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-12-29 09:03 - 2017-12-29 09:11 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 2017.lnk
2017-12-29 09:03 - 2017-12-29 09:11 - 000002131 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller 2017.lnk
2017-12-29 09:03 - 2017-12-29 09:07 - 000000000 ____D C:\Users\james\AppData\Local\Adobe
2017-12-29 09:03 - 2017-12-29 09:03 - 000002108 _____ C:\Users\Public\Desktop\Adobe Acrobat 2017.lnk
2017-12-29 09:03 - 2017-12-29 09:03 - 000000040 ____H C:\B00ABA8F9801
2017-12-29 09:02 - 2017-12-29 09:08 - 000000000 ____D C:\ProgramData\Adobe
2017-12-29 09:02 - 2017-12-29 09:02 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-12-29 08:40 - 2017-12-29 08:40 - 000000000 ____D C:\Users\james\.cisco
2017-12-29 08:39 - 2018-01-05 07:08 - 000000000 ____D C:\ProgramData\Cisco
2017-12-29 08:39 - 2017-12-29 08:39 - 000000000 ____D C:\Users\james\AppData\Local\Cisco
2017-12-29 08:28 - 2017-12-29 08:28 - 000001662 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CertAid for Windows.lnk
2017-12-29 08:28 - 2017-12-29 08:28 - 000001650 _____ C:\Users\Public\Desktop\CertAid for Windows.lnk
2017-12-29 08:28 - 2017-12-29 08:28 - 000000000 ____D C:\Program Files (x86)\CertAid
2017-12-29 08:19 - 2017-12-29 08:19 - 000000000 ____D C:\ProgramData\Firewall_Scanner
2017-12-29 08:19 - 2017-12-29 08:19 - 000000000 ____D C:\LOG
2017-12-29 07:38 - 2017-12-29 07:42 - 000000000 ____D C:\Program Files (x86)\Zemana AntiLogger Free
2017-12-29 07:38 - 2017-12-29 07:38 - 000000000 ____D C:\Users\james\AppData\Local\AntiLogger Free
2017-12-29 07:38 - 2015-11-05 15:00 - 000143904 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\KeyCrypt64.sys
2017-12-29 07:24 - 2018-01-12 10:00 - 000000000 ____D C:\FRST
2017-12-29 07:17 - 2018-01-08 21:31 - 000003800 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-12-29 07:16 - 2017-12-29 07:16 - 000000000 ____D C:\Users\james\Intel
2017-12-29 06:45 - 2017-12-29 06:45 - 000000000 ____D C:\Users\james\AppData\Local\Visicom Media
2017-12-28 18:55 - 2017-12-28 18:55 - 000000000 ____D C:\Users\james\Documents\Custom Office Templates
2017-12-28 13:23 - 2018-01-11 14:41 - 000000000 ____D C:\Users\james\AppData\Roaming\Telegram Desktop
2017-12-28 13:23 - 2017-12-28 13:23 - 000001039 _____ C:\Users\james\Desktop\Telegram.lnk
2017-12-28 13:23 - 2017-12-28 13:23 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2017-12-28 11:47 - 2018-01-11 21:02 - 000000000 ____D C:\Users\james\AppData\Roaming\uTorrent
2017-12-28 11:47 - 2017-12-28 11:47 - 000000903 _____ C:\Users\james\Desktop\µTorrent.lnk
2017-12-28 11:47 - 2017-12-28 11:47 - 000000883 _____ C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2017-12-28 11:45 - 2018-01-11 14:35 - 000000000 ____D C:\Users\james\Downloads\torrents
2017-12-28 10:51 - 2017-12-28 10:51 - 000000000 ____D C:\Users\james\AppData\Local\NVIDIA
2017-12-28 10:51 - 2017-12-28 10:51 - 000000000 ____D C:\Users\james\AppData\Local\CEF
2017-12-28 10:00 - 2018-01-04 18:51 - 000000000 ____D C:\QualityStats
2017-12-28 09:57 - 2017-12-29 07:17 - 000000000 ____D C:\BIOS
2017-12-28 09:56 - 2017-12-28 09:56 - 000000000 ____D C:\driver
2017-12-28 09:55 - 2017-12-31 14:49 - 000000000 ____D C:\Users\Public\Documents\Lenovo
2017-12-28 09:55 - 2017-12-31 14:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-12-28 09:44 - 2017-12-28 09:44 - 000000000 ____D C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2017-12-28 09:38 - 2017-12-28 09:38 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-12-28 09:33 - 2018-01-09 10:21 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2017-12-28 09:26 - 2017-12-28 09:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2017-12-28 09:17 - 2017-12-28 09:17 - 000000000 ____D C:\ProgramData\Coronet_Security
2017-12-28 05:05 - 2017-09-29 08:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-12-28 05:04 - 2018-01-12 06:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-12-28 05:04 - 2018-01-04 21:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2017-12-28 05:04 - 2017-12-28 05:04 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000002768 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-12-28 05:04 - 2017-12-28 05:04 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-28 05:04 - 2017-12-28 05:04 - 000000000 _SHDL C:\Users\Default User
2017-12-28 05:04 - 2017-12-28 05:04 - 000000000 _SHDL C:\Users\All Users
2017-12-28 05:04 - 2017-12-28 05:04 - 000000000 _SHDL C:\Documents and Settings
2017-12-28 05:03 - 2017-12-28 05:03 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-12-28 05:02 - 2017-12-28 05:02 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-12-28 05:00 - 2017-12-28 05:00 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-12-28 04:58 - 2018-01-12 07:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-28 04:58 - 2018-01-10 10:58 - 000000000 ____D C:\Program Files\Intel
2017-12-28 04:58 - 2018-01-08 21:39 - 000000000 ____D C:\WINDOWS\system32\DAX3
2017-12-28 04:58 - 2018-01-08 21:37 - 000312687 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2017-12-28 04:58 - 2018-01-08 21:37 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-12-28 04:58 - 2018-01-08 21:37 - 000000000 ____D C:\WINDOWS\system32\DAX2
2017-12-28 04:58 - 2017-12-28 10:52 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-28 04:58 - 2017-12-28 09:54 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Pen.lnk
2017-12-28 04:58 - 2017-12-28 05:01 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-28 04:58 - 2017-12-28 05:01 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-28 04:58 - 2017-12-28 05:00 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-28 04:58 - 2017-12-28 04:58 - 000000092 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_iMDriver_01_11_00.Wdf
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_wachidrouter_isd_01011.Wdf
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\WINDOWS\system32\Intel
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\ProgramData\Validity
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\Program Files\Realtek
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\Program Files\Dolby
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-12-28 04:58 - 2017-12-28 04:58 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-12-28 04:58 - 2017-09-18 02:22 - 000140312 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-12-28 04:58 - 2017-09-18 02:22 - 000116760 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-12-28 04:58 - 2017-09-02 00:12 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000549496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000147576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-12-28 04:58 - 2017-09-02 00:12 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-12-28 04:58 - 2017-09-02 00:08 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-12-28 04:58 - 2017-09-01 03:45 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-12-28 04:58 - 2017-02-24 18:23 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-12-28 04:58 - 2017-02-24 18:23 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-12-28 04:58 - 2017-02-24 18:23 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-12-28 04:58 - 2017-02-24 18:23 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-12-28 04:57 - 2018-01-12 07:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-12-28 04:57 - 2017-12-28 04:57 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-12-28 03:25 - 2018-01-08 16:04 - 000001938 _____ C:\Users\james\Desktop\Zoom.lnk
2017-12-28 03:24 - 2018-01-08 16:04 - 000000000 ____D C:\Users\james\AppData\Roaming\Zoom
2017-12-28 03:17 - 2017-12-28 03:17 - 000002087 _____ C:\Users\Public\Desktop\ExpressVPN.lnk
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Users\james\AppData\Local\IsolatedStorage
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Users\james\AppData\Local\ExpressVPN
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\ProgramData\ExpressVPN
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Program Files (x86)\ExpressVpn Tap Driver Win10
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Program Files (x86)\ExpressVpn SplitTunnel Driver
2017-12-28 03:17 - 2017-12-28 03:17 - 000000000 ____D C:\Program Files (x86)\ExpressVPN
2017-12-28 03:14 - 2017-12-28 03:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2017-12-28 03:14 - 2017-12-28 03:14 - 000000000 ____D C:\Program Files (x86)\LAV Filters
2017-12-28 03:12 - 2018-01-09 11:01 - 000000000 ____D C:\Users\james\AppData\Local\ManyCam
2017-12-28 03:12 - 2017-12-28 03:12 - 000001071 _____ C:\Users\Public\Desktop\ManyCam.lnk
2017-12-28 03:12 - 2017-12-28 03:12 - 000000000 ____D C:\Users\james\AppData\Roaming\NVIDIA
2017-12-28 03:12 - 2017-12-28 03:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManyCam
2017-12-28 03:12 - 2017-12-28 03:12 - 000000000 ____D C:\ProgramData\ManyCam
2017-12-28 03:11 - 2018-01-11 17:05 - 000000000 ____D C:\Users\james\AppData\Roaming\ManyCam
2017-12-28 03:11 - 2017-12-28 03:12 - 000000000 ____D C:\Program Files (x86)\ManyCam
2017-12-28 03:09 - 2018-01-11 21:03 - 000000000 ____D C:\Users\james\AppData\Roaming\vlc
2017-12-28 03:09 - 2017-12-28 03:09 - 000001150 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-12-28 03:09 - 2017-12-28 03:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-12-28 03:09 - 2017-12-28 03:09 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2017-12-28 02:52 - 2017-12-28 02:52 - 000000000 ____D C:\Users\james\AppData\Local\DBG
2017-12-28 02:50 - 2017-12-28 02:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3020531464-1668614112-2457240111-1001
2017-12-28 02:42 - 2018-01-12 06:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-28 02:42 - 2017-12-28 02:42 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\56752408.sys
2017-12-28 02:39 - 2018-01-12 08:16 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-28 02:39 - 2017-12-28 02:39 - 000000000 ___HD C:\OneDriveTemp
2017-12-28 02:37 - 2018-01-03 20:50 - 000000000 ____D C:\Program Files\Recuva
2017-12-28 02:37 - 2017-12-28 02:37 - 000001706 _____ C:\Users\Public\Desktop\Recuva.lnk
2017-12-28 02:37 - 2017-12-28 02:37 - 000000844 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-12-28 02:37 - 2017-12-28 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-12-28 02:37 - 2017-12-28 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-12-28 02:37 - 2017-12-28 02:37 - 000000000 ____D C:\Program Files\Speccy
2017-12-28 02:35 - 2017-12-28 02:35 - 000001772 _____ C:\Users\Public\Desktop\Defraggler.lnk
2017-12-28 02:35 - 2017-12-28 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2017-12-28 02:35 - 2017-12-28 02:35 - 000000000 ____D C:\Program Files\Defraggler
2017-12-28 02:29 - 2018-01-12 10:00 - 000787897 _____ C:\WINDOWS\ZAM.krnl.trace
2017-12-28 02:29 - 2018-01-12 10:00 - 000137721 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-12-28 02:29 - 2018-01-03 21:19 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-12-28 02:29 - 2017-12-28 02:29 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2017-12-28 02:28 - 2017-12-28 02:28 - 000000000 ____D C:\Users\james\AppData\Local\Zemana
2017-12-28 02:26 - 2018-01-10 19:00 - 000000000 ____D C:\Users\james\AppData\Local\PlaceholderTileLogoFolder
2017-12-28 02:23 - 2018-01-11 12:08 - 000000000 ____D C:\Users\james\AppData\Roaming\Google
2017-12-28 02:17 - 2018-01-12 07:09 - 000070451 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2017-12-28 02:17 - 2018-01-11 11:52 - 000000000 ____D C:\Users\james\AppData\Local\Google
2017-12-28 02:17 - 2017-12-30 19:04 - 000000000 ____D C:\Users\james\AppData\Local\Lenovo
2017-12-28 02:12 - 2018-01-10 19:00 - 000000000 ____D C:\Users\james\AppData\Local\PackageStaging
2017-12-28 02:12 - 2018-01-09 20:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-12-28 02:12 - 2018-01-09 20:55 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-12-28 02:12 - 2018-01-09 20:54 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-12-28 02:12 - 2017-12-29 10:14 - 000000000 ____D C:\Users\james\AppData\Roaming\Adobe
2017-12-28 02:12 - 2017-12-28 02:12 - 000000000 ____D C:\Users\james\AppData\Roaming\Macromedia
2017-12-28 02:12 - 2017-12-28 02:12 - 000000000 ____D C:\Users\james\AppData\Local\Comms
2017-12-28 02:11 - 2017-12-28 02:11 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3020531464-1668614112-2457240111-1001
2017-12-28 02:11 - 2017-12-28 02:11 - 000000000 ____D C:\Users\Public\Lenovo App Explorer
2017-12-28 02:10 - 2018-01-12 07:05 - 001659186 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-12-28 02:10 - 2017-12-28 10:53 - 000000000 ____D C:\Users\james\AppData\Local\NVIDIA Corporation
2017-12-28 02:10 - 2017-12-28 02:40 - 000000000 ___RD C:\Users\james\OneDrive
2017-12-28 02:10 - 2017-12-28 02:11 - 000002374 _____ C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-28 02:10 - 2017-12-28 02:10 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-28 02:09 - 2017-12-28 02:30 - 000000000 ____D C:\Users\james\AppData\Local\Publishers
2017-12-28 02:09 - 2017-12-28 02:09 - 000000000 ___HD C:\Users\james\MicrosoftEdgeBackups
2017-12-28 02:09 - 2017-12-28 02:09 - 000000000 ____D C:\Users\james\AppData\Local\MicrosoftEdge
2017-12-28 02:08 - 2018-01-12 06:58 - 000000000 __SHD C:\Users\james\IntelGraphicsProfiles
2017-12-28 02:08 - 2018-01-12 06:36 - 000000000 ____D C:\Users\james\AppData\Local\Packages
2017-12-28 02:08 - 2018-01-06 17:36 - 000000000 ___RD C:\Users\james\3D Objects
2017-12-28 02:08 - 2017-12-28 02:10 - 000000000 ____D C:\Users\james\AppData\Local\ConnectedDevicesPlatform
2017-12-28 02:08 - 2017-12-28 02:08 - 000000000 ____D C:\Users\james\AppData\Roaming\WTablet
2017-12-28 02:08 - 2017-12-28 02:08 - 000000000 ____D C:\Users\james\AppData\Local\VirtualStore
2017-12-28 02:07 - 2018-01-12 07:00 - 000000000 ____D C:\Users\james
2017-12-28 02:07 - 2017-12-28 02:07 - 000000020 ___SH C:\Users\james\ntuser.ini
2017-12-28 02:07 - 2017-12-28 02:07 - 000000000 ____D C:\ProgramData\USOShared
2017-12-28 01:49 - 2017-12-28 01:49 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-12-28 01:49 - 2015-04-28 13:06 - 000043256 _____ C:\WINDOWS\system32\oemlogo.bmp
2017-12-28 01:48 - 2017-12-28 01:48 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-12-28 01:47 - 2018-01-10 11:19 - 000000000 ____D C:\ProgramData\Lenovo
2017-12-28 01:47 - 2018-01-10 11:19 - 000000000 ____D C:\Program Files (x86)\Lenovo
2017-12-28 01:47 - 2017-12-30 19:03 - 000000000 ____D C:\Program Files\Lenovo
2017-12-28 01:47 - 2017-12-28 09:33 - 000000000 ____D C:\WINDOWS\IAStorAfsService
2017-12-28 01:47 - 2017-12-28 04:58 - 000000000 ____D C:\Intel
2017-12-28 01:47 - 2017-12-28 01:47 - 000000000 ____D C:\WINDOWS\Firmware
2017-12-28 01:47 - 2017-12-28 01:47 - 000000000 ____D C:\Program Files\Tablet
2017-12-28 01:45 - 2017-12-28 01:45 - 000000000 ____D C:\WINDOWS\Setup
2017-12-27 22:34 - 2017-12-28 01:49 - 000000000 ___HD C:\$SysReset
2017-12-26 08:42 - 2017-05-24 11:10 - 002371160 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_Tablet.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 002205272 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\wintab32.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 001813336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01011.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 001779288 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\ISD_Tablet.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 001632344 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\wintab32.dll
2017-12-26 08:42 - 2017-05-24 11:10 - 000142424 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Drivers\wachidrouter_isd.sys
2017-12-26 08:42 - 2017-05-24 11:10 - 000139864 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\ISD_INFInstallCoinst73438.dll
2017-12-15 18:18 - 2017-11-12 18:04 - 000103736 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2017-12-15 18:18 - 2017-11-12 18:04 - 000040760 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2017-12-15 18:18 - 2017-11-12 18:03 - 002365288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2017-12-13 09:38 - 2017-12-08 01:52 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-13 09:38 - 2017-12-07 18:34 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 09:38 - 2017-12-07 18:34 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 09:38 - 2017-12-07 18:28 - 000710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 09:38 - 2017-12-07 18:28 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 09:38 - 2017-12-07 18:27 - 004504456 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 09:38 - 2017-12-07 18:26 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 09:38 - 2017-12-07 18:24 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 09:38 - 2017-12-07 18:24 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 09:38 - 2017-12-07 18:24 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 09:38 - 2017-12-07 18:22 - 001003104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 09:38 - 2017-12-07 18:22 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 09:38 - 2017-12-07 18:22 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 09:38 - 2017-12-07 18:16 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 09:38 - 2017-12-07 18:15 - 000721592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 09:38 - 2017-12-07 18:12 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 09:38 - 2017-12-07 17:56 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-13 09:38 - 2017-12-07 17:55 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 09:38 - 2017-12-07 17:55 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-13 09:38 - 2017-12-07 17:37 - 001145104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-13 09:38 - 2017-12-07 17:36 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-13 09:38 - 2017-12-07 17:33 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-13 09:38 - 2017-12-07 17:33 - 000592280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-13 09:38 - 2017-12-07 17:31 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-13 09:38 - 2017-12-07 17:12 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 09:38 - 2017-12-07 17:10 - 006466048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 09:38 - 2017-12-07 17:10 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 09:38 - 2017-12-07 17:10 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 09:38 - 2017-12-07 17:09 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-13 09:38 - 2017-12-07 17:09 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-13 09:38 - 2017-12-07 17:09 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 09:38 - 2017-12-07 17:09 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 09:38 - 2017-12-07 17:09 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-13 09:38 - 2017-12-07 17:08 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 09:38 - 2017-12-07 17:08 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 09:38 - 2017-12-07 17:08 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-12-13 09:38 - 2017-12-07 17:07 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 09:38 - 2017-12-07 17:07 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 09:38 - 2017-12-07 17:07 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 09:38 - 2017-12-07 17:07 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 09:38 - 2017-12-07 17:06 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-13 09:38 - 2017-12-07 17:06 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 09:38 - 2017-12-07 17:06 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 09:38 - 2017-12-07 17:05 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 09:38 - 2017-12-07 17:05 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 09:38 - 2017-12-07 17:05 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-13 09:38 - 2017-12-07 17:05 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-13 09:38 - 2017-12-07 17:05 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 09:38 - 2017-12-07 17:05 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 09:38 - 2017-12-07 17:05 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 09:38 - 2017-12-07 17:05 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 09:38 - 2017-12-07 17:05 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-13 09:38 - 2017-12-07 17:04 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 09:38 - 2017-12-07 17:04 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 09:38 - 2017-12-07 17:03 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-13 09:38 - 2017-12-07 17:03 - 000841728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-13 09:38 - 2017-12-07 17:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 09:38 - 2017-12-07 17:03 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 09:38 - 2017-12-07 17:03 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 09:38 - 2017-12-07 17:02 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 09:38 - 2017-12-07 17:02 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-13 09:38 - 2017-12-07 17:02 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 09:38 - 2017-12-07 17:02 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 09:38 - 2017-12-07 17:01 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 09:38 - 2017-12-07 17:01 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-13 09:38 - 2017-12-07 17:01 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 09:38 - 2017-12-07 17:01 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 09:38 - 2017-12-07 17:00 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 09:38 - 2017-12-07 16:59 - 002105856 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 09:38 - 2017-12-07 16:59 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 09:38 - 2017-12-07 16:59 - 001058304 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 09:38 - 2017-12-07 16:58 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 09:38 - 2017-12-07 16:58 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 09:38 - 2017-12-07 16:58 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 09:38 - 2017-12-07 16:56 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 09:38 - 2017-12-07 16:56 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 09:38 - 2017-12-07 16:54 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-12 06:58 - 2017-03-18 16:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-01-11 10:29 - 2017-07-24 17:11 - 000000000 ____D C:\ProgramData\Package Cache
2018-01-10 13:32 - 2017-07-24 17:12 - 000000000 ____D C:\ProgramData\Intel
2018-01-10 10:58 - 2017-07-24 17:12 - 000000000 ____D C:\Program Files (x86)\Intel
2018-01-06 17:36 - 2017-03-23 12:27 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-06 07:49 - 2017-03-18 16:03 - 000000167 _____ C:\WINDOWS\win.ini
2018-01-05 07:06 - 2017-09-29 08:41 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-01-05 07:06 - 2017-09-29 08:41 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-01-05 07:06 - 2017-09-29 08:41 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-01-03 20:52 - 2017-07-24 17:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stagelight
2017-12-28 05:01 - 2017-07-24 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-28 05:01 - 2017-07-24 16:50 - 000000000 ___HD C:\UserGuidePDF
2017-12-28 05:01 - 2017-03-18 21:32 - 000000000 ____D C:\WINDOWS\HoloShell
2017-12-28 01:39 - 2017-09-29 08:40 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-01-07 09:39

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by james (12-01-2018 10:00:50)
Running from C:\Users\james\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2017-12-28 10:04:56)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3020531464-1668614112-2457240111-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3020531464-1668614112-2457240111-503 - Limited - Disabled)
Guest (S-1-5-21-3020531464-1668614112-2457240111-501 - Limited - Disabled)
james (S-1-5-21-3020531464-1668614112-2457240111-1001 - Administrator - Enabled) => C:\Users\james
WDAGUtilityAccount (S-1-5-21-3020531464-1668614112-2457240111-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . (HKLM\...\{BDB21711-3628-4159-B1E2-0BF55D105E2E}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{46267326-17DC-4A08-94BB-0FB32E31ACC2}) (Version: 3.1.1.2 - Intel) Hidden
µTorrent (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\uTorrent) (Version: 3.5.1.44332 - BitTorrent Inc.)
Adobe Acrobat 2017 (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E1108756300}) (Version: 17.011.30070 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 381.67 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{BC7C46A4-D7A7-48EC-A98C-32A7762B5EFA}) (Version: 6.2.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{F0C4B709-8BF4-4A72-B527-12E7BF5482F8}) (Version: 6.2.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.38 - Piriform)
CertAid for Windows (HKLM-x32\...\{8FBCE0EB-9A40-49D8-85ED-8202131C9532}) (Version: 2.1.0.0 - MIT IS&T)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.5.02036 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{158B6CE6-296E-4AC9-AC51-92E9B8D39BA0}) (Version: 4.5.02036 - Cisco Systems, Inc.) Hidden
Click Install if prompted (HKLM-x32\...\{40830C8E-936E-4E08-AE37-240FF3343927}) (Version: 1.0.6.0 - ExpressVpn) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Dolby Atmos Windows API SDK (HKLM\...\{1F4A261B-588C-4A43-B1F0-49365AC430C7}) (Version: 1.1.3.23 - Dolby Laboratories, Inc.)
Dolby Atmos Windows APP (HKLM\...\{3CCE82BF-69CF-4172-8AFE-1DACB991A62B}) (Version: 1.1.3.21 - Dolby Laboratories, Inc.)
ExpressVPN (HKLM-x32\...\{503dd6bc-3d13-4682-9181-1175568a148a}) (Version: 6.4.1.3300 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{73BA4AC9-B34B-4B95-84BD-AFCB55C04188}) (Version: 6.4.1.3300 - ExpressVPN) Hidden
Extensis Suitcase Fusion (HKLM-x32\...\{D57342AC-0B8D-482D-8156-1730C0C70488}) (Version: 19.0.4.28 - Extensis) Hidden
Extensis Suitcase Fusion (HKLM-x32\...\{dce98dc3-bcfc-4a6e-98e0-bff7f76632c6}) (Version: 19.0.4.28 - 2017 Celartem, Inc. d.b.a Extensis All rights reserved)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{a2167b7c-e567-4ae5-9c88-8e1349a01363}) (Version: 10.1.1.45 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4627 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000010-0200-1033-84C8-B8D95FA3C8C3}) (Version: 20.10.0 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{35fa0dcf-eda2-402b-b1f0-64973bb1938a}) (Version: 3.1.1.2 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{6da487a6-c50d-494e-aaa0-6d8ce9c37ef3}) (Version: 20.10.2 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM-x32\...\ARP_for_prd_SGX_1.9.100.41172) (Version: 1.9.100.41172 - Intel Corporation)
iTunes (HKLM\...\{D7D4465C-B3B6-4BC1-B336-2803FB57BFAF}) (Version: 12.7.2.60 - Apple Inc.)
LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
Lenovo Diagnostics Tool Lite (HKLM\...\{7B3D3612-92C8-483A-9E2C-C2A50EE8343C}) (Version: 4.20.0 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.8 - Lenovo)
Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
Lenovo Yoga Mode Control (HKLM\...\{3F2E25D6-49D3-45D5-A7BD-13F5D6F64171}_is1) (Version: 2.0.0.9 - Lenovo)
Lenovo Yoga Mode Control (Inf Install) (HKLM\...\ACPIVPC) (Version: 15.11.28.179 - Lenovo)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
ManyCam 6.2.0 (HKLM-x32\...\ManyCam) (Version: 6.2.0 - Visicom Media Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8730.2165 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 381.67 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.67 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvvHci) (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8730.2165 - Microsoft Corporation) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
Split Tunneling Driver (HKLM-x32\...\{F078B0B5-2F41-42C2-9162-B8C628D5E6FE}) (Version: 1.0.0.0 - ExpressVpn) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.6.46 - Safer-Networking Ltd.)
Telegram Desktop version 1.2.6 (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram Messenger LLP)
Thunderbolt™ Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Wacom Pen (HKLM\...\ISD Tablet Driver) (Version: 7.3.4-38 - Wacom Technology Corp.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
Zoom (HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers-x32-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL -> No File
ShellIconOverlayIdentifiers-x32-x32-x32-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\PROGRA~2\MICROS~1\Office16\GROOVEEX.DLL -> No File
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-03] ()
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat Elements\ContextMenuShim64.dll [2017-04-24] (Adobe Systems Inc.)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_3d757484a892eacf\igfxDTCM.dll [2017-09-18] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-09-02] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-01-03] ()
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2017\Acrobat Elements\ContextMenuShim64.dll [2017-04-24] (Adobe Systems Inc.)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-01] (Piriform Ltd)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2017-05-23] (Safer-Networking Ltd.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00612270-981B-47B4-90FA-D9C9F58BA662} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-12-01] (Piriform Ltd)
Task: {0146F54C-5AAB-4529-986B-04CB3F263D4A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated)
Task: {09669286-AFEA-468C-B0B2-34220BFC49D3} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => %windir%\system32\sc.exe START ImControllerService
Task: {0DB36EEE-5B2A-44DC-B621-619C08534340} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-03-27] (NVIDIA Corporation)
Task: {0F3729C9-CE26-4940-92A6-1239B28836D1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {10198CBB-A977-453B-B6FD-96AB60A77BFD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-01-06] (Microsoft Corporation)
Task: {158A16AF-0394-41DF-B356-CFC4CC4B8F27} - System32\Tasks\Test => C:\Users\james\AppData\Local\Temp\SP Widget 3.0\SP Widget 3.0.exe <==== ATTENTION
Task: {19D31931-5CB2-4B2D-9940-F2F6D5242261} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => ConditionalAppStarter.exe
Task: {2287C187-CF78-466D-AAA7-4717C316033B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {2822EBE7-CF3F-45FA-97BE-1F65CF3B165E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {2F742418-7D67-4EE8-B805-F3C44A2FED92} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
Task: {37D08C82-6ACF-4EFB-B017-857469307017} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-07-24] (Apple Inc.)
Task: {3DD002F7-9010-4B04-9818-350A70244B17} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-03-27] (NVIDIA Corporation)
Task: {412BA413-0AD3-445C-B5B9-3C4EEB151002} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel® Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-10-11] (Intel® Corporation)
Task: {4727C534-5D26-43C0-A3E1-588A6D2F6D9B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {4FCA1491-3DA9-40DD-9D9D-4F0CEEBB545E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-06] (Microsoft Corporation)
Task: {5157ACC7-0820-453A-A4DB-A863A5C26D9D} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
Task: {5323E84B-512F-4B6D-877A-BFCFC7BEB4CE} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-01-06] (Microsoft Corporation)
Task: {6A41D0BC-245B-40AE-A3D3-DF4B5646CD75} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-11] (Google Inc.)
Task: {6AC9D34A-1068-4F3B-A31D-819008098A76} - \Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up -> No File <==== ATTENTION
Task: {6B6E91D3-93E1-4E4A-BD17-25558ED0F7B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {6CE10C50-BD49-404C-B4C1-D41554A5DC26} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ee0befd9-7c35-49a7-a33e-7bf020b0bc28 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {78E2E914-5DC0-42B8-8F4D-B4BD7DC62FB8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-11] (Google Inc.)
Task: {856D4BAE-2EC1-48C5-B7C2-7F87C749C1F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {8BFE1DF0-6268-4407-8501-0A6CF21FECD1} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-12-25] (Microsoft Corporation)
Task: {8C08DAB1-82F0-4A42-B258-9BC1BC92BBC2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-01-06] (Microsoft Corporation)
Task: {8D689698-7A10-4381-83EE-CDC33D092D2E} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-03-27] (NVIDIA Corporation)
Task: {8DD36695-5985-4927-8BF1-5A812E9208A1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-03-27] (NVIDIA Corporation)
Task: {96C3D4C4-C1AE-4A99-8B4F-0600389965C4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-12-01] (Piriform Ltd)
Task: {9CCC46B7-2CFC-40CF-A1C4-FA06405E1B06} - \Intel\Thunderbolt\Start Thunderbolt service when hardware is detected -> No File <==== ATTENTION
Task: {A233E987-CD69-47CF-9B00-5B35522F4EBC} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {A2B1663A-2C30-4A72-AA44-943B228B1E7E} - System32\Tasks\S-1-5-21-3020531464-1668614112-2457240111-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {A7B2304D-B9E2-4CA0-AC65-AA2A7D476118} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-03-27] (NVIDIA Corporation)
Task: {A948594B-2F99-4119-85D6-D643D8F41C87} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {AE1F4372-8617-4FC8-951B-8ED1F3F29B06} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\e089b374-1494-4579-be6c-ae7cb2a09045 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {AFE975AE-BF22-42D8-88E0-E69F1F051C90} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B4EF3DDE-A877-4C49-AF96-CCD542E44727} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\087fa159-e56e-4f3e-bf8b-0aeac927cf19 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {B5546E91-24E2-4502-8E73-ED9E7C0EB1AC} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-01-06] (Microsoft Corporation)
Task: {C5AF53B0-F031-498F-A3C1-1A2835FF8362} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f7d85295-902f-47bf-b0aa-b247649de463 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-11-12] (Lenovo Group Limited)
Task: {D1CA92C7-7428-4BBD-8EF8-9C2BE288F3A5} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2017-05-23] (Safer-Networking Ltd.)
Task: {DED5A65B-97BC-48CF-B607-CB907317B194} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {E9E904AD-3D95-42FC-9ABB-F884E85D035B} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-3020531464-1668614112-2457240111-1001 => C:\Users\james\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [2018-01-04] (Lenovo Group Limited)
Task: {F22D8761-E4E6-4C22-A2E2-FE4374400556} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Test.job => C:\Users\james\AppData\Local\Temp\SP Widget 3.0\SP Widget 3.0.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 08:41 - 2017-09-29 08:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-12-08 01:48 - 2017-12-08 01:48 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-12-13 16:43 - 2017-12-13 16:43 - 000339168 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2017-07-24 17:14 - 2017-03-27 22:31 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000181992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
2017-07-24 17:00 - 2015-06-27 04:34 - 000029112 _____ () C:\ProgramData\Lenovo\PLHotkeyService\PLHotkeyService.exe
2018-01-12 06:40 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-01-12 06:40 - 2017-11-29 09:11 - 002358728 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-12-13 16:45 - 2017-12-13 16:45 - 008475776 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2018-01-03 21:02 - 2018-01-03 21:02 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2017-12-09 19:07 - 2017-12-09 19:07 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-09 19:07 - 2017-12-09 19:07 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-03 13:55 - 2018-01-03 13:55 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-03 13:55 - 2018-01-03 13:55 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-03 13:55 - 2018-01-03 13:55 - 024670720 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-03 13:55 - 2018-01-03 13:55 - 002550272 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-03 13:55 - 2018-01-03 13:55 - 000667648 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.13.257.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2017-04-28 02:01 - 2017-04-28 02:01 - 000212784 _____ () C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
2017-04-28 02:02 - 2017-04-28 02:02 - 000298288 _____ () C:\Program Files\Dolby\Dolby DAX3\API\RuntimeController.dll
2017-04-28 02:01 - 2017-04-28 02:01 - 000303408 _____ () C:\Program Files\Dolby\Dolby DAX3\API\TuningFileParser.dll
2017-11-28 04:45 - 2017-11-28 04:45 - 000054488 _____ () C:\Program Files\CCleaner\branding.dll
2017-12-13 16:43 - 2017-12-13 16:43 - 000225792 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\liblzo2-2.dll
2017-12-13 16:43 - 2017-12-13 16:43 - 000096776 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\libpkcs11-helper-1.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000885992 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
2017-12-07 23:29 - 2017-12-07 23:29 - 002309864 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_modeler.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000270056 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\pl_agent_lib.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000260328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_acpi_battery_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000306920 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_wifi_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000231144 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\devices_use_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000277736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_system_power_state_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000638696 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_os_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000212200 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_winstat_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000447208 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_upnp_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000375528 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_process_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000609512 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_hw_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000295144 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sampler_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000248040 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_sgx_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000708328 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\sql_logger.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000818408 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
2017-12-07 23:29 - 2017-12-07 23:29 - 000214760 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\foreground_window_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000279272 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_user_waiting_input.dll
2017-12-07 23:29 - 2017-12-07 23:29 - 000207080 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\x64\intel_events_input.dll
2018-01-11 11:52 - 2018-01-03 04:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-11 11:52 - 2018-01-03 04:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2017-12-13 16:45 - 2017-12-13 16:45 - 005757056 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\expressvpn-browser-helper.exe
2017-12-28 02:35 - 2017-12-28 02:35 - 000023552 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.8.255.0_x86__k1h2ywk1493x8\Lenovo.Discovery.exe
2018-01-09 10:25 - 2018-01-09 10:25 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.11.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 000477184 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-12-28 02:33 - 2017-12-28 02:34 - 058590720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 000164864 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\VideoPlugin.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 000675328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\IPPNativePlugin.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 003727360 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 002270720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 016395264 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 003579904 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 003204096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-09-29 09:44 - 2017-09-29 09:44 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 000043520 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 004038144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.People.PeoplePicker.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 001367040 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 000214528 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\SKU.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 000119808 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\ExploreModel.dll
2017-12-28 02:33 - 2017-12-28 02:34 - 000041472 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\ImageDecoding.dll
2018-01-02 17:16 - 2018-01-02 17:17 - 026507776 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-01-02 17:16 - 2018-01-02 17:17 - 008370176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-12-28 02:32 - 2017-12-28 02:32 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-18 09:23 - 2017-10-18 09:23 - 000033792 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_system-vc140-mt-1_59.dll
2017-10-18 09:22 - 2017-10-18 09:22 - 000062976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_date_time-vc140-mt-1_59.dll
2017-10-18 09:24 - 2017-10-18 09:24 - 000106496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_thread-vc140-mt-1_59.dll
2017-10-18 09:24 - 2017-10-18 09:24 - 000042496 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_chrono-vc140-mt-1_59.dll
2017-10-18 09:25 - 2017-10-18 09:25 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2018-01-03 21:47 - 2017-05-12 11:36 - 000507464 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2018-01-03 21:47 - 2016-09-13 14:00 - 000109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2018-01-03 21:47 - 2016-09-13 14:00 - 000167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2018-01-03 21:47 - 2016-09-13 14:00 - 000416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-12-13 16:45 - 2017-12-13 16:45 - 006164864 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\libxvclient.dll
2017-12-13 16:46 - 2017-12-13 16:46 - 000080512 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.NetworkUtils.dll
2017-12-13 16:46 - 2017-12-13 16:46 - 000447616 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2017-07-24 17:14 - 2017-03-27 22:31 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-01-09 10:24 - 2018-01-09 10:24 - 000041984 _____ () C:\Program Files (x86)\Extensis\Suitcase Fusion\pthreads_32.dll
2018-01-09 10:24 - 2018-01-09 10:24 - 001073152 _____ () C:\Program Files (x86)\Extensis\Suitcase Fusion\libxml2_32.dll
2018-01-09 10:24 - 2018-01-09 10:24 - 000998912 _____ () C:\Program Files (x86)\Extensis\Suitcase Fusion\libiconv_32.dll
2017-07-24 17:14 - 2017-03-20 23:27 - 002442176 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000363576 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000469048 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-07-24 17:14 - 2017-03-20 23:27 - 000571840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-11-09 00:44 - 2017-11-09 00:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-12-28 02:35 - 2017-12-28 02:35 - 031003136 _____ () C:\Program Files\WindowsApps\E046963F.LenovoCompanion_4.8.255.0_x86__k1h2ywk1493x8\Lenovo.Discovery.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.

IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\com -> hxxp://stapleslink.com
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\hec.mit.edu -> hxxps://vhmitacdci.hec.mit.edu
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\i9servicecenter.com -> hxxps://mit.i9servicecenter.com
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\mit.edu -> hxxps://adminapps.mit.edu
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\sciquest.com -> hxxps://solutions.sciquest.com
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\scripts.mit.edu -> hxxps://mitcho.scripts.mit.edu
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\sharepoint.com -> hxxps://mitprod-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\xfinity.com -> hxxps://university.xfinity.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\123simsen.com -> www.123simsen.com

There are 7865 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 16:03 - 2018-01-03 21:49 - 000450709 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15463 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\Control Panel\Desktop\\Wallpaper -> c:\users\james\downloads\mydjzan.jpg
DNS Servers: 10.198.0.1 - 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 0) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run: => "Launch LCore"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\Run: => "ManyCam"
HKU\S-1-5-21-3020531464-1668614112-2457240111-1001\...\StartupApproved\Run: => "CCleaner"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{835CF333-4E78-4B7D-900B-8E144F01B99F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E91D9B81-5CA7-40E0-AE9B-046CC80C4A29}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{25F62A31-A110-47BA-83B4-2C71F8567A90}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{89B7A544-6FA0-4D94-B593-F452A76437AA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{C36DFD7C-D2A6-42CC-B49F-9058AF549F9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B9315D22-8992-4395-BA59-69A53988A7BB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{73CE0514-2DC0-4BE1-9301-AD368249EE1F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{02E39B2D-18EA-460F-883F-2C307AD070AE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{48D689D3-A9A3-4E0F-8049-8EC9F106F76A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{864131D0-CC19-436F-8928-8B6498F4A52C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{86C6BB57-5650-4E32-95D4-FAEB988125DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E14DAB6F-4203-44C6-9C15-363FAF45AE6A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{29D4D678-E9F1-402B-BB46-7A5C74880CD9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{283474CA-3C15-41C0-AFB7-2115F9363450}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{92E25F63-CC6C-495A-ACB6-F2C0623C052A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.70.388.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{F24724CD-BBE3-4DC7-A08F-9FA93C15ADF2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{B798C04E-98AA-4E65-982C-0F51C63F7A44}] => (Allow) C:\Users\james\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3C939B4D-42B8-4314-8A9A-6DE6FC37D4E7}] => (Allow) C:\Users\james\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{1603D5B0-327D-442C-AFC0-813AB2FBFFC3}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{215F1CF9-BC9F-4FEC-9AE9-64CF967105B1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{4083B1E1-1E8C-4A06-B712-997E650947A9}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{88AC55A6-528E-4F86-A3F6-97E319193A57}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1C69E469-758C-4158-BD71-0BC3CFB847FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F9485517-FCC8-4DAE-A11C-82DECB5676C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F72654F1-8C37-4C2E-A66F-D1F85AABCB97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D24AD2DA-4471-4BD7-A2F2-571FFD18C5EB}] => (Allow) E:\iTunes\iTunes.exe
FirewallRules: [TCP Query User{1F79CF3C-A043-4FE4-8F8D-94B8B92EEF90}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
FirewallRules: [UDP Query User{96F5DE4B-4983-4B86-9EA3-B742888733B2}C:\program files (x86)\air keyboard\airkeyboard.exe] => (Allow) C:\program files (x86)\air keyboard\airkeyboard.exe
FirewallRules: [{74CB9321-BE69-4BBB-A245-6C95DB41FECE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{21E443DF-3C7D-4149-96A9-E38DB25D2766}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{683EF072-D02F-4E6B-B42F-0909A0011A16}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8E5A7F7D-89A6-476E-B698-268A8F75E8B3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{8B9D772A-FB64-41F6-91F2-81ED4E24D236}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A3779C9D-98CF-4B4F-BC8F-BB3AA460CA2F}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{DB0F3E16-1D15-4F48-8B54-1D984189A59D}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{F06F0701-9FBB-408A-AF34-44F7E2492F33}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{3E2358F8-FA74-4D69-92DB-117A815F6809}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
FirewallRules: [{D22ED457-C2AC-40F1-B17E-CACFF17F84A7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0D7B0627-05B8-4C58-8259-81F7955D0E3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

31-12-2017 14:49:13 Removed Le-Note
04-01-2018 01:34:36 Installed Air Keyboard
05-01-2018 07:15:39 Installed Microsoft Office Professional Plus 2016
05-01-2018 07:15:56 PROPLUS
06-01-2018 20:50:59 Removed Air Keyboard
08-01-2018 21:07:48 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
10-01-2018 10:57:49 Installed Intel® Wireless Bluetooth®

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2018 06:59:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DAX3API.exe, version: 1.1.3.23, time stamp: 0x5903045f
Faulting module name: DAX3API.exe, version: 1.1.3.23, time stamp: 0x5903045f
Exception code: 0xc0000005
Fault offset: 0x0000000000007577
Faulting process id: 0x244c
Faulting application start time: 0x01d38b9cc12cdd21
Faulting application path: C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
Faulting module path: C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
Report Id: 7bb72e68-c119-4557-a828-186a4fb48323
Faulting package full name:
Faulting package-relative application ID:

Error: (01/12/2018 06:58:33 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.

Error: (01/11/2018 05:05:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5282

Error: (01/11/2018 05:05:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5282

Error: (01/11/2018 05:05:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/11/2018 05:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3844

Error: (01/11/2018 05:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3844

Error: (01/11/2018 05:05:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/11/2018 05:05:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2391

Error: (01/11/2018 05:05:49 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2391


System errors:
=============
Error: (01/12/2018 07:21:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2018 07:13:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2018 07:09:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2018 07:08:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2018 07:03:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2018 07:03:12 AM) (Source: DCOM) (EventID: 10016) (User: JAMES-LAPTOP)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user JAMES-LAPTOP\james SID (S-1-5-21-3020531464-1668614112-2457240111-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2018 07:01:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2018 06:58:57 AM) (Source: DCOM) (EventID: 10016) (User: JAMES-LAPTOP)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user JAMES-LAPTOP\james SID (S-1-5-21-3020531464-1668614112-2457240111-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2018 06:58:57 AM) (Source: DCOM) (EventID: 10016) (User: JAMES-LAPTOP)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user JAMES-LAPTOP\james SID (S-1-5-21-3020531464-1668614112-2457240111-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.

Error: (01/12/2018 06:58:40 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
Date: 2018-01-12 09:58:56.796
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-12 09:58:56.793
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-12 09:47:59.714
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-12 09:47:59.712
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-12 09:43:34.353
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-12 09:43:34.351
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-12 09:42:24.999
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-12 09:42:24.996
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-12 09:32:58.156
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2018-01-12 09:32:58.155
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 16207.89 MB
Available physical RAM: 9700.01 MB
Total Virtual: 17231.89 MB
Available Virtual: 9130.99 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:450.69 GB) (Free:356.98 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 3E4A1A1D)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by Oh My!, 12 January 2018 - 10:22 AM.
Posted truncated logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 AM

Posted 12 January 2018 - 10:18 AM

Greetings jtallach and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 jtallach

jtallach
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:54 AM

Posted 12 January 2018 - 10:20 AM

Hi Gary, James here- thank you for taking the time to review my situation - i appreciate all your hard work.

 

James



#4 jtallach

jtallach
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:54 AM

Posted 12 January 2018 - 10:24 AM

ps if it helps i have the following licensed prodcuts

 

CCLEANER

ZEMANA

SPECCY

DEFRAGGLER

RECUVA

 

And the following free versions

 

Malwarebytes

Spybot

AdwCleaner

Mbar

FRST



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 AM

Posted 12 January 2018 - 10:59 AM

Hi James.

Can you tell me if you have XBox Live?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 jtallach

jtallach
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:54 AM

Posted 12 January 2018 - 02:06 PM

i do not.  HOwever i did  notice it was suddenly on my laptop - i contacted Microsoft about it but they didn't do anythign



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 AM

Posted 12 January 2018 - 07:23 PM

Thank you.

That is a known issue with that Certificate. It is not malicious and it is also not necessary. Deleting it is fine.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Tcpip\..\Interfaces\{a4c6489c-60e5-4f75-a562-9620bcbcc3b5}: [DhcpNameServer] 169.254.23.227
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
C:\WINDOWS\system32\default_error_stack*.*
C:\Users\james\Downloads\Unconfirmed 852295.crdownload
C:\autoexec.bat
C:\WINDOWS\system32\DAX3
C:\WINDOWS\win.ini
Task: {158A16AF-0394-41DF-B356-CFC4CC4B8F27} - System32\Tasks\Test => C:\Users\james\AppData\Local\Temp\SP Widget 3.0\SP Widget 3.0.exe
C:\Users\james\AppData\Local\Temp\SP Widget 3.0
Task: {6AC9D34A-1068-4F3B-A31D-819008098A76} - \Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up
Task: {9CCC46B7-2CFC-40CF-A1C4-FA06405E1B06} - \Intel\Thunderbolt\Start Thunderbolt service when hardware is detected
File: C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
Folder: C:\WINDOWS\system32\xbgm
File: C:\Users\james\Downloads\fcy703af.exe
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 jtallach

jtallach
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:54 AM

Posted 12 January 2018 - 07:29 PM

Hi Gary - i cut and paste the text you sent and i got this message when i clicked FIX

 

no fixlist.txt found. The fixlist.txt file should be in the same folder/directory where the tool is found. 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 AM

Posted 12 January 2018 - 07:31 PM

There is no cut and paste. When you follow the instructions the information is copied to the clipboard and then when you click Fix the program pulls the information from the clipboard. Let me know if it goes OK.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 jtallach

jtallach
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:54 AM

Posted 12 January 2018 - 07:44 PM

My apologies. 

 

Here you go 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by james (12-01-2018 19:34:18) Run:1
Running from C:\Users\james\Desktop\MY STUFF\FRST-OlderVersion
Loaded Profiles: james (Available Profiles: james)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
Tcpip\..\Interfaces\{a4c6489c-60e5-4f75-a562-9620bcbcc3b5}: [DhcpNameServer] 169.254.23.227
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
C:\WINDOWS\system32\default_error_stack*.*
C:\Users\james\Downloads\Unconfirmed 852295.crdownload
C:\autoexec.bat
C:\WINDOWS\system32\DAX3
C:\WINDOWS\win.ini
Task: {158A16AF-0394-41DF-B356-CFC4CC4B8F27} - System32\Tasks\Test => C:\Users\james\AppData\Local\Temp\SP Widget 3.0\SP Widget 3.0.exe
C:\Users\james\AppData\Local\Temp\SP Widget 3.0
Task: {6AC9D34A-1068-4F3B-A31D-819008098A76} - \Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up
Task: {9CCC46B7-2CFC-40CF-A1C4-FA06405E1B06} - \Intel\Thunderbolt\Start Thunderbolt service when hardware is detected
File: C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
Folder: C:\WINDOWS\system32\xbgm
File: C:\Users\james\Downloads\fcy703af.exe
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => removed successfully
"HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a4c6489c-60e5-4f75-a562-9620bcbcc3b5}\\DhcpNameServer" => removed successfully
"HKLM\Software\Classes\PROTOCOLS\Filter\text/xml" => removed successfully
"HKLM\Software\Classes\CLSID\{807583E5-5146-11D5-A672-00B0D022E945}" => removed successfully
 
=========== "C:\WINDOWS\system32\default_error_stack*.*" ==========
 
not found
 
========= End -> "C:\WINDOWS\system32\default_error_stack*.*" ========
 
C:\Users\james\Downloads\Unconfirmed 852295.crdownload => moved successfully
C:\autoexec.bat => moved successfully
C:\WINDOWS\system32\DAX3 => moved successfully
C:\WINDOWS\win.ini => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{158A16AF-0394-41DF-B356-CFC4CC4B8F27} => could not remove key. ErrorCode1: 0x00000002
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{158A16AF-0394-41DF-B356-CFC4CC4B8F27}" => removed successfully
C:\WINDOWS\System32\Tasks\Test => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test" => removed successfully
"C:\Users\james\AppData\Local\Temp\SP Widget 3.0" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6AC9D34A-1068-4F3B-A31D-819008098A76}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6AC9D34A-1068-4F3B-A31D-819008098A76}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CCC46B7-2CFC-40CF-A1C4-FA06405E1B06}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CCC46B7-2CFC-40CF-A1C4-FA06405E1B06}" => removed successfully
 
========================= File: C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe ========================
 
C:\Program Files\Dolby\Dolby DAX3\API\DAX3API.exe
File is digitally signed
MD5: 6D5B134469F796293B26173C1832EDC9
Creation and modification date: 2017-04-28 02:01 - 2017-04-28 02:01
Size: 000212784
Attributes: ----A
Company Name: 
Internal Name: 
Original Name: 
Product: 
Description: 
File Version: 
Product Version: 
Copyright: 
VirusTotal: 0
 
====== End of File: ======
 
 
========================= Folder: C:\WINDOWS\system32\xbgm ========================
 
2018-01-10 19:20 - 2018-01-10 19:20 - 000420560 ___AS [AC6FDEF956DC0646A9DE1297FB00BFFB] (Microsoft Corporation) C:\WINDOWS\system32\xbgm\xbgmengine.dll
 
====== End of Folder: ======
 
 
========================= File: C:\Users\james\Downloads\fcy703af.exe ========================
 
C:\Users\james\Downloads\fcy703af.exe
File not signed
MD5: 1144F7C371A0A5289095225BFA898E06
Creation and modification date: 2018-01-08 21:29 - 2018-01-08 21:29
Size: 074584380
Attributes: ----A
Company Name:                                                             
Internal Name: 
Original Name: 
Product: MEI                                                         
Description: MEI Setup                                                   
File Version:                     
Product Version: 11.7.0.1045                                       
Copyright: Copyright © Lenovo 2015,2016.                                                                       
VirusTotal: 0
 
====== End of File: ======
 
 
 
The system needed a reboot.
 
==== End of Fixlog 19:34:55 ====
 
It did reboot - i haven't noticed any major difference except it did seem to take a while to start up - 
oh now zemana has popped up with two files suspected- i think it's the same two file. It also had put three .exe  programs into quarantine (2 driver updates from Lenovo and SuitcaseFusion - font management software)
 
This is the text from the Zemana report
Zemana AntiMalware 2.74.2.150 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2018/1/12
Operating System       : Windows 10 64-bit
Processor              : 8X Intel® Core™ i7-7700HQ CPU @ 2.80GHz
BIOS Mode              : UEFI
CUID                   : 12588D1E5544EC708C6070
Scan Type              : Scheduled Scan
Duration               : 1m 10s
Scanned Objects        : 78789
Detected Objects       : 2
Excluded Objects       : 8
Read Level             : SCSI
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
XBL Client IPsec Issuing CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EBE112F56D5FE0BA23289319C89D7784A10CEB61\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\EBE112F56D5FE0BA23289319C89D7784A10CEB61\Blob = 040000000100000010000000A129428BDC24255F001C2231839F4ACF0F0000000100000020000000D204FF5F30BA82CE88AAE3E51F1BDA6174DCACFC10EF9B4F3D34A7E2060E17C1140000000100000014000000C1FE37707C5A391226ECC094CD8094B1A875E4D81900000001000000100000008D60C3850D05F8FDFC5BA4075818997F030000000100000014000000EBE112F56D5FE0BA23289319C89D7784A10CEB615C00000001000000040000000008000020000000010000003E0300003082033A30820222A00302010202101DE1679891ABE54E81BBDF3FB8BECA8C300D06092A864886F70D01010B050030263124302206035504030C1B58424C20436C69656E742049507365632049737375696E67204341301E170D3133303931363032313133335A170D3238303932313032313133335A30263124302206035504030C1B58424C20436C69656E742049507365632049737375696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100EDC512ABD002BA2A4AA0BC2E03163D428168098F1513BA17A241F8A43260131C1FB6C470DB2AC02E2527D2FFC12812D1E09A33F094B446C21C349EF667FFDFE386D3D7183A101453ECDD2D58E507DF7DF5A0A52FCC20E2FC8E26669021CBFEB458341B6A4887B349C6276129E2431524C83FF3863C97A32057A1598C70E2BBE75F234A8DB11A17607F66D33E44563528831C6F2B925E221184C08B527043754F83E08B7676B589B3351DA691E5EFB3846706250128EA1D8A19431238FB316DC8D29AB2E24683AB1FE9F5F60A6F79D716ED2E0609DAF9FDC72F75B450E9C66E2EBF07A555071C091372058A607EAE6873FFD1BE30549465EC074A92C8A288C5D70203010001A3643062300E0603551D0F0101FF0404030202A4301D0603551D250416301406082B0601050507030106082B0601050507030230120603551D130101FF040830060101FF020100301D0603551D0E04160414C1FE37707C5A391226ECC094CD8094B1A875E4D8300D06092A864886F70D01010B05000382010100334964CF97C373A90F7112E27A22FC49C5DA76CF4141F194194C876263A15B54BBB82CE3659D7EA70E412CA6621C255F42B1DCE554AB828BC41E7EE02FDC105E4104C5F3250CD864357B206BD35B6BC4A28CD02167D812743EE0A5A40BEB3FB65C209B5170BE80D5AF0A970FF7220F7E976A881E85A0EDAC9CE42BB01C4FA6C8ABEC5DA66876D01D732BDCC08404101852F74F96CBD366FD57D3388C50FC93EB16787A28AE36E80EBC89BC944D511DAD65C13F51158D13FB2E612721D92F8E70C4EE2A95035E043DE9C5954D483B41C5803793180C14C5F706764605D5E69EC0A1797917782B53596BABABD8DDF1FAB2F15C8D1CC30A405660630F03398A05A2
 
XBL Server IPsec Issuing CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\645984515AB9FB7AE8065B9DDB0E908F8E870ED5\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\645984515AB9FB7AE8065B9DDB0E908F8E870ED5\Blob = 040000000100000010000000883B67F463E6CF1E76D83CB649493C200F0000000100000020000000CB9A58551D9FFE3B073AEB03AD59AFA0B28E7B88568B875ADBEFF88204B77D0A1400000001000000140000006029E57429B846962BDFF966A0A027D31BBF6879190000000100000010000000E48BD9EE54CFD26D9862DA326CEC69C9030000000100000014000000645984515AB9FB7AE8065B9DDB0E908F8E870ED55C00000001000000040000000008000020000000010000003E0300003082033A30820222A00302010202104B6F9D94F5C0AC48A692C187AB61B5D0300D06092A864886F70D01010B050030263124302206035504030C1B58424C205365727665722049507365632049737375696E67204341301E170D3133303931363032313131395A170D3238303932313032313131395A30263124302206035504030C1B58424C205365727665722049507365632049737375696E6720434130820122300D06092A864886F70D01010105000382010F003082010A0282010100B8708D6AD04695BC74C188F7719A933A6BE7A4CE8A82F791AA7987CE6A2D615339B32AC3C42EE07F011B0DFD242464F5DBB6CDC2542F9280F0DF84A7581E61630A82EE9D60A2330F5B7B40211CAD7DB0F7F4D7D2FA7CDAC911E1182DE64BF43C3E1AABEC804BCB70356942C9780007FADC8553F78C639148995701C153881814B1ED535BCC8E9BA5717CBF18C899A31D85428A9972054E48A92035339A8ADC7044664BD17D4DCE46F7A03E517338A8AF2449BFFE7FB15A9362E05FD88802BC010C75EC407CCF89E704F60D42130A907D61B6CAF3BA7AA953157E86F51FEFE76A039799C351BCF6F692A19A0C21E909C9A695F12EE5BB021C318E4D409A020A130203010001A3643062300E0603551D0F0101FF0404030202A4301D0603551D250416301406082B0601050507030106082B0601050507030230120603551D130101FF040830060101FF020100301D0603551D0E041604146029E57429B846962BDFF966A0A027D31BBF6879300D06092A864886F70D01010B050003820101001045D3A1B342000E20225E1DDF68FFF1B5FD3ABE2ADB266805781BD43CD72A80D36E32ADA9B87CE22237CC6A1AF9738D62CB8B1CF778D6A5D9883E4B36BABA468F760B18DC2136669FDDB367D084FA130F37E78A116A16BA0926E78D35DEC0B5BB1A7F6CA74C7EC78FC62E4AF124E89606C28F486B77B703928CC88757D44BCEAFEFF98ADF656F9162CF8B208EDD6E0D6FBE4CACE06C46814A091870E0CDFDF996C36BAB727F0007C28695DD473EDADAA6651F144EEFDCDF0CBD271E8E7218E7FE3D3603A0E9F594199DACE46F0A154026DFF4D9F09DF42371CEF3F15BEB17C4134EA0CE576B9444FB9088A9957C9696C2B41F6BC59869D1A8EC61E3064DE376
 


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 AM

Posted 12 January 2018 - 09:12 PM

Please run this for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
RestoreQuarantine: C:\WINDOWS\system32\DAX3
C:\WINDOWS\system32\xbgm
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Computer performance?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 jtallach

jtallach
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:54 AM

Posted 12 January 2018 - 09:40 PM

Here you go

 

 Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018

Ran by james (12-01-2018 21:14:18) Run:2
Running from C:\Users\james\Desktop\MY STUFF\FRST-OlderVersion
Loaded Profiles: james (Available Profiles: james)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
RestoreQuarantine: C:\WINDOWS\system32\DAX3
C:\WINDOWS\system32\xbgm
emptytemp:
 
*****************
 
"C:\WINDOWS\system32\DAX3"=> path not found.
C:\WINDOWS\system32\xbgm => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 35820482 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 2703762 B
Edge => 26 B
Chrome => 276148848 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 72365 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
james => 232031101 B
 
RecycleBin => 0 B
EmptyTemp: => 529.2 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:14:30 ====
 
Computer Performance 
 
No .exe files quarantined.  
Same two files flagged
I wrote a reply and was about to post and the screen went funny ( like a tv on the wrong station, then went complete black ( see attached pics).  
I closed the window, shut down and restarted.
 
The post i wrote was this :
 
Do you think Windows Updates could have anything to with this ? Sine Jan 5th or 6th it's been doing the same updates every day - doesn't give an error says it's installed. 
When i go to SETTINGS/SECURITY & UPDATES it shows one thing but when i go to CONTROL PANEL and look for updates it shows something different.
Also, clicking check for updates starts the same thing. SO i checked the Zemana logs and the first flag of these files was 1/6
HUGE apologies if this has nothing to with anything and i just wasted your time. 
 
 


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 AM

Posted 12 January 2018 - 09:48 PM

I am not familiar with Zemana but there should be a way to add that Certificate detection to an Exception List. Future scans will ignore the entries.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
SearchAll: *DAX3*
cmd: DISM /Online /Cleanup-Image /CheckHealth
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 jtallach

jtallach
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:03:54 AM

Posted 12 January 2018 - 09:54 PM

Here you go

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 02.01.2018
Ran by james (12-01-2018 21:54:19) Run:3
Running from C:\Users\james\Desktop\MY STUFF\FRST-OlderVersion
Loaded Profiles: james (Available Profiles: james)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
SearchAll: *DAX3*
cmd: DISM /Online /Cleanup-Image /CheckHealth
 
*****************
 
SearchAll: *DAX3* => Error: No automatic fix found for this entry.
 
========= DISM /Online /Cleanup-Image /CheckHealth =========
 
 
Deployment Image Servicing and Management tool
Version: 10.0.16299.15
 
Image Version: 10.0.16299.192
 
No component store corruption detected.
The operation completed successfully.
 
========= End of CMD: =========
 
 
==== End of Fixlog 21:54:20 ====


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:54 AM

Posted 12 January 2018 - 10:03 PM

Thank you.

Please do this.

===================================================

Farbar's Recovery Scan Tool Search

--------------------
  • Launch FRST
  • Copy/paste the following in the Search: box
*DAX3*
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Search.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users