Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Potential Malware? [Closed]

Started by cloroxmartini , Mar 11 2019 10:52 AM

  • This topic is locked This topic is locked

#1
cloroxmartini
Posted 11 March 2019 - 10:52 AM

cloroxmartini

    Member

  • Member
  • PipPipPip
  • 139 posts

So here is my scenario: Last year I loaded my credit card into T-Mobile's site for auto-pay. Last January (2019) my credit card number was compromised (thank you AMEX for monitoring suspicious activity). So...here's the thing: I only used the AMEX for T-Mobile auto-pay.

 

Card cancelled, got a new card, changed my T-mobile password, took down my auto-pay.

 

So I use the new card for two transactions, both on T-mobile's web site for phone usage. I punched in the card number for payment and did not save the card number to the web site. Last Saturday I get another notice from AMEX that my card is compromised. I only used the card for T-mobile. Cancelled the card and waiting on the new one.

 

I have contacted T-mobile but get no where about this. I am told to write a letter. One person suggested I have something on my browser taking my number. I use the same machine and browser and buy items with another credit card (Visa) and it has never been compromised.

 

Something is not making sense, however I do want to deep scan the machine to eliminate the chance my browser or machine is compromised.

 

Suggestions?


  • 0

Advertisements

#2
iMacg3
Posted 11 March 2019 - 12:21 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Welcome to the Geeks to Go Malware Removal forum.
I'm iMacg3 and will be helping you.

Please keep the following information in mind before we begin:
  • Do not run any fixes or tools on your system unless I request that you do so.
  • Please read all instructions carefully, and complete them in the order listed.
  • If your computer seems to start working normally, please don't abandon the topic. Just because your computer doesn't seem to have a problem doesn't mean that it isn't infected.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
  • If you don't respond to your topic in 4 days, it will be closed. You can have it reopened by contacting me or any staff member by pm with the address of the thread.
  • If you have questions about anything, please ask.
--------------------


Download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST/FRST64 and select Run as administrator. (Windows XP users double-click on the file).
  • If you receive a SmartScreen alert, click More Info, then Run Anyway.
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, two log files will open - FRST.txt and Addition.txt.
  • Copy and paste the contents of FRST.txt and Addition.txt into your next reply.
Note - FRST.txt and Addition.txt are saved to the same location as FRST/FRST64.
  • 0

#3
cloroxmartini
Posted 13 March 2019 - 04:10 PM

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2019 01
Ran by RSB3 (administrator) on 590W10RSB3 (13-03-2019 13:54:55)
Running from C:\Users\RSB3\Desktop
Loaded Profiles: Administrator & RSB3 & SQLTELEMETRY$SQLEXPRESS (Available Profiles: Local_Admin & CSEP_ALS_SVC & Administrator & RSB3 & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS)
Platform: Windows 10 Enterprise Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\HIPS\LDSecSvc64.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files\Cisco\AMP\6.2.1\sfc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(LANDesk Software Ltd.) [File not signed] C:\Windows\SysWOW64\cba\pds.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\SurfaceColorService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\SurfaceService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\sqlceip.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acumbrellaagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseagent.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\SelfElectController.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\SurfaceColorTracker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseposture.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\HIPS\EPSUI.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Bluebeam, Inc. -> Bluebeam, Inc.) C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\RSB3\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files\Cisco\AMP\6.2.1\iptray.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(M-SIX Technology Inc -> M-SIX) C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\VEO.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\lync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\dnscrypt-proxy.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\Shared Files\proxyhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [Ivanti Endpoint Security] => C:\Program Files (x86)\LANDesk\LDClient\hips\EPSUI.EXE [693000 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Pushbutton PDF\Bluebeam Admin User.exe [107568 2018-11-08] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe [880688 2018-11-08] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Cisco\AMP\6.2.1\iptray.exe [4059328 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1321984 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-05] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{01A30791-40AE-4653-AB2E-FD210019AE88}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{1b283861-754f-4022-ad47-a5eaaa618894}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{1ee7337f-85ac-45e2-a23c-37c753209769}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{2135f72a-90b5-4ed3-a7f1-8bb705ac276a}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{25CBB996-92ED-457e-B28C-4774084BD562}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{2D8B3101-E025-480D-917C-835522C7F628}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{48B4E58D-2791-456C-9091-D524C6C706F2}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{600e7adb-da3e-41a4-9225-3c0399e88c0c}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{8FD7E19C-3BF7-489B-A72C-846AB3678C96}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{94596c7e-3744-41ce-893e-bbf09122f76a}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{B12744B8-5BB7-463a-B85E-BB7627E73002}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{BEC09223-B018-416D-A0AC-523971B639F5}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{cb82ea12-9f71-446d-89e1-8d0924e1256e}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{D6886603-9D2F-4EB2-B667-1971041FA96B}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{B12744B8-5BB7-463a-B85E-BB7627E73002}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\PLAP Providers: [{C15C0AAF-C309-FE12-BB17-814630A2009F}] -> C:\WINDOWS\SysWOW64\vpnplap64.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\CSEP_ALS_SVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login (1).bat [2017-09-18] () [File not signed]
Startup: C:\Users\CSEP_ALS_SVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\Local_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\RSB3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-09-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
Startup: C:\Users\SQLTELEMETRY$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.20.10.47
Tcpip\..\Interfaces\{2ffa0e6c-3c12-4ad5-8281-6507c58faacb}: [DhcpNameServer] 172.20.10.47
Tcpip\..\Interfaces\{69c9e1f7-a85b-4911-b7d2-41d6877e850b}: [DhcpNameServer] 172.20.10.47
 
Internet Explorer:
==================
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://www.google.com
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://employee.henselphelps.com
SearchScopes: HKU\S-1-5-21-2576040663-2932046221-3539300486-500 -> DefaultScope {D8547839-547E-4D37-84EE-A9318FA8F4B5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2576040663-2932046221-3539300486-500 -> {D8547839-547E-4D37-84EE-A9318FA8F4B5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> DefaultScope {A74434D8-DAB0-43C8-A939-E9A545E8E081} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> {A74434D8-DAB0-43C8-A939-E9A545E8E081} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [2018-07-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-07-08] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: y06xargw.default
FF ProfilePath: C:\Users\RSB3\AppData\Roaming\Mozilla\Firefox\Profiles\y06xargw.default [2018-12-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-10-27] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-10-27] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-07-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-07-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin-15.8 -> C:\Users\RSB3\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin64-15.8 -> C:\Users\RSB3\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2014-12-19] <==== ATTENTION
 
Chrome: 
=======
CHR Profile: C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default [2019-03-13]
CHR Extension: (Google Drive) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-27]
CHR Extension: (YouTube) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 aciseagent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseagent.exe [456704 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R3 acumbrellaagent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acumbrellaagent.exe [507392 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [209112 2018-08-14] (LANDesk Software, Inc. -> Ivanti)
R2 CiscoAMP_6.2.1; C:\Program Files\Cisco\AMP\6.2.1\sfc.exe [1567816 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-08] (Intel Corporation -> Intel Corporation)
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [382552 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
R2 Intel PDS; C:\WINDOWS\SysWOW64\CBA\pds.exe [32825 2018-10-17] (LANDesk Software Ltd.) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [761088 2018-06-08] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [737552 2018-06-08] (Intel® Trust Services -> Intel® Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [207416 2018-02-15] (Intel® Smart Sound Technology -> Intel)
S3 LANDESK Agentless Manager; C:\Program Files (x86)\LANDesk\LDClient\AGLSManager.exe [315488 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [357800 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
R2 LDSecSvc; C:\Program Files (x86)\LANDesk\LDClient\hips\LDSecSvc64.EXE [2792096 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
S3 LDXDD; C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe [589192 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [392896 2016-10-29] (Microsoft Corporation -> Microsoft Corporation)
R2 nam; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe [890368 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R2 namlm; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe [316928 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 scan; C:\Program Files\Cisco\AMP\tetra\scan.dll [652568 2018-12-03] (Bitdefender SRL -> Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [825808 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [565952 2016-10-29] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\sqlceip.exe [249032 2018-09-22] (Microsoft Corporation -> Microsoft Corporation)
R2 SurfaceColorService; C:\WINDOWS\System32\SurfaceColorService.exe [673128 2018-02-26] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-09-17] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-09-17] (Microsoft Corporation -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 acnamfd; C:\WINDOWS\system32\DRIVERS\acnamfd.sys [77704 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-18] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 CiscoAMPCEFWDriver; C:\WINDOWS\System32\Drivers\CiscoAMPCEFWDriver.sys [58248 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R1 CiscoAMPHeurDriver; C:\WINDOWS\System32\Drivers\CiscoAMPHeurDriver.sys [83888 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R2 CISMBIOS; C:\WINDOWS\system32\drivers\cismbios.sys [27912 2018-10-17] (LANDesk Software, Inc. -> Ivanti)
R3 CSI2HostControllerDriver; C:\WINDOWS\System32\drivers\CSI2HostControllerDriver.sys [114096 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-08] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-08] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382880 2017-11-08] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [33952 2017-10-12] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R3 iacamera64; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [2405296 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 iactrllogic; C:\WINDOWS\System32\drivers\iactrllogic64.sys [182184 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 ImmunetNetworkMonitorDriver; C:\windows\System32\Drivers\ImmunetNetworkMonitor.sys [119568 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R1 ImmunetProtectDriver; C:\windows\System32\Drivers\immunetprotect.sys [124808 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R1 ImmunetSelfProtectDriver; C:\windows\System32\Drivers\immunetselfprotect.sys [95112 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [155288 2017-10-12] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [89752 2017-10-12] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R0 LDSecDrv; C:\Windows\System32\Drivers\LDSecDrv.sys [171792 2018-10-17] (LANDesk Software, Inc. -> Ivanti)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-11] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-03-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-03-11] (Malwarebytes Corporation -> Malwarebytes)
R3 mrvlpcie8897; C:\WINDOWS\System32\drivers\mrvlpcie8897.sys [1079784 2018-06-08] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductors Inc.)
R3 NPF; C:\WINDOWS\System32\drivers\npf64.sys [36600 2018-10-17] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 ov5693; C:\WINDOWS\System32\drivers\ov5693.sys [165816 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 ov7251; C:\WINDOWS\System32\drivers\ov7251.sys [166832 2018-03-20] (Microsoft Corporation -> Intel Corporation)
R3 ov8865; C:\WINDOWS\System32\drivers\ov8865.sys [164272 2018-03-20] (Microsoft Corporation -> Intel Corporation)
S4 RsFx0410; C:\WINDOWS\System32\DRIVERS\RsFx0410.sys [261840 2016-10-20] (Microsoft Corporation -> Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 supportdriver; C:\WINDOWS\System32\drivers\iaisp64.sys [44968 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 SurfaceAccessoryDevice; C:\WINDOWS\System32\drivers\SurfaceAccessoryDevice.sys [56096 2017-08-31] (OEMTest OS Driver Leaf -> Microsoft Corporation)
R3 SurfaceAcpiNotify; C:\WINDOWS\System32\drivers\SurfaceAcpiNotifyDriver.sys [153096 2017-09-19] (Microsoft Corporation -> Microsoft Corporation)
R2 SurfaceDockUsbHubFwUpdate; C:\windows\system32\Drivers\SurfaceDockUsbHubFwUpdate.sys [79352 2018-01-02] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfacePro1725TypeCoverIntegration; C:\WINDOWS\System32\drivers\SurfacePro1725TypeCoverIntegration.sys [43168 2017-09-11] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
R3 SurfacePro1786DigitizerIntegration; C:\WINDOWS\System32\drivers\SurfacePro1786DigitizerIntegration.sys [42656 2017-03-23] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
R3 SurfaceSerialHubDriver; C:\WINDOWS\System32\drivers\SurfaceSerialHubDriver.sys [168464 2017-08-30] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceTconDriver; C:\WINDOWS\System32\drivers\SurfaceTconDriver.sys [129152 2017-05-30] (Microsoft Corporation -> Microsoft Corporation)
R3 Trufos; C:\windows\System32\Drivers\trufos.sys [442848 2018-12-03] (Bitdefender SRL -> BitDefender S.R.L.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [73616 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-09-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-09-17] (Microsoft Windows -> Microsoft Corporation)
S3 aswArPot; system32\drivers\aswArPot.sys [X]
U3 aswbdisk; no ImagePath
S3 aswbidsdriver; system32\drivers\aswbidsdrivera.sys [X]
S3 aswbidsh; system32\drivers\aswbidsha.sys [X]
S3 aswblog; system32\drivers\aswbloga.sys [X]
S3 aswbuniv; system32\drivers\aswbuniva.sys [X]
S1 aswHdsKe; system32\drivers\aswHdsKe.sys [X]
S3 aswHwid; system32\drivers\aswHwid.sys [X]
S2 aswMonFlt; system32\drivers\aswMonFlt.sys [X]
S3 aswRdr; system32\drivers\aswRdr2.sys [X]
S0 aswRvrt; system32\drivers\aswRvrt.sys [X]
S3 aswSnx; system32\drivers\aswSnx.sys [X]
S1 aswSP; system32\drivers\aswSP.sys [X]
S3 aswStm; system32\drivers\aswStm.sys [X]
S3 aswVmm; system32\drivers\aswVmm.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-03-13 13:54 - 2019-03-13 13:55 - 000036611 _____ C:\Users\RSB3\Desktop\FRST.txt
2019-03-13 13:54 - 2019-03-13 13:54 - 000000000 ____D C:\FRST
2019-03-13 13:51 - 2019-03-13 13:52 - 002433536 _____ (Farbar) C:\Users\RSB3\Desktop\FRST64.exe
2019-03-13 10:36 - 2019-03-13 10:36 - 000213741 _____ C:\Users\RSB3\Downloads\T2PO_Level_2_Blocks (45).csv
2019-03-13 10:34 - 2019-03-13 10:34 - 000210288 _____ C:\Users\RSB3\Downloads\T2PO_Level_2_Blocks (44).csv
2019-03-13 08:10 - 2019-03-13 08:57 - 000779424 _____ C:\Users\RSB3\Desktop\LOD Pricing Matrix Rev 1.xlsx.xlsm
2019-03-13 06:03 - 2019-03-13 06:03 - 000000000 ___HD C:\OneDriveTemp
2019-03-12 14:53 - 2019-01-24 14:28 - 004061571 _____ C:\Users\RSB3\Desktop\LOR 4.1 UPN201 PCW PUMP-HXMurray.xlsm
2019-03-12 14:27 - 2019-03-12 14:27 - 000462942 _____ C:\Users\RSB3\Documents\2019 Calendar Updates.pdf
2019-03-11 15:51 - 2019-03-11 15:51 - 000831534 _____ C:\Users\RSB3\Desktop\Hensel%20Phelps%20Plan%20Build%20Manage%20Prolog%20Report%20Logo_dib.bmp
2019-03-11 14:13 - 2019-03-11 14:13 - 000478863 _____ C:\Users\RSB3\Desktop\HP Stamp.eps
2019-03-11 14:12 - 2019-03-11 14:12 - 003965954 _____ C:\Users\RSB3\Desktop\Copy of 1274_F42_BB_01_DRB04_HP_TST_CE_REV1_190305_CRH.xlsm
2019-03-11 13:02 - 2019-03-13 13:31 - 000095978 _____ C:\Users\RSB3\Desktop\tshirt.pptx
2019-03-11 09:39 - 2019-03-12 06:10 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-11 09:39 - 2019-03-12 06:10 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-11 09:39 - 2019-03-11 09:39 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-11 09:39 - 2019-03-11 09:39 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-11 09:39 - 2019-03-11 09:39 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-11 09:39 - 2019-03-11 09:39 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\Users\RSB3\AppData\Local\mbamtray
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\Users\RSB3\AppData\Local\mbam
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-11 09:39 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-11 09:39 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-11 09:36 - 2019-03-11 09:37 - 062400056 _____ (Malwarebytes ) C:\Users\RSB3\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9618.exe
2019-03-11 07:19 - 2019-03-11 07:28 - 000021000 _____ C:\Users\RSB3\Desktop\generic MaRTA sheetx.xlsx
2019-03-11 07:15 - 2019-03-11 07:15 - 000135029 _____ C:\Users\RSB3\Documents\Generic MaRTA Sheet.xlsx
2019-03-06 17:24 - 2019-03-06 17:24 - 003999568 _____ C:\Users\RSB3\Desktop\Copy of 1274_HF Reduction CDS#2 UPN217 - LOX_ArchStruc_TST_ATG_Rev0_190131.xlsm
2019-03-06 13:13 - 2019-03-06 13:13 - 002327934 _____ C:\Users\RSB3\Downloads\Batterboard January 2019 LoRes (1).pdf
2019-03-06 13:12 - 2019-03-06 13:13 - 006330696 _____ C:\Users\RSB3\Downloads\Batterboard February 2019 LoRes (1).pdf
2019-03-05 17:53 - 2019-03-05 17:53 - 002327934 _____ C:\Users\RSB3\Downloads\Batterboard January 2019 LoRes.pdf
2019-03-05 17:48 - 2019-03-05 17:48 - 006330696 _____ C:\Users\RSB3\Downloads\Batterboard February 2019 LoRes.pdf
2019-03-05 13:00 - 2019-03-05 13:00 - 001690757 _____ C:\Users\RSB3\Downloads\Exhibit A – AZ-P1274-BB-GMP Scope of Work.xlsx
2019-03-04 19:03 - 2018-09-21 15:30 - 002592732 _____ C:\Users\RSB3\Desktop\Southland TST - F42 PSSS-02 DRB04 Package 204 R0 09.19.18 Rev 2_ (002).xlsm
2019-02-28 14:33 - 2019-02-07 10:24 - 004119575 _____ C:\Users\RSB3\Desktop\P1274_F42-BB-04 DRB02_CE_GMP__Rev1_190123.xlsm
2019-02-28 14:31 - 2019-02-28 14:32 - 000000000 ____D C:\Users\RSB3\Desktop\REV02 - Corbins
2019-02-27 09:04 - 2019-02-27 09:04 - 000053299 _____ C:\Users\RSB3\Desktop\SIntel-Sout19022709060 2.pdf
2019-02-27 08:59 - 2019-02-27 08:59 - 000059243 _____ C:\Users\RSB3\Desktop\SIntel-Sout19022709060 1.pdf
2019-02-26 10:18 - 2019-02-26 10:18 - 000000000 ____D C:\ProgramData\SolidDocuments
2019-02-19 06:26 - 2019-02-19 06:26 - 000002108 _____ C:\Users\Public\Desktop\Bluebeam Revu 2018.lnk
2019-02-19 06:25 - 2019-02-19 06:25 - 000000000 ____D C:\Users\RSB3\AppData\Local\Bluebeam
2019-02-19 06:25 - 2019-02-19 06:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluebeam Software
2019-02-19 06:21 - 2019-02-19 06:21 - 000000000 ____D C:\ProgramData\ABBYY
2019-02-19 06:20 - 2019-02-19 06:20 - 000000000 ____D C:\Program Files (x86)\Bluebeam Software
2019-02-18 06:57 - 2019-02-05 20:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-18 06:57 - 2019-02-05 20:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-18 06:57 - 2019-02-05 19:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-18 06:57 - 2019-02-05 19:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-18 06:56 - 2019-02-06 00:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-18 06:56 - 2019-02-06 00:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-18 06:56 - 2019-02-06 00:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-18 06:56 - 2019-02-06 00:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-18 06:56 - 2019-02-06 00:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-18 06:56 - 2019-02-06 00:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-18 06:56 - 2019-02-06 00:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-18 06:56 - 2019-02-06 00:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-18 06:56 - 2019-02-05 23:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-18 06:56 - 2019-02-05 23:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-18 06:56 - 2019-02-05 23:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-18 06:56 - 2019-02-05 23:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-18 06:56 - 2019-02-05 20:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-18 06:56 - 2019-02-05 20:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-18 06:56 - 2019-02-05 20:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-18 06:56 - 2019-02-05 20:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-18 06:56 - 2019-02-05 20:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-18 06:56 - 2019-02-05 20:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-18 06:56 - 2019-02-05 20:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-18 06:56 - 2019-02-05 20:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-18 06:56 - 2019-02-05 20:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-18 06:56 - 2019-02-05 20:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-18 06:56 - 2019-02-05 20:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-18 06:56 - 2019-02-05 20:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-18 06:56 - 2019-02-05 20:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-18 06:56 - 2019-02-05 20:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-18 06:56 - 2019-02-05 20:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-18 06:56 - 2019-02-05 20:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-18 06:56 - 2019-02-05 20:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-18 06:56 - 2019-02-05 19:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-18 06:56 - 2019-02-05 19:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-18 06:56 - 2019-02-05 19:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-18 06:56 - 2019-02-05 19:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-18 06:56 - 2019-02-05 19:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-18 06:56 - 2019-02-05 19:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-18 06:56 - 2019-02-05 19:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-18 06:56 - 2019-02-05 19:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-18 06:56 - 2019-02-05 19:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-18 06:56 - 2019-02-05 19:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-18 06:56 - 2019-02-05 19:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-18 06:56 - 2019-02-05 19:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-18 06:56 - 2019-02-05 19:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-18 06:56 - 2019-02-05 19:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-18 06:56 - 2019-02-05 19:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-18 06:56 - 2019-02-05 19:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2019-02-18 06:56 - 2019-02-05 19:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-18 06:56 - 2019-02-05 19:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-18 06:56 - 2019-02-05 19:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-18 06:56 - 2019-02-05 19:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-18 06:56 - 2019-02-05 19:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-18 06:56 - 2019-02-05 19:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-18 06:56 - 2019-02-05 19:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-18 06:56 - 2019-02-05 19:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-18 06:56 - 2019-02-05 19:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-18 06:56 - 2019-02-05 19:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-18 06:56 - 2019-02-05 19:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-18 06:56 - 2019-02-05 19:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-18 06:56 - 2019-02-05 19:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-18 06:56 - 2019-02-05 19:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-18 06:56 - 2019-02-05 19:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-18 06:56 - 2019-02-05 19:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-18 06:56 - 2019-02-05 19:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-18 06:56 - 2019-02-05 19:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-18 06:56 - 2019-02-05 19:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-18 06:56 - 2019-02-05 18:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-18 06:56 - 2019-01-12 01:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-18 06:56 - 2019-01-11 19:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-18 06:56 - 2019-01-09 11:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-18 06:56 - 2019-01-09 10:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-18 06:56 - 2019-01-09 10:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-18 06:56 - 2019-01-09 10:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-18 06:56 - 2019-01-09 10:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-18 06:56 - 2019-01-09 10:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-18 06:56 - 2019-01-09 10:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-18 06:56 - 2019-01-09 10:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-18 06:56 - 2019-01-09 03:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-18 06:56 - 2019-01-09 02:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-18 06:56 - 2019-01-09 02:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-18 06:56 - 2019-01-09 01:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-18 06:56 - 2019-01-09 01:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-18 06:56 - 2019-01-08 22:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-18 06:56 - 2019-01-08 22:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-18 06:56 - 2019-01-08 22:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-18 06:56 - 2019-01-08 22:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-18 06:56 - 2019-01-08 22:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-18 06:56 - 2019-01-08 22:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-18 06:56 - 2019-01-08 22:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-18 06:56 - 2019-01-08 22:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-18 06:56 - 2019-01-08 22:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-18 06:56 - 2019-01-08 22:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-18 06:56 - 2019-01-08 22:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-18 06:56 - 2019-01-08 22:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-18 06:56 - 2019-01-08 22:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-18 06:56 - 2019-01-08 22:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-18 06:56 - 2019-01-08 22:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-18 06:56 - 2019-01-08 22:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-18 06:56 - 2019-01-08 22:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-18 06:56 - 2019-01-08 22:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-18 06:56 - 2019-01-08 22:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-18 06:56 - 2019-01-08 22:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-18 06:56 - 2019-01-08 22:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-18 06:56 - 2019-01-08 22:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-18 06:56 - 2019-01-08 22:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-18 06:56 - 2019-01-08 22:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-18 06:56 - 2019-01-08 22:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-18 06:56 - 2019-01-08 22:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-18 06:56 - 2019-01-08 22:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 06:56 - 2019-01-08 22:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-18 06:56 - 2019-01-08 22:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-18 06:56 - 2019-01-08 22:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-18 06:56 - 2019-01-08 22:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-18 06:56 - 2019-01-08 22:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-18 06:56 - 2019-01-08 22:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-18 06:56 - 2019-01-08 22:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-18 06:56 - 2019-01-08 22:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-18 06:56 - 2019-01-08 22:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-18 06:56 - 2019-01-08 21:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-18 06:56 - 2019-01-08 21:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-18 06:56 - 2019-01-08 02:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-18 06:56 - 2019-01-07 20:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-18 06:56 - 2019-01-07 20:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-18 06:56 - 2019-01-07 20:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-14 15:54 - 2019-02-14 15:54 - 000001272 _____ C:\Users\RSB3\Downloads\Flights.ics
 
==================== One month (modified) ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2019-03-13 13:54 - 2017-12-27 14:48 - 000000000 ____D C:\ProgramData\LdSec
2019-03-13 13:50 - 2017-12-27 16:07 - 000000000 ____D C:\Users\RSB3\Documents\Outlook Files
2019-03-13 13:42 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-13 13:33 - 2017-12-27 15:00 - 000000144 _____ C:\WINDOWS\system32\config\netlogon.ftl
2019-03-13 13:01 - 2018-05-18 12:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-13 10:20 - 2018-05-18 12:37 - 000000000 ____D C:\Users\RSB3\AppData\Local\Packages
2019-03-13 07:13 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-13 07:10 - 2017-11-08 15:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-13 07:07 - 2017-11-08 15:03 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2019-03-13 07:07 - 2017-11-08 15:03 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-13 06:29 - 2017-12-27 16:08 - 000000000 ____D C:\Users\RSB3\Documents\VEO_Cache
2019-03-13 06:11 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-13 06:03 - 2017-12-27 15:37 - 000000000 ___RD C:\Users\RSB3\OneDrive - HENSEL PHELPS
2019-03-12 18:23 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-12 15:32 - 2017-12-27 14:47 - 000000000 ____D C:\ProgramData\vulScan
2019-03-12 14:27 - 2019-02-10 14:29 - 000006660 _____ C:\WINDOWS\SysWOW64\ldcpu.data
2019-03-12 07:11 - 2018-05-18 12:37 - 000000000 ____D C:\Users\Administrator
2019-03-12 06:18 - 2018-05-18 12:45 - 000838564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-12 06:18 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-12 06:12 - 2018-01-02 07:11 - 000000023 _____ C:\WINDOWS\SysWOW64\hostcache.xml
2019-03-12 06:10 - 2018-10-12 11:05 - 000000048 _____ C:\WINDOWS\system32\surfaceservice.Ish.Trace
2019-03-12 06:10 - 2018-05-18 12:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-11 15:34 - 2018-08-08 14:03 - 000000000 ____D C:\WINDOWS\Minidump
2019-03-11 09:39 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-10 14:02 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-03-10 14:02 - 2017-10-27 18:30 - 000000000 ____D C:\Program Files\Microsoft Office
2019-03-08 06:16 - 2018-05-18 12:37 - 000000000 ____D C:\Users\RSB3
2019-03-08 06:15 - 2018-05-18 12:37 - 000000000 ____D C:\Users\SQLTELEMETRY$SQLEXPRESS
2019-03-05 16:43 - 2017-12-27 15:34 - 000000570 _____ C:\Users\RSB3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP IT Support (1).website
2019-03-05 16:28 - 2017-10-27 18:45 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-05 06:57 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-03-05 06:13 - 2018-05-18 12:45 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2903611290-4059586168-1443931954-5841391
2019-03-05 06:13 - 2018-05-18 12:37 - 000002375 _____ C:\Users\RSB3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-03 09:54 - 2018-04-11 16:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 09:54 - 2018-04-11 16:41 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-28 13:41 - 2017-12-27 16:00 - 000000000 ____D C:\Users\RSB3\Documents\Intel AZ P1274
2019-02-27 06:10 - 2018-04-11 14:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-02-27 06:10 - 2018-02-25 13:51 - 000041448 _____ C:\WINDOWS\system32\OV8865_REAR.aiqd
2019-02-27 06:10 - 2018-01-21 13:59 - 000041448 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd
2019-02-26 10:18 - 2018-02-13 09:30 - 000000000 ____D C:\Users\RSB3\AppData\Local\SolidDocuments
2019-02-25 06:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-22 09:48 - 2018-11-01 06:47 - 000000000 ____D C:\Users\RSB3\Desktop\Stuff
2019-02-21 10:05 - 2017-10-27 17:58 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-20 08:42 - 2018-05-18 12:35 - 001802592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-19 06:14 - 2018-01-03 14:52 - 000000000 ____D C:\Users\RSB3\AppData\LocalLow\Adobe
2019-02-19 06:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-18 08:20 - 2017-12-27 16:08 - 000000000 ____D C:\Users\RSB3\Documents\Vacation Requests
2019-02-18 08:19 - 2017-12-27 15:35 - 000000000 ____D C:\Users\RSB3\AppData\Roaming\Bluebeam Software
2019-02-14 06:39 - 2018-05-18 12:45 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-18 12:35
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by RSB3 (13-03-2019 13:56:15)
Running from C:\Users\RSB3\Desktop
Windows 10 Enterprise Version 1803 17134.590 (X64) (2018-05-18 19:45:38)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2576040663-2932046221-3539300486-500 - Administrator - Disabled) => C:\Users\Administrator
cba_anonymous (S-1-5-21-2576040663-2932046221-3539300486-1004 - Limited - Enabled)
CSEP_ALS_SVC (S-1-5-21-2576040663-2932046221-3539300486-1005 - Limited - Enabled) => C:\Users\CSEP_ALS_SVC
DefaultAccount (S-1-5-21-2576040663-2932046221-3539300486-503 - Limited - Disabled)
Guest (S-1-5-21-2576040663-2932046221-3539300486-501 - Limited - Disabled)
Local_Admin (S-1-5-21-2576040663-2932046221-3539300486-1003 - Administrator - Enabled) => C:\Users\Local_Admin
WDAGUtilityAccount (S-1-5-21-2576040663-2932046221-3539300486-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Cisco AMP for Endpoints (Enabled - Up to date) {05A27767-0425-EB45-C06B-DA28DB7FCD38}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Cisco AMP for Endpoints (Enabled - Up to date) {BEC39683-221F-E4CB-FADB-E15AA0F88785}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{F2E12419-477D-44F1-8B51-18FD9CA1FCB3}) (Version: 14.0.500.272 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\{BD09A75D-86C0-4BBE-869D-2724DA1F9579}) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Autodesk Design Review (HKLM-x32\...\{139C013B-5BAC-4101-BC6C-B2A78C0125A4}) (Version: 14.0.1.179 - Autodesk) Hidden
Autodesk Design Review (HKLM-x32\...\Autodesk Design Review) (Version: 14.0.1.179 - Autodesk)
Autodesk DWG TrueView 2018 - English (HKLM\...\DWG TrueView 2018 - English) (Version: 22.0.50.0 - Autodesk)
Bluebeam Revu x64 2018.3.4 (HKLM\...\{7F5E49F6-A466-4553-B9E0-53D7380944E3}) (Version: 18.3.4 - Bluebeam, Inc.)
Browser for SQL Server 2016 (HKLM-x32\...\{5B860485-0F07-41DC-BA8C-3A839A141FBA}) (Version: 13.1.4001.0 - Microsoft Corporation)
Cisco AMP for Endpoints Connector (HKLM-x32\...\Immunet Protect) (Version: 6.2.1.10806 - Cisco Systems, Inc.)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{1F1DFC2E-CB94-407D-8805-5D4A9D0D85ED}) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect ISE Posture Module (HKLM-x32\...\{EEBCBE4D-62E5-49B1-9200-D522B9C1F2FB}) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect Network Access Manager (HKLM-x32\...\{DD31A2B6-E0BA-4DA8-BD2E-98BF5B9A52B4}) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{8C55E3DF-0F0A-4D1F-AC90-9763BD18136D}) (Version: 4.6.02074 - Cisco Systems, Inc.) Hidden
Cisco AnyConnect Start Before Login Module (HKLM-x32\...\{0A2F97FE-DDD8-4F15-8A65-1D1FEA68AD35}) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect Umbrella Roaming Security Module (HKLM-x32\...\{40783192-A13E-4107-9EF3-D1A13DAB055F}) (Version: 4.6.02074 - Cisco Systems, Inc.)
DWG TrueView 2018 - English (HKLM\...\{28B89EEF-1028-0409-0100-CF3F3A09B77D}) (Version: 22.0.50.0 - Autodesk) Hidden
Eos Explorer Extended (HKLM-x32\...\{D8866090-1C76-41AF-B1FE-181CDB4E52B4}) (Version: 0.1 - DSA2)
Formatta Filler (HKLM-x32\...\{B420FF16-5B3C-4690-B070-87F970A54A9A}) (Version: 8.17.1 - Access Eforms, LP)
Google Chrome (HKLM\...\{4EC552DD-5454-3B12-A15F-D84ED8DD24D7}) (Version: 72.0.3626.121 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{91F1F6EA-7E50-4B20-931F-2ABECA24B5E0}) (Version: 7.1.7.2602 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
ICE (HKLM-x32\...\ICE) (Version:  - )
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
LANDESK Advance Agent (HKLM-x32\...\{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}) (Version: 1.0.0 - LANDesk Software) Hidden
LANDesk® Common Base Agent 8 (HKLM-x32\...\{45734758-4041-4EA8-8E62-DE661FC3879C}) (Version: 11.0.0.16 - LANDesk Software, Ltd) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{E0079BB5-8B43-44ED-A60E-9C83B790452E}) (Version: 14.0.500.272 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2576040663-2932046221-3539300486-500\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server  2017  T-SQL Language Service CTP2.1 (HKLM\...\{04E703B1-6105-4E9A-8646-4C1B2B963C1E}) (Version: 14.0.17119.0 - Microsoft Corporation)
Microsoft SQL Server  vNext  Policies CTP2.0 (HKLM-x32\...\{15336D0F-F892-4782-BDCF-D360D2DB4C1C}) (Version: 14.0.500.272 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2016) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2016 Setup (English) (HKLM\...\{0AE831BC-F2A8-4DE2-8FBF-68B220611A7F}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM\...\{FE3BF1DD-677E-4793-9770-C07AECC88882}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{C78CC1C8-D0DF-4F47-BA93-F3AE6E80E047}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{DD517B18-E51F-4194-BE5A-5B89382001DD}) (Version: 14.0.3691.3 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 17.1 (HKLM-x32\...\{b636c6f4-2183-4b76-b5a0-c8d6422df9f4}) (Version: 14.0.17119.0 - Microsoft Corporation)
Microsoft SQL Server vNext CTP2.0 (HKLM-x32\...\Microsoft SQL Server SQLvNextCTP2.0) (Version:  - Microsoft Corporation)
Microsoft Surface Dock Updater (HKLM\...\{C3A0F1AD-239A-4CA0-A6A8-FD30AC22106B}) (Version: 2.12.136.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP2.0 (HKLM\...\{70144BEA-6000-41ED-8DD0-BCC8FF2258D4}) (Version: 14.0.500.272 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2016 (HKLM\...\{3E013EB4-FF9E-4CCA-BAB6-318932614FAE}) (Version: 13.1.4001.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
On-Screen Takeoff (HKLM-x32\...\{28482CBB-4AFD-4787-A7AE-37C1C638A0E7}) (Version: 3.93.2.1 - On Center Software, Inc.)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Service Pack 1 for SQL Server 2016 (KB3182545) (64-bit) (HKLM\...\KB3182545) (Version: 13.1.4001.0 - Microsoft Corporation)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
SQL Server 2016 Batch Parser (HKLM\...\{D7A905DB-9A1E-4670-9488-F979F8A77A58}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools (HKLM\...\{9478E350-F157-4724-AE17-6ADA0E9E2351}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools (HKLM\...\{A070F2AC-A75B-448C-BECB-B794EB7E0E0D}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools Extensions (HKLM\...\{7E94713F-EF30-46EB-B809-BBA8603FBF9E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools Extensions (HKLM\...\{AB765DC7-7642-4D1C-BEDC-035516CCD224}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Common Files (HKLM\...\{16F3645F-1343-4462-92DC-9AE66A2E68A3}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Common Files (HKLM\...\{57846DA8-8B5D-4466-B850-E8CDFC94046C}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Connection Info (HKLM\...\{74940EE5-66DB-42E3-AC30-295D13B461A7}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Connection Info (HKLM\...\{8A3AE1F0-0752-435D-A01C-033BDD629C8B}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Services (HKLM\...\{0C457EC3-E998-4041-B856-908D5A2C1708}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Services (HKLM\...\{51574D2C-DE28-4441-BDC2-967F0FFC0918}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Shared (HKLM\...\{686A81C0-C8E4-46F6-952F-B19A28E8C430}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Shared (HKLM\...\{81CABA93-27C0-4BD9-9B5E-227C76B59F46}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 DMF (HKLM\...\{2FFF0757-4360-42F5-8814-16BB5CF0145F}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 DMF (HKLM\...\{34A20DEE-6AD4-44A6-95FF-DFF95CD22B8C}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects (HKLM\...\{D3FC7A31-F127-4E2A-96F6-B24FA7D3FFAF}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects (HKLM\...\{F8001E21-CFCC-47AD-A3B1-6B3EB6D35E48}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects Extensions (HKLM\...\{B6E1A5EB-1C58-4A04-B76B-E5FE1BE22CA1}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects Extensions (HKLM\...\{FA548BCB-5732-40F8-85B0-61515D18D9C1}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 SQL Diagnostics (HKLM\...\{766BE25E-D2B5-4E76-BCB0-29B801BADB3F}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 XEvent (HKLM\...\{8CF2CA8E-3984-46B9-B493-F844F3774FA1}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 XEvent (HKLM\...\{E6FFAAAF-D8B5-4D46-8514-26E96D9F3D8D}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2017 CTP2.1 Integration Services Scale Out Management Portal (HKLM\...\{6041B0C3-CCD5-44DB-B7B5-BE345C145814}) (Version: 14.0.600.259 - Microsoft Corporation) Hidden
SQL Server 2017 CTP2.1 Integration Services Scale Out Management Portal (HKLM\...\{E8ADAA92-92B0-4E45-8E1C-8B2B77748538}) (Version: 14.0.600.259 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{0D9BD39A-A870-4FDF-B590-1E9787CF16D9}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{CC4F832C-7AEC-4BE5-8867-B5CBE2C766A7}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{CD29C330-B9F9-4422-B277-925D943D6C81}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{C643F687-EFA3-4A07-ACB0-070629597E20}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{133819D0-8361-49D0-B5BE-84A12C02168B}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Batch Parser (HKLM\...\{9F0AC388-DF97-47F0-847D-3A7F4D30D2F5}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Client Tools Extensions (HKLM\...\{3D9B20CD-311B-45A9-B922-2CB57F9D484A}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Client Tools Extensions (HKLM\...\{7F2D875F-B3E1-4AC4-A110-A104E2266C9D}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Common Files (HKLM-x32\...\{09C844D7-348F-4CC8-9389-0D8855D17DAE}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Common Files (HKLM-x32\...\{B5F6E8D7-EEB3-465B-B8E1-6D7D6DEEACB9}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Connection Info (HKLM\...\{0A6831A7-ACA7-492D-A4E4-14E934378D9E}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Connection Info (HKLM\...\{4AC839FD-ED10-4B42-B090-9F9C23EB0F04}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 DMF (HKLM\...\{CA4646C1-FDFF-4A39-A5C3-A20330EB6475}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 DMF (HKLM\...\{F1E7459D-D086-45BD-8A7B-395667330BB6}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Management Studio Extensions (HKLM-x32\...\{83712371-F0B7-431E-8A01-AD9AA2CAED7F}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Management Studio Extensions (HKLM-x32\...\{F45F0B6D-91B1-48E8-A49E-9EB23EA9534F}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Shared Management Objects (HKLM\...\{4CDDD06C-85A1-407B-9397-ECAF5C104842}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Shared Management Objects (HKLM\...\{4F5E4529-ADE5-4178-A880-ABD6ED04CF22}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Shared Management Objects Extensions (HKLM\...\{6EBE49B2-EBEF-48A3-BC79-AC4D3DF5AF0E}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Shared Management Objects Extensions (HKLM\...\{9EDB9595-6FE8-49AB-B93D-605EF3725484}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 SQL Diagnostics (HKLM\...\{A2551258-D304-449F-B238-BC8F4F24E7D2}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 XEvent (HKLM\...\{4CF4DB38-0692-4A5B-BCE8-1667C51E8416}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 XEvent (HKLM\...\{97F44FDE-28D2-4434-A901-6696F5F96283}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{6891D9C9-BB61-46AA-8B11-0EA511841DD0}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SurfacePro Update 18_021_07 (64 bit) (HKLM\...\{62D8F4FF-5F62-492A-9EFF-726D666D8C4B}) (Version: 18.021.18095.0 - Microsoft)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VEO (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\VEO) (Version: 6.7.3 - M-SIX Technology, Inc.)
WhatsApp (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\WhatsApp) (Version: 0.2.8691 - WhatsApp)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{04271989-C4D2-2258-25E4-09A96C248266} -> [OneDrive - HENSEL PHELPS] => C:\Users\RSB3\OneDrive - HENSEL PHELPS [2017-12-27 15:37]
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\en-US\dwgviewrficn.dll (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\RSB3\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\dwgviewr.exe (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2017-02-15] (Autodesk, Inc -> Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-15] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1-x32: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll [2017-03-09] (Autodesk, Inc.) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04923F58-6635-4651-A6D9-4FB58D6D6A1D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1C280C24-0C3B-466A-9DFB-C6BB6078D52D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1D51A3F3-339E-4DF9-8F72-0075B17A7838} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {278D907A-69BF-4A34-850D-626D00D94AEA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {32705C0D-628A-499C-A12A-D9CEAFFFF55E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4D4E871A-6F84-415F-9B7D-A1BBCC13CA3F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {57EBDE88-AF9C-4FFC-AEBF-0A29AC7EF010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {615E8EF2-5C9D-46A4-B7EF-FC0AE3330C6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {637146AD-39C5-41EB-A00A-F6DA1EC1F53E} - System32\Tasks\LANDESK Agent Health Bootstrap Task => C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe (LANDesk Software, Inc. -> Ivanti)
Task: {828B6098-9481-401D-A46B-3003C3D9EF60} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {84758724-E9D5-4FE8-A02F-5EFB3666C346} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {927001D2-04B4-45C7-8B81-3E8800CE2B13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {A1FD2A90-C60B-4F5E-9AA1-CCE20811DE5B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A36488B2-3933-4841-9923-06D2A046A04B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B26A2E79-8155-4F83-9265-9BB39A968EF6} - System32\Tasks\Microsoft\Surface\Color Profile Listener Task => C:\WINDOWS\System32\SurfaceColorTracker.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DB4E20C4-68F5-4F1A-914D-8E0EB9587D1A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FB978D20-41E0-4531-872F-F4473F00F71C} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\RSB3\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
 
==================== Loaded Modules (Whitelisted) ==============
 
2019-02-10 14:28 - 2018-10-17 11:36 - 000223744 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\hips\xmllite64.dll
2019-02-10 14:28 - 2018-10-17 11:39 - 000032825 _____ (LANDesk Software Ltd.) [File not signed] C:\WINDOWS\SysWOW64\CBA\pds.exe
2017-10-27 17:54 - 2017-04-29 00:55 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-02-10 14:28 - 2018-10-02 19:01 - 000745984 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\HIPS\x64\sqlite3.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 002217984 _____ (Apache Software Foundation) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\log4cxx.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 006531584 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Core.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 006759936 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Widgets.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 017939968 _____ (M-SIX) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Viewer.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000244736 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Xml.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 001443328 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Network.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 007794688 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Gui.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000389120 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5PrintSupport.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Concurrent.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000249344 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Sql.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000069120 _____ () [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\zlib1.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 002082304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\LIBEAY32.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 001452032 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\platforms\qwindows.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000267776 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\imageformats\qjpeg.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000983552 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\sqldrivers\qsqlite.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000384512 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\ssleay32.dll
2018-12-11 09:58 - 2018-12-11 09:58 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2018-12-11 09:57 - 2018-12-11 09:57 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2018-12-11 09:57 - 2018-12-11 09:57 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2018-08-14 13:52 - 2018-08-14 13:52 - 001325568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\LIBEAY32.dll
2018-05-04 10:48 - 2018-10-17 11:39 - 001325568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\LIBEAY32.dll
2018-05-04 10:48 - 2018-10-17 11:39 - 000348160 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\SSLEAY32.dll
2018-05-04 10:48 - 2018-10-02 19:04 - 000695296 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\curllib.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-11 09:39 - 2019-02-01 10:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-08-14 13:52 - 2018-08-14 13:52 - 001522176 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\LIBEAY32MTFIPS.dll
2018-08-14 13:52 - 2018-08-14 13:52 - 000348672 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\SSLEAY32MTFIPS.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\sharepoint.com -> hxxps://hpcc2013-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 06:46 - 2017-09-29 06:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
 
2018-03-04 10:12 - 2018-03-04 10:12 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\130\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Control Panel\Desktop\\Wallpaper -> C:\Users\RSB3\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 172.20.10.47
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
If an entry is included in the fixlist, it will be removed.
 
HKLM\...\StartupApproved\Run: => "BbInstallUser"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{145EBA52-C6B5-4059-95DC-60AFE33949EB}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{8E24E561-4365-46F6-A09A-0FD86B5DDBAB}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [TCP Query User{1EE91558-87B0-476D-A70B-857457A2EC87}C:\programdata\rsb3\veo\app-6.6.32\veo.exe] => (Allow) C:\programdata\rsb3\veo\app-6.6.32\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{B199D3A2-D81B-4667-9846-EE402849B60B}C:\programdata\rsb3\veo\app-6.6.32\veo.exe] => (Allow) C:\programdata\rsb3\veo\app-6.6.32\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [{43D977EB-6920-48B0-B748-1AA941E6B2B2}] => (Block) C:\programdata\rsb3\veo\app-6.6.32\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [{B1E93009-C20B-4F12-9A60-F7FDD9A0FDC2}] => (Block) C:\programdata\rsb3\veo\app-6.6.32\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [TCP Query User{ACB5021C-9097-44E5-B028-2C908E37E1EA}C:\users\rsb3\appdata\local\veo\app-6.6.43\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.6.43\veo.exe No File
FirewallRules: [UDP Query User{6833EBB4-3430-4292-9044-E8A4994A86CD}C:\users\rsb3\appdata\local\veo\app-6.6.43\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.6.43\veo.exe No File
FirewallRules: [TCP Query User{D6E491CA-D4C6-4B55-8E56-0AA1151A6E03}C:\users\rsb3\appdata\local\veo\app-6.6.53\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.6.53\veo.exe No File
FirewallRules: [UDP Query User{B9254FB7-E28C-40AA-A5DD-6474B70E3A5F}C:\users\rsb3\appdata\local\veo\app-6.6.53\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.6.53\veo.exe No File
FirewallRules: [{7314F678-B4F6-4C59-83C4-6BE7317889DA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B3BEAB47-D0B0-46F3-822F-C86423346621}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F3354C5-CAAF-45CA-A6BB-34B33DF6EC64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{75104E39-2974-46F8-9E3F-B5BC0357374B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7B148235-54D0-471D-BA7D-158E401EDDEA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5E151095-A689-423F-BD89-D9D245CA3E3B}C:\program files\microsoft office\root\office16\lync.exe] => (Allow) C:\program files\microsoft office\root\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{A04696C7-880A-4083-AC3F-34EEC9BA40D0}C:\program files\microsoft office\root\office16\lync.exe] => (Allow) C:\program files\microsoft office\root\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A368783-AB09-4F4E-A078-9432394FB950}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{D5312C14-9E32-4D6E-8A07-57A2C176320E}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [TCP Query User{7BA906F6-B548-41CF-AE52-FFCA2406726C}C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{C7C7E75F-EC74-4D5B-8968-3BB822E29651}C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [TCP Query User{1692F1EE-A39D-4A2C-BF7F-37AAA2C3C3E4}C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{CA4055A1-846D-48BB-9C73-8D545689C2AA}C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [TCP Query User{0F82ACD0-1E68-476B-9ECC-E160196AE754}C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{02210028-42EF-4E26-961A-AA8CF3AF7336}C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [{DA394942-3615-49B5-8112-75ED09C4B556}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{DB85C8B8-0486-4FBC-B5D7-8FEBDD7F3DDF}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{D3994AAB-D27F-4781-A8A5-14CD4BE1CB4E}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{95461096-0B72-4E68-9757-25F6FBA11267}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{B4541E4D-4F35-496E-B051-2530794DD9BA}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{8F035A1C-903F-49E1-87C6-4E5F2CEE92B6}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{191F009C-9414-48FD-8F60-0D8C12AB5A68}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{1136B6C8-126D-4BB1-8E3D-F46DFC9BBF07}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{30DF1EA6-24D3-4E2B-99C9-F01B4A41B578}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{3A951865-33AB-46CA-8D05-017C3D400200}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{ED81DF17-5E38-438B-A44A-5BF5F2010A72}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{E5337F19-3038-4BEC-9D41-D3E73D0BB6C5}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{E5DE0174-5B72-42D6-A1D2-DBFC046DEE31}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{CED40E2F-1D41-4BA9-99C3-3D418F357B26}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{294493F0-8167-47FF-B9C1-EA220EF41395}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{929EDC7A-5FA8-46B8-B8C3-3035540FCEB0}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [TCP Query User{1968B3F1-D69F-46DC-BD33-3075D72BEB3D}C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{EC50A1B9-7DAA-4524-9072-21C9A9AD9DBD}C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [{92B3C974-8D3D-43B4-BD8A-45CAABEDEB22}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{31D5AED2-9981-4F8C-82E8-DAB44BF1FB49}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{A4907231-00E1-4DDC-A306-885F3395583D}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{A1BB6659-396C-4EED-B957-4676194760EB}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{4CD4ECDE-879D-4F89-89A1-4BA36368C015}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{1D5D869B-13D6-4868-BB51-D9C4AE2CB3C3}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{99E178A4-E57F-40A6-B383-1F77444A2A38}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{B69ACAB5-1D22-4CFC-BFE0-5547FA4DED2C}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{C1DC8F82-39A7-4198-AA84-1EBE3228C316}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe (LANDesk Software, Inc. -> Ivanti)
 
==================== Restore Points =========================
 
18-02-2019 06:54:29 Windows Update
01-03-2019 07:08:30 Scheduled Checkpoint
08-03-2019 07:26:44 Scheduled Checkpoint
13-03-2019 07:06:21 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/13/2019 01:24:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
 
Error: (03/13/2019 10:43:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
 
Error: (03/13/2019 10:35:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
 
Error: (03/13/2019 10:32:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
 
Error: (03/13/2019 10:21:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
 
Error: (03/13/2019 10:14:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
 
Error: (03/13/2019 09:09:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
 
Error: (03/13/2019 07:06:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "SQLAgent$SQLEXPRESS" in DLL "perf-MSSQL13.SQLEXPRESS-sqlagtctr.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (03/13/2019 01:50:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2019 01:50:17 PM) (Source: DCOM) (EventID: 10016) (User: HENSELPHELPS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HENSELPHELPS\RSB3 SID (S-1-5-21-2903611290-4059586168-1443931954-5841391) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2019 01:41:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2019 01:41:46 PM) (Source: DCOM) (EventID: 10016) (User: HENSELPHELPS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HENSELPHELPS\RSB3 SID (S-1-5-21-2903611290-4059586168-1443931954-5841391) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2019 01:02:17 PM) (Source: DCOM) (EventID: 10016) (User: HENSELPHELPS)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 and APPID 
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 to the user HENSELPHELPS\RSB3 SID (S-1-5-21-2903611290-4059586168-1443931954-5841391) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2019 10:33:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2019 10:33:16 AM) (Source: DCOM) (EventID: 10016) (User: HENSELPHELPS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HENSELPHELPS\RSB3 SID (S-1-5-21-2903611290-4059586168-1443931954-5841391) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (03/13/2019 09:09:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2019-03-13 06:07:55.069
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-03-13 06:07:54.311
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-03-13 06:07:53.862
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-03-13 06:07:53.439
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-03-13 06:07:51.670
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-03-13 06:07:50.852
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-03-13 06:07:49.982
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
Date: 2019-03-13 06:07:49.398
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-7660U CPU @ 2.50GHz
Percentage of memory in use: 57%
Total physical RAM: 16309.2 MB
Available physical RAM: 6910.07 MB
Total Virtual: 32693.2 MB
Available Virtual: 18921.32 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:470.11 GB) (Free:137.32 GB) NTFS
 
\\?\Volume{ed68a83a-9cbe-4abb-88d7-464e666a6e80}\ (Recovery) (Fixed) (Total:4.75 GB) (Free:4.35 GB) NTFS
\\?\Volume{63588870-3a9d-4255-925d-64b3aefd9697}\ (BOOT) (Fixed) (Total:1.95 GB) (Free:1.92 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: FD27C405)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 


  • 0

#4
iMacg3
Posted 13 March 2019 - 06:21 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Is this a business computer?
  • 0

#5
cloroxmartini
Posted 14 March 2019 - 07:13 AM

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts

Yes


  • 0

#6
iMacg3
Posted 14 March 2019 - 09:35 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

If this is a corporate computer, some of the things we do in the process of repairing the machine may conflict with software or policies set by the company.
Additionally, an IT department often has specific procedures in place to address issues. They may not approve of employees seeking assistance outside of the office, as this could cause issues or interfere with their procedures. My recommendation would be to contact the IT department and inform them of the situation.
  • 0

#7
cloroxmartini
Posted 14 March 2019 - 02:55 PM

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts

Ok, I will get back to you.


  • 0

#8
iMacg3
Posted 14 March 2019 - 03:19 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
:thumbsup:
  • 0

#9
iMacg3
Posted 17 March 2019 - 10:34 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Do you still need help?
  • 0

#10
iMacg3
Posted 18 March 2019 - 07:57 AM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#11
iMacg3
Posted 18 March 2019 - 01:13 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Topic reopened.


  • 0

#12
iMacg3
Posted 18 March 2019 - 01:15 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

Do you have permission to have this machine cleaned?
  • 0

#13
cloroxmartini
Posted 18 March 2019 - 01:33 PM

cloroxmartini

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts

Sent you an IM


  • 0

#14
iMacg3
Posted 18 March 2019 - 09:21 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts
Hi,

I am sorry, but as this computer is owned by a business, we won't be able to assist. Our tools will remove settings or policies set by the IT department.

My recommendation would be to contact your IT department regarding this issue.

This thread is now closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP