Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13.03.2019 01
Ran by RSB3 (administrator) on 590W10RSB3 (13-03-2019 13:54:55)
Running from C:\Users\RSB3\Desktop
Loaded Profiles: Administrator & RSB3 & SQLTELEMETRY$SQLEXPRESS (Available Profiles: Local_Admin & CSEP_ALS_SVC & Administrator & RSB3 & SQLTELEMETRY$SQLEXPRESS & MSSQL$SQLEXPRESS)
Platform: Windows 10 Enterprise Version 1803 17134.590 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\HIPS\LDSecSvc64.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files\Cisco\AMP\6.2.1\sfc.exe
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(LANDesk Software Ltd.) [File not signed] C:\Windows\SysWOW64\cba\pds.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\SurfaceColorService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\SurfaceService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\sqlceip.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\collector.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acumbrellaagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseagent.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\SelfElectController.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\SurfaceColorTracker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseposture.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\LDClient\HIPS\EPSUI.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Bluebeam, Inc. -> Bluebeam, Inc.) C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\RSB3\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files\Cisco\AMP\6.2.1\iptray.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.40.70.0_x64__kzf8qxf38zg5c\SkypeBridge\SkypeBridge.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19021.10411.0_x64__8wekyb3d8bbwe\Video.UI.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.18114.17710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(M-SIX Technology Inc -> M-SIX) C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\VEO.exe
(Microsoft Corporation) [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.18.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\lync.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\dnscrypt-proxy.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(LANDesk Software, Inc. -> Ivanti) C:\Program Files (x86)\LANDesk\Shared Files\proxyhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [Ivanti Endpoint Security] => C:\Program Files (x86)\LANDesk\LDClient\hips\EPSUI.EXE [693000 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Pushbutton PDF\Bluebeam Admin User.exe [107568 2018-11-08] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Bluebeam Software\Bluebeam Revu\2018\Revu\BBPrint.exe [880688 2018-11-08] (Bluebeam, Inc. -> Bluebeam, Inc.)
HKLM-x32\...\Run: [Immunet Protect] => C:\Program Files\Cisco\AMP\6.2.1\iptray.exe [4059328 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1321984 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\Policies\Explorer: [NoNetConnectDisconnect] 1
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\Installer\chrmstp.exe [2019-03-05] (Google LLC -> Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{01A30791-40AE-4653-AB2E-FD210019AE88}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{1b283861-754f-4022-ad47-a5eaaa618894}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{1ee7337f-85ac-45e2-a23c-37c753209769}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{2135f72a-90b5-4ed3-a7f1-8bb705ac276a}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{25CBB996-92ED-457e-B28C-4774084BD562}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{2D8B3101-E025-480D-917C-835522C7F628}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{48B4E58D-2791-456C-9091-D524C6C706F2}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{600e7adb-da3e-41a4-9225-3c0399e88c0c}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{60b78e88-ead8-445c-9cfd-0b87f74ea6cd}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{8FD7E19C-3BF7-489B-A72C-846AB3678C96}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{94596c7e-3744-41ce-893e-bbf09122f76a}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{B12744B8-5BB7-463a-B85E-BB7627E73002}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{BEC09223-B018-416D-A0AC-523971B639F5}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{cb82ea12-9f71-446d-89e1-8d0924e1256e}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{D6886603-9D2F-4EB2-B667-1971041FA96B}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\Credential Provider Filters: [{B12744B8-5BB7-463a-B85E-BB7627E73002}] -> C:\WINDOWS\system32\acnampwdcredprovider.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\Software\...\Authentication\PLAP Providers: [{C15C0AAF-C309-FE12-BB17-814630A2009F}] -> C:\WINDOWS\SysWOW64\vpnplap64.dll [2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\CSEP_ALS_SVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login (1).bat [2017-09-18] () [File not signed]
Startup: C:\Users\CSEP_ALS_SVC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\Local_Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
Startup: C:\Users\RSB3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-09-24]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (No File)
Startup: C:\Users\SQLTELEMETRY$SQLEXPRESS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\First_Login.bat [2017-09-18] () [File not signed]
GroupPolicy: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.47
Tcpip\..\Interfaces\{2ffa0e6c-3c12-4ad5-8281-6507c58faacb}: [DhcpNameServer] 172.20.10.47
Tcpip\..\Interfaces\{69c9e1f7-a85b-4911-b7d2-41d6877e850b}: [DhcpNameServer] 172.20.10.47
Internet Explorer:
==================
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://www.google.com
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://employee.henselphelps.com
SearchScopes: HKU\S-1-5-21-2576040663-2932046221-3539300486-500 -> DefaultScope {D8547839-547E-4D37-84EE-A9318FA8F4B5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2576040663-2932046221-3539300486-500 -> {D8547839-547E-4D37-84EE-A9318FA8F4B5} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> DefaultScope {A74434D8-DAB0-43C8-A939-E9A545E8E081} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391 -> {A74434D8-DAB0-43C8-A939-E9A545E8E081} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [2018-07-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-07-08] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
FireFox:
========
FF DefaultProfile: y06xargw.default
FF ProfilePath: C:\Users\RSB3\AppData\Roaming\Mozilla\Firefox\Profiles\y06xargw.default [2018-12-11]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-10-27] (Adobe Systems Incorporated -> )
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-10-27] (Adobe Systems Incorporated -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-07-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-07-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2019-03-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc -> Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-17] (Google Inc -> Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin-15.8 -> C:\Users\RSB3\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391: SkypeForBusinessPlugin64-15.8 -> C:\Users\RSB3\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\mozilla.cfg [2014-12-19] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default [2019-03-13]
CHR Extension: (Google Drive) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-27]
CHR Extension: (YouTube) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-27]
CHR Extension: (Chrome Media Router) - C:\Users\RSB3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-02-08]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aciseagent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseagent.exe [456704 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R3 acumbrellaagent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acumbrellaagent.exe [507392 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R2 CBA8; C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe [209112 2018-08-14] (LANDesk Software, Inc. -> Ivanti)
R2 CiscoAMP_6.2.1; C:\Program Files\Cisco\AMP\6.2.1\sfc.exe [1567816 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11129928 2019-03-01] (Microsoft Corporation -> Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-08] (Intel Corporation -> Intel Corporation)
R2 Intel Local Scheduler Service; C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE [382552 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
R2 Intel PDS; C:\WINDOWS\SysWOW64\CBA\pds.exe [32825 2018-10-17] (LANDesk Software Ltd.) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\SocketHeciServer.exe [761088 2018-06-08] (Intel® Trust Services -> Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\Intel® Management Engine Components\iCLS\TPMProvisioningService.exe [737552 2018-06-08] (Intel® Trust Services -> Intel® Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [207416 2018-02-15] (Intel® Smart Sound Technology -> Intel)
S3 LANDESK Agentless Manager; C:\Program Files (x86)\LANDesk\LDClient\AGLSManager.exe [315488 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
R2 LANDesk Targeted Multicast; C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe [357800 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
R2 LDSecSvc; C:\Program Files (x86)\LANDesk\LDClient\hips\LDSecSvc64.EXE [2792096 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
S3 LDXDD; C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe [589192 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S4 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [392896 2016-10-29] (Microsoft Corporation -> Microsoft Corporation)
R2 nam; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamagent.exe [890368 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R2 namlm; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acnamlogonagent.exe [316928 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 scan; C:\Program Files\Cisco\AMP\tetra\scan.dll [652568 2018-12-03] (Bitdefender SRL -> Bitdefender)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 Softmon; C:\Program Files (x86)\LANDesk\LDClient\softmon.exe [825808 2018-10-02] (LANDesk Software, Inc. -> Ivanti)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [565952 2016-10-29] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL13.SQLEXPRESS\MSSQL\Binn\sqlceip.exe [249032 2018-09-22] (Microsoft Corporation -> Microsoft Corporation)
R2 SurfaceColorService; C:\WINDOWS\System32\SurfaceColorService.exe [673128 2018-02-26] (Microsoft Corporation -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-09-17] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-09-17] (Microsoft Corporation -> Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 acnamfd; C:\WINDOWS\system32\DRIVERS\acnamfd.sys [77704 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-04-18] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 CiscoAMPCEFWDriver; C:\WINDOWS\System32\Drivers\CiscoAMPCEFWDriver.sys [58248 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R1 CiscoAMPHeurDriver; C:\WINDOWS\System32\Drivers\CiscoAMPHeurDriver.sys [83888 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R2 CISMBIOS; C:\WINDOWS\system32\drivers\cismbios.sys [27912 2018-10-17] (LANDesk Software, Inc. -> Ivanti)
R3 CSI2HostControllerDriver; C:\WINDOWS\System32\drivers\CSI2HostControllerDriver.sys [114096 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-08] (Intel Corporation -> Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-08] (Intel Corporation -> Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [382880 2017-11-08] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153328 2019-01-08] (Malwarebytes Corporation -> Malwarebytes)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [33952 2017-10-12] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R3 iacamera64; C:\WINDOWS\system32\DRIVERS\iacamera64.sys [2405296 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 iactrllogic; C:\WINDOWS\System32\drivers\iactrllogic64.sys [182184 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation)
R2 ImmunetNetworkMonitorDriver; C:\windows\System32\Drivers\ImmunetNetworkMonitor.sys [119568 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R1 ImmunetProtectDriver; C:\windows\System32\Drivers\immunetprotect.sys [124808 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R1 ImmunetSelfProtectDriver; C:\windows\System32\Drivers\immunetselfprotect.sys [95112 2018-12-03] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [155288 2017-10-12] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [89752 2017-10-12] (Intel® Embedded Subsystems and IP Blocks Group -> Intel)
R0 LDSecDrv; C:\Windows\System32\Drivers\LDSecDrv.sys [171792 2018-10-17] (LANDesk Software, Inc. -> Ivanti)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198512 2019-03-11] (Malwarebytes Corporation -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [127136 2019-03-11] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [72864 2019-03-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [274416 2019-03-12] (Malwarebytes Corporation -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [114040 2019-03-11] (Malwarebytes Corporation -> Malwarebytes)
R3 mrvlpcie8897; C:\WINDOWS\System32\drivers\mrvlpcie8897.sys [1079784 2018-06-08] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductors Inc.)
R3 NPF; C:\WINDOWS\System32\drivers\npf64.sys [36600 2018-10-17] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 ov5693; C:\WINDOWS\System32\drivers\ov5693.sys [165816 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 ov7251; C:\WINDOWS\System32\drivers\ov7251.sys [166832 2018-03-20] (Microsoft Corporation -> Intel Corporation)
R3 ov8865; C:\WINDOWS\System32\drivers\ov8865.sys [164272 2018-03-20] (Microsoft Corporation -> Intel Corporation)
S4 RsFx0410; C:\WINDOWS\System32\DRIVERS\RsFx0410.sys [261840 2016-10-20] (Microsoft Corporation -> Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [264192 2018-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 supportdriver; C:\WINDOWS\System32\drivers\iaisp64.sys [44968 2018-03-20] (Microsoft Corporation -> Intel® Corporation)
R3 SurfaceAccessoryDevice; C:\WINDOWS\System32\drivers\SurfaceAccessoryDevice.sys [56096 2017-08-31] (OEMTest OS Driver Leaf -> Microsoft Corporation)
R3 SurfaceAcpiNotify; C:\WINDOWS\System32\drivers\SurfaceAcpiNotifyDriver.sys [153096 2017-09-19] (Microsoft Corporation -> Microsoft Corporation)
R2 SurfaceDockUsbHubFwUpdate; C:\windows\system32\Drivers\SurfaceDockUsbHubFwUpdate.sys [79352 2018-01-02] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfacePro1725TypeCoverIntegration; C:\WINDOWS\System32\drivers\SurfacePro1725TypeCoverIntegration.sys [43168 2017-09-11] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
R3 SurfacePro1786DigitizerIntegration; C:\WINDOWS\System32\drivers\SurfacePro1786DigitizerIntegration.sys [42656 2017-03-23] (Microsoft Corporation -> Microsoft Corporation) <==== ATTENTION
R3 SurfaceSerialHubDriver; C:\WINDOWS\System32\drivers\SurfaceSerialHubDriver.sys [168464 2017-08-30] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceTconDriver; C:\WINDOWS\System32\drivers\SurfaceTconDriver.sys [129152 2017-05-30] (Microsoft Corporation -> Microsoft Corporation)
R3 Trufos; C:\windows\System32\Drivers\trufos.sys [442848 2018-12-03] (Bitdefender SRL -> BitDefender S.R.L.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [73616 2018-07-30] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46584 2018-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [340008 2018-09-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-09-17] (Microsoft Windows -> Microsoft Corporation)
S3 aswArPot; system32\drivers\aswArPot.sys [X]
U3 aswbdisk; no ImagePath
S3 aswbidsdriver; system32\drivers\aswbidsdrivera.sys [X]
S3 aswbidsh; system32\drivers\aswbidsha.sys [X]
S3 aswblog; system32\drivers\aswbloga.sys [X]
S3 aswbuniv; system32\drivers\aswbuniva.sys [X]
S1 aswHdsKe; system32\drivers\aswHdsKe.sys [X]
S3 aswHwid; system32\drivers\aswHwid.sys [X]
S2 aswMonFlt; system32\drivers\aswMonFlt.sys [X]
S3 aswRdr; system32\drivers\aswRdr2.sys [X]
S0 aswRvrt; system32\drivers\aswRvrt.sys [X]
S3 aswSnx; system32\drivers\aswSnx.sys [X]
S1 aswSP; system32\drivers\aswSP.sys [X]
S3 aswStm; system32\drivers\aswStm.sys [X]
S3 aswVmm; system32\drivers\aswVmm.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-13 13:54 - 2019-03-13 13:55 - 000036611 _____ C:\Users\RSB3\Desktop\FRST.txt
2019-03-13 13:54 - 2019-03-13 13:54 - 000000000 ____D C:\FRST
2019-03-13 13:51 - 2019-03-13 13:52 - 002433536 _____ (Farbar) C:\Users\RSB3\Desktop\FRST64.exe
2019-03-13 10:36 - 2019-03-13 10:36 - 000213741 _____ C:\Users\RSB3\Downloads\T2PO_Level_2_Blocks (45).csv
2019-03-13 10:34 - 2019-03-13 10:34 - 000210288 _____ C:\Users\RSB3\Downloads\T2PO_Level_2_Blocks (44).csv
2019-03-13 08:10 - 2019-03-13 08:57 - 000779424 _____ C:\Users\RSB3\Desktop\LOD Pricing Matrix Rev 1.xlsx.xlsm
2019-03-13 06:03 - 2019-03-13 06:03 - 000000000 ___HD C:\OneDriveTemp
2019-03-12 14:53 - 2019-01-24 14:28 - 004061571 _____ C:\Users\RSB3\Desktop\LOR 4.1 UPN201 PCW PUMP-HXMurray.xlsm
2019-03-12 14:27 - 2019-03-12 14:27 - 000462942 _____ C:\Users\RSB3\Documents\2019 Calendar Updates.pdf
2019-03-11 15:51 - 2019-03-11 15:51 - 000831534 _____ C:\Users\RSB3\Desktop\Hensel%20Phelps%20Plan%20Build%20Manage%20Prolog%20Report%20Logo_dib.bmp
2019-03-11 14:13 - 2019-03-11 14:13 - 000478863 _____ C:\Users\RSB3\Desktop\HP Stamp.eps
2019-03-11 14:12 - 2019-03-11 14:12 - 003965954 _____ C:\Users\RSB3\Desktop\Copy of 1274_F42_BB_01_DRB04_HP_TST_CE_REV1_190305_CRH.xlsm
2019-03-11 13:02 - 2019-03-13 13:31 - 000095978 _____ C:\Users\RSB3\Desktop\tshirt.pptx
2019-03-11 09:39 - 2019-03-12 06:10 - 000274416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2019-03-11 09:39 - 2019-03-12 06:10 - 000072864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2019-03-11 09:39 - 2019-03-11 09:39 - 000198512 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2019-03-11 09:39 - 2019-03-11 09:39 - 000127136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2019-03-11 09:39 - 2019-03-11 09:39 - 000114040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2019-03-11 09:39 - 2019-03-11 09:39 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\Users\RSB3\AppData\Local\mbamtray
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\Users\RSB3\AppData\Local\mbam
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-03-11 09:39 - 2019-03-11 09:39 - 000000000 ____D C:\Program Files\Malwarebytes
2019-03-11 09:39 - 2019-02-01 12:20 - 000020936 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2019-03-11 09:39 - 2019-01-08 16:32 - 000153328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2019-03-11 09:36 - 2019-03-11 09:37 - 062400056 _____ (Malwarebytes ) C:\Users\RSB3\Downloads\mb3-setup-consumer-3.7.1.2839-1.0.538-1.0.9618.exe
2019-03-11 07:19 - 2019-03-11 07:28 - 000021000 _____ C:\Users\RSB3\Desktop\generic MaRTA sheetx.xlsx
2019-03-11 07:15 - 2019-03-11 07:15 - 000135029 _____ C:\Users\RSB3\Documents\Generic MaRTA Sheet.xlsx
2019-03-06 17:24 - 2019-03-06 17:24 - 003999568 _____ C:\Users\RSB3\Desktop\Copy of 1274_HF Reduction CDS#2 UPN217 - LOX_ArchStruc_TST_ATG_Rev0_190131.xlsm
2019-03-06 13:13 - 2019-03-06 13:13 - 002327934 _____ C:\Users\RSB3\Downloads\Batterboard January 2019 LoRes (1).pdf
2019-03-06 13:12 - 2019-03-06 13:13 - 006330696 _____ C:\Users\RSB3\Downloads\Batterboard February 2019 LoRes (1).pdf
2019-03-05 17:53 - 2019-03-05 17:53 - 002327934 _____ C:\Users\RSB3\Downloads\Batterboard January 2019 LoRes.pdf
2019-03-05 17:48 - 2019-03-05 17:48 - 006330696 _____ C:\Users\RSB3\Downloads\Batterboard February 2019 LoRes.pdf
2019-03-05 13:00 - 2019-03-05 13:00 - 001690757 _____ C:\Users\RSB3\Downloads\Exhibit A – AZ-P1274-BB-GMP Scope of Work.xlsx
2019-03-04 19:03 - 2018-09-21 15:30 - 002592732 _____ C:\Users\RSB3\Desktop\Southland TST - F42 PSSS-02 DRB04 Package 204 R0 09.19.18 Rev 2_ (002).xlsm
2019-02-28 14:33 - 2019-02-07 10:24 - 004119575 _____ C:\Users\RSB3\Desktop\P1274_F42-BB-04 DRB02_CE_GMP__Rev1_190123.xlsm
2019-02-28 14:31 - 2019-02-28 14:32 - 000000000 ____D C:\Users\RSB3\Desktop\REV02 - Corbins
2019-02-27 09:04 - 2019-02-27 09:04 - 000053299 _____ C:\Users\RSB3\Desktop\SIntel-Sout19022709060 2.pdf
2019-02-27 08:59 - 2019-02-27 08:59 - 000059243 _____ C:\Users\RSB3\Desktop\SIntel-Sout19022709060 1.pdf
2019-02-26 10:18 - 2019-02-26 10:18 - 000000000 ____D C:\ProgramData\SolidDocuments
2019-02-19 06:26 - 2019-02-19 06:26 - 000002108 _____ C:\Users\Public\Desktop\Bluebeam Revu 2018.lnk
2019-02-19 06:25 - 2019-02-19 06:25 - 000000000 ____D C:\Users\RSB3\AppData\Local\Bluebeam
2019-02-19 06:25 - 2019-02-19 06:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluebeam Software
2019-02-19 06:21 - 2019-02-19 06:21 - 000000000 ____D C:\ProgramData\ABBYY
2019-02-19 06:20 - 2019-02-19 06:20 - 000000000 ____D C:\Program Files (x86)\Bluebeam Software
2019-02-18 06:57 - 2019-02-05 20:00 - 007520112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2019-02-18 06:57 - 2019-02-05 20:00 - 006572416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-02-18 06:57 - 2019-02-05 19:41 - 025853952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2019-02-18 06:57 - 2019-02-05 19:33 - 022714880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2019-02-18 06:56 - 2019-02-06 00:54 - 004527584 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2019-02-18 06:56 - 2019-02-06 00:53 - 001634704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2019-02-18 06:56 - 2019-02-06 00:35 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2019-02-18 06:56 - 2019-02-06 00:32 - 003648512 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2019-02-18 06:56 - 2019-02-06 00:30 - 004052992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2019-02-18 06:56 - 2019-02-06 00:30 - 001662464 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2019-02-18 06:56 - 2019-02-06 00:30 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2019-02-18 06:56 - 2019-02-06 00:11 - 001454648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2019-02-18 06:56 - 2019-02-05 23:57 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2019-02-18 06:56 - 2019-02-05 23:52 - 004053504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2019-02-18 06:56 - 2019-02-05 23:52 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2019-02-18 06:56 - 2019-02-05 23:52 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2019-02-18 06:56 - 2019-02-05 20:01 - 001989040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2019-02-18 06:56 - 2019-02-05 20:01 - 001221432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2019-02-18 06:56 - 2019-02-05 20:01 - 001029944 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2019-02-18 06:56 - 2019-02-05 20:01 - 000720480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2019-02-18 06:56 - 2019-02-05 20:01 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2019-02-18 06:56 - 2019-02-05 20:01 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2019-02-18 06:56 - 2019-02-05 20:01 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2019-02-18 06:56 - 2019-02-05 20:01 - 000033576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NtlmShared.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 009084432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2019-02-18 06:56 - 2019-02-05 20:00 - 002719760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2019-02-18 06:56 - 2019-02-05 20:00 - 002465792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 002421264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2019-02-18 06:56 - 2019-02-05 20:00 - 001257904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2019-02-18 06:56 - 2019-02-05 20:00 - 001140680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2019-02-18 06:56 - 2019-02-05 20:00 - 001130568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 001098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 000945680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2019-02-18 06:56 - 2019-02-05 20:00 - 000899728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2019-02-18 06:56 - 2019-02-05 20:00 - 000466960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2019-02-18 06:56 - 2019-02-05 20:00 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2019-02-18 06:56 - 2019-02-05 20:00 - 000043536 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2019-02-18 06:56 - 2019-02-05 20:00 - 000038792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NtlmShared.dll
2019-02-18 06:56 - 2019-02-05 19:59 - 001922064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2019-02-18 06:56 - 2019-02-05 19:59 - 001457248 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2019-02-18 06:56 - 2019-02-05 19:59 - 000983128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2019-02-18 06:56 - 2019-02-05 19:59 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\smss.exe
2019-02-18 06:56 - 2019-02-05 19:52 - 022014464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2019-02-18 06:56 - 2019-02-05 19:45 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2019-02-18 06:56 - 2019-02-05 19:42 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2019-02-18 06:56 - 2019-02-05 19:41 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2019-02-18 06:56 - 2019-02-05 19:40 - 005792256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2019-02-18 06:56 - 2019-02-05 19:40 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2019-02-18 06:56 - 2019-02-05 19:38 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2019-02-18 06:56 - 2019-02-05 19:38 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2019-02-18 06:56 - 2019-02-05 19:37 - 004515840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2019-02-18 06:56 - 2019-02-05 19:37 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2019-02-18 06:56 - 2019-02-05 19:29 - 004865536 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2019-02-18 06:56 - 2019-02-05 19:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2019-02-18 06:56 - 2019-02-05 19:28 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2019-02-18 06:56 - 2019-02-05 19:28 - 000039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\npmproxy.dll
2019-02-18 06:56 - 2019-02-05 19:27 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2019-02-18 06:56 - 2019-02-05 19:27 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2019-02-18 06:56 - 2019-02-05 19:27 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2019-02-18 06:56 - 2019-02-05 19:27 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2019-02-18 06:56 - 2019-02-05 19:26 - 007599616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2019-02-18 06:56 - 2019-02-05 19:26 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2019-02-18 06:56 - 2019-02-05 19:26 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2019-02-18 06:56 - 2019-02-05 19:26 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2019-02-18 06:56 - 2019-02-05 19:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2019-02-18 06:56 - 2019-02-05 19:25 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2019-02-18 06:56 - 2019-02-05 19:25 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2019-02-18 06:56 - 2019-02-05 19:24 - 004937728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2019-02-18 06:56 - 2019-02-05 19:24 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2019-02-18 06:56 - 2019-02-05 19:23 - 000393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2019-02-18 06:56 - 2019-02-05 19:22 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2019-02-18 06:56 - 2019-02-05 19:22 - 000885760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2019-02-18 06:56 - 2019-02-05 19:21 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdfs.sys
2019-02-18 06:56 - 2019-02-05 18:04 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim
2019-02-18 06:56 - 2019-01-12 01:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2019-02-18 06:56 - 2019-01-11 19:28 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2019-02-18 06:56 - 2019-01-09 11:08 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2019-02-18 06:56 - 2019-01-09 10:57 - 000720536 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2019-02-18 06:56 - 2019-01-09 10:42 - 004716032 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2019-02-18 06:56 - 2019-01-09 10:41 - 012730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2019-02-18 06:56 - 2019-01-09 10:41 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2019-02-18 06:56 - 2019-01-09 10:40 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2019-02-18 06:56 - 2019-01-09 10:36 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2019-02-18 06:56 - 2019-01-09 10:35 - 002919936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2019-02-18 06:56 - 2019-01-09 03:14 - 000607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2019-02-18 06:56 - 2019-01-09 02:55 - 011919872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2019-02-18 06:56 - 2019-01-09 02:55 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2019-02-18 06:56 - 2019-01-09 01:55 - 001285432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2019-02-18 06:56 - 2019-01-09 01:48 - 000527368 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2019-02-18 06:56 - 2019-01-08 22:59 - 000611848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2019-02-18 06:56 - 2019-01-08 22:44 - 000078688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 006043496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 004789944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 002253480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 001981280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 001620264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000607376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000581592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000287640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000127744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2019-02-18 06:56 - 2019-01-08 22:43 - 000071456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2019-02-18 06:56 - 2019-01-08 22:42 - 001035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2019-02-18 06:56 - 2019-01-08 22:42 - 000092704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bindflt.sys
2019-02-18 06:56 - 2019-01-08 22:40 - 002765336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2019-02-18 06:56 - 2019-01-08 22:40 - 001063224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2019-02-18 06:56 - 2019-01-08 22:40 - 000432952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2019-02-18 06:56 - 2019-01-08 22:40 - 000226104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2019-02-18 06:56 - 2019-01-08 22:40 - 000090872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 007436016 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 002571632 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 001943128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000789696 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000713264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000349656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000269624 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000260800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000175416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2019-02-18 06:56 - 2019-01-08 22:39 - 000164192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2019-02-18 06:56 - 2019-01-08 22:39 - 000085472 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2019-02-18 06:56 - 2019-01-08 22:33 - 016597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2019-02-18 06:56 - 2019-01-08 22:32 - 013878272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2019-02-18 06:56 - 2019-01-08 22:29 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2019-02-18 06:56 - 2019-01-08 22:29 - 002500096 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2019-02-18 06:56 - 2019-01-08 22:27 - 004710912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2019-02-18 06:56 - 2019-01-08 22:27 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2019-02-18 06:56 - 2019-01-08 22:27 - 001587712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2019-02-18 06:56 - 2019-01-08 22:26 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2019-02-18 06:56 - 2019-01-08 22:26 - 003396608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2019-02-18 06:56 - 2019-01-08 22:26 - 002966016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2019-02-18 06:56 - 2019-01-08 22:25 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2019-02-18 06:56 - 2019-01-08 22:24 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2019-02-18 06:56 - 2019-01-08 22:24 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2019-02-18 06:56 - 2019-01-08 22:24 - 000157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 001189888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2019-02-18 06:56 - 2019-01-08 22:23 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 06:56 - 2019-01-08 22:22 - 000126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2019-02-18 06:56 - 2019-01-08 22:21 - 002173440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2019-02-18 06:56 - 2019-01-08 22:21 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2019-02-18 06:56 - 2019-01-08 22:21 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.NetworkOperators.HotspotAuthentication.dll
2019-02-18 06:56 - 2019-01-08 22:20 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2019-02-18 06:56 - 2019-01-08 22:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2019-02-18 06:56 - 2019-01-08 22:20 - 000607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2019-02-18 06:56 - 2019-01-08 22:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2019-02-18 06:56 - 2019-01-08 22:19 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2019-02-18 06:56 - 2019-01-08 22:19 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2019-02-18 06:56 - 2019-01-08 22:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2019-02-18 06:56 - 2019-01-08 22:19 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2019-02-18 06:56 - 2019-01-08 22:18 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2019-02-18 06:56 - 2019-01-08 21:34 - 000806320 _____ C:\WINDOWS\SysWOW64\locale.nls
2019-02-18 06:56 - 2019-01-08 21:34 - 000806320 _____ C:\WINDOWS\system32\locale.nls
2019-02-18 06:56 - 2019-01-08 02:08 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2019-02-18 06:56 - 2019-01-07 20:06 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2019-02-18 06:56 - 2019-01-07 20:06 - 000313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2019-02-18 06:56 - 2019-01-07 20:06 - 000000072 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2019-02-14 15:54 - 2019-02-14 15:54 - 000001272 _____ C:\Users\RSB3\Downloads\Flights.ics
==================== One month (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-03-13 13:54 - 2017-12-27 14:48 - 000000000 ____D C:\ProgramData\LdSec
2019-03-13 13:50 - 2017-12-27 16:07 - 000000000 ____D C:\Users\RSB3\Documents\Outlook Files
2019-03-13 13:42 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-03-13 13:33 - 2017-12-27 15:00 - 000000144 _____ C:\WINDOWS\system32\config\netlogon.ftl
2019-03-13 13:01 - 2018-05-18 12:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2019-03-13 10:20 - 2018-05-18 12:37 - 000000000 ____D C:\Users\RSB3\AppData\Local\Packages
2019-03-13 07:13 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2019-03-13 07:10 - 2017-11-08 15:04 - 000000000 ____D C:\WINDOWS\system32\MRT
2019-03-13 07:07 - 2017-11-08 15:03 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2019-03-13 07:07 - 2017-11-08 15:03 - 127411920 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2019-03-13 06:29 - 2017-12-27 16:08 - 000000000 ____D C:\Users\RSB3\Documents\VEO_Cache
2019-03-13 06:11 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2019-03-13 06:03 - 2017-12-27 15:37 - 000000000 ___RD C:\Users\RSB3\OneDrive - HENSEL PHELPS
2019-03-12 18:23 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2019-03-12 15:32 - 2017-12-27 14:47 - 000000000 ____D C:\ProgramData\vulScan
2019-03-12 14:27 - 2019-02-10 14:29 - 000006660 _____ C:\WINDOWS\SysWOW64\ldcpu.data
2019-03-12 07:11 - 2018-05-18 12:37 - 000000000 ____D C:\Users\Administrator
2019-03-12 06:18 - 2018-05-18 12:45 - 000838564 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2019-03-12 06:18 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2019-03-12 06:12 - 2018-01-02 07:11 - 000000023 _____ C:\WINDOWS\SysWOW64\hostcache.xml
2019-03-12 06:10 - 2018-10-12 11:05 - 000000048 _____ C:\WINDOWS\system32\surfaceservice.Ish.Trace
2019-03-12 06:10 - 2018-05-18 12:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2019-03-11 15:34 - 2018-08-08 14:03 - 000000000 ____D C:\WINDOWS\Minidump
2019-03-11 09:39 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2019-03-10 14:02 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-03-10 14:02 - 2017-10-27 18:30 - 000000000 ____D C:\Program Files\Microsoft Office
2019-03-08 06:16 - 2018-05-18 12:37 - 000000000 ____D C:\Users\RSB3
2019-03-08 06:15 - 2018-05-18 12:37 - 000000000 ____D C:\Users\SQLTELEMETRY$SQLEXPRESS
2019-03-05 16:43 - 2017-12-27 15:34 - 000000570 _____ C:\Users\RSB3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP IT Support (1).website
2019-03-05 16:28 - 2017-10-27 18:45 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-03-05 06:57 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2019-03-05 06:13 - 2018-05-18 12:45 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2903611290-4059586168-1443931954-5841391
2019-03-05 06:13 - 2018-05-18 12:37 - 000002375 _____ C:\Users\RSB3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-03-03 09:54 - 2018-04-11 16:41 - 000835480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2019-03-03 09:54 - 2018-04-11 16:41 - 000179608 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2019-02-28 13:41 - 2017-12-27 16:00 - 000000000 ____D C:\Users\RSB3\Documents\Intel AZ P1274
2019-02-27 06:10 - 2018-04-11 14:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2019-02-27 06:10 - 2018-02-25 13:51 - 000041448 _____ C:\WINDOWS\system32\OV8865_REAR.aiqd
2019-02-27 06:10 - 2018-01-21 13:59 - 000041448 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd
2019-02-26 10:18 - 2018-02-13 09:30 - 000000000 ____D C:\Users\RSB3\AppData\Local\SolidDocuments
2019-02-25 06:15 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2019-02-22 09:48 - 2018-11-01 06:47 - 000000000 ____D C:\Users\RSB3\Desktop\Stuff
2019-02-21 10:05 - 2017-10-27 17:58 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-02-20 08:42 - 2018-05-18 12:35 - 001802592 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2019-02-19 06:14 - 2018-01-03 14:52 - 000000000 ____D C:\Users\RSB3\AppData\LocalLow\Adobe
2019-02-19 06:13 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ___RD C:\Program Files\Windows Defender
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2019-02-18 13:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2019-02-18 08:20 - 2017-12-27 16:08 - 000000000 ____D C:\Users\RSB3\Documents\Vacation Requests
2019-02-18 08:19 - 2017-12-27 15:35 - 000000000 ____D C:\Users\RSB3\AppData\Roaming\Bluebeam Software
2019-02-14 06:39 - 2018-05-18 12:45 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\dllhost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\dllhost.exe => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-18 12:35
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by RSB3 (13-03-2019 13:56:15)
Running from C:\Users\RSB3\Desktop
Windows 10 Enterprise Version 1803 17134.590 (X64) (2018-05-18 19:45:38)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2576040663-2932046221-3539300486-500 - Administrator - Disabled) => C:\Users\Administrator
cba_anonymous (S-1-5-21-2576040663-2932046221-3539300486-1004 - Limited - Enabled)
CSEP_ALS_SVC (S-1-5-21-2576040663-2932046221-3539300486-1005 - Limited - Enabled) => C:\Users\CSEP_ALS_SVC
DefaultAccount (S-1-5-21-2576040663-2932046221-3539300486-503 - Limited - Disabled)
Guest (S-1-5-21-2576040663-2932046221-3539300486-501 - Limited - Disabled)
Local_Admin (S-1-5-21-2576040663-2932046221-3539300486-1003 - Administrator - Enabled) => C:\Users\Local_Admin
WDAGUtilityAccount (S-1-5-21-2576040663-2932046221-3539300486-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Cisco AMP for Endpoints (Enabled - Up to date) {05A27767-0425-EB45-C06B-DA28DB7FCD38}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Cisco AMP for Endpoints (Enabled - Up to date) {BEC39683-221F-E4CB-FADB-E15AA0F88785}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{F2E12419-477D-44F1-8B51-18FD9CA1FCB3}) (Version: 14.0.500.272 - Microsoft Corporation)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20098 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\{BD09A75D-86C0-4BBE-869D-2724DA1F9579}) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Autodesk Design Review (HKLM-x32\...\{139C013B-5BAC-4101-BC6C-B2A78C0125A4}) (Version: 14.0.1.179 - Autodesk) Hidden
Autodesk Design Review (HKLM-x32\...\Autodesk Design Review) (Version: 14.0.1.179 - Autodesk)
Autodesk DWG TrueView 2018 - English (HKLM\...\DWG TrueView 2018 - English) (Version: 22.0.50.0 - Autodesk)
Bluebeam Revu x64 2018.3.4 (HKLM\...\{7F5E49F6-A466-4553-B9E0-53D7380944E3}) (Version: 18.3.4 - Bluebeam, Inc.)
Browser for SQL Server 2016 (HKLM-x32\...\{5B860485-0F07-41DC-BA8C-3A839A141FBA}) (Version: 13.1.4001.0 - Microsoft Corporation)
Cisco AMP for Endpoints Connector (HKLM-x32\...\Immunet Protect) (Version: 6.2.1.10806 - Cisco Systems, Inc.)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{1F1DFC2E-CB94-407D-8805-5D4A9D0D85ED}) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect ISE Posture Module (HKLM-x32\...\{EEBCBE4D-62E5-49B1-9200-D522B9C1F2FB}) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect Network Access Manager (HKLM-x32\...\{DD31A2B6-E0BA-4DA8-BD2E-98BF5B9A52B4}) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{8C55E3DF-0F0A-4D1F-AC90-9763BD18136D}) (Version: 4.6.02074 - Cisco Systems, Inc.) Hidden
Cisco AnyConnect Start Before Login Module (HKLM-x32\...\{0A2F97FE-DDD8-4F15-8A65-1D1FEA68AD35}) (Version: 4.6.02074 - Cisco Systems, Inc.)
Cisco AnyConnect Umbrella Roaming Security Module (HKLM-x32\...\{40783192-A13E-4107-9EF3-D1A13DAB055F}) (Version: 4.6.02074 - Cisco Systems, Inc.)
DWG TrueView 2018 - English (HKLM\...\{28B89EEF-1028-0409-0100-CF3F3A09B77D}) (Version: 22.0.50.0 - Autodesk) Hidden
Eos Explorer Extended (HKLM-x32\...\{D8866090-1C76-41AF-B1FE-181CDB4E52B4}) (Version: 0.1 - DSA2)
Formatta Filler (HKLM-x32\...\{B420FF16-5B3C-4690-B070-87F970A54A9A}) (Version: 8.17.1 - Access Eforms, LP)
Google Chrome (HKLM\...\{4EC552DD-5454-3B12-A15F-D84ED8DD24D7}) (Version: 72.0.3626.121 - Google, Inc.)
Google Earth Pro (HKLM-x32\...\{91F1F6EA-7E50-4B20-931F-2ABECA24B5E0}) (Version: 7.1.7.2602 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
ICE (HKLM-x32\...\ICE) (Version: - )
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
LANDESK Advance Agent (HKLM-x32\...\{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}) (Version: 1.0.0 - LANDesk Software) Hidden
LANDesk® Common Base Agent 8 (HKLM-x32\...\{45734758-4041-4EA8-8E62-DE661FC3879C}) (Version: 11.0.0.16 - LANDesk Software, Ltd) Hidden
Malwarebytes version 3.7.1.2839 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.7.1.2839 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{B941AFB4-8851-33A1-9E72-0C33D463C41C}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft ODBC Driver 13 for SQL Server (HKLM\...\{E0079BB5-8B43-44ED-A60E-9C83B790452E}) (Version: 14.0.500.272 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11328.20146 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2576040663-2932046221-3539300486-500\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2017 T-SQL Language Service CTP2.1 (HKLM\...\{04E703B1-6105-4E9A-8646-4C1B2B963C1E}) (Version: 14.0.17119.0 - Microsoft Corporation)
Microsoft SQL Server vNext Policies CTP2.0 (HKLM-x32\...\{15336D0F-F892-4782-BDCF-D360D2DB4C1C}) (Version: 14.0.500.272 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{6292D514-17A4-403F-98F9-E150F10C043D}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client (HKLM\...\{4D2C56FF-7F36-4B49-A97A-24F0522D41D7}) (Version: 11.3.6540.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2016) (Version: - Microsoft Corporation)
Microsoft SQL Server 2016 Setup (English) (HKLM\...\{0AE831BC-F2A8-4DE2-8FBF-68B220611A7F}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service (HKLM\...\{FE3BF1DD-677E-4793-9770-C07AECC88882}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom (HKLM\...\{C78CC1C8-D0DF-4F47-BA93-F3AE6E80E047}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft SQL Server Data-Tier Application Framework (x86) (HKLM-x32\...\{DD517B18-E51F-4194-BE5A-5B89382001DD}) (Version: 14.0.3691.3 - Microsoft Corporation)
Microsoft SQL Server Management Studio - 17.1 (HKLM-x32\...\{b636c6f4-2183-4b76-b5a0-c8d6422df9f4}) (Version: 14.0.17119.0 - Microsoft Corporation)
Microsoft SQL Server vNext CTP2.0 (HKLM-x32\...\Microsoft SQL Server SQLvNextCTP2.0) (Version: - Microsoft Corporation)
Microsoft Surface Dock Updater (HKLM\...\{C3A0F1AD-239A-4CA0-A6A8-FD30AC22106B}) (Version: 2.12.136.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{718FFB65-F6E4-4D62-861F-ED10ED32C936}) (Version: 12.0.2402.11 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server vNext CTP2.0 (HKLM\...\{70144BEA-6000-41ED-8DD0-BCC8FF2258D4}) (Version: 14.0.500.272 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual Studio 2015 Shell (Isolated) (HKLM-x32\...\{d2981c27-a434-4c9a-96c7-0209e97c4eac}) (Version: 14.0.23107.10 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Language Support (HKLM-x32\...\{bd4ef7af-dfb1-472e-8fa4-1b97f360a3e7}) (Version: 14.0.23107.20 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2016 (HKLM\...\{3E013EB4-FF9E-4CCA-BAB6-318932614FAE}) (Version: 13.1.4001.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11328.20146 - Microsoft Corporation) Hidden
On-Screen Takeoff (HKLM-x32\...\{28482CBB-4AFD-4787-A7AE-37C1C638A0E7}) (Version: 3.93.2.1 - On Center Software, Inc.)
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
Roslyn Language Services - x86 (HKLM-x32\...\{5B47029B-1E62-30FF-906E-694851C22782}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Service Pack 1 for SQL Server 2016 (KB3182545) (64-bit) (HKLM\...\KB3182545) (Version: 13.1.4001.0 - Microsoft Corporation)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype for Business Web App Plug-in (HKLM-x32\...\{37C8167B-B653-4955-A6E8-EBB8DE937DDD}) (Version: 15.8.20020.400 - Microsoft Corporation)
SQL Server 2016 Batch Parser (HKLM\...\{D7A905DB-9A1E-4670-9488-F979F8A77A58}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools (HKLM\...\{9478E350-F157-4724-AE17-6ADA0E9E2351}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools (HKLM\...\{A070F2AC-A75B-448C-BECB-B794EB7E0E0D}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools Extensions (HKLM\...\{7E94713F-EF30-46EB-B809-BBA8603FBF9E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Client Tools Extensions (HKLM\...\{AB765DC7-7642-4D1C-BEDC-035516CCD224}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Common Files (HKLM\...\{16F3645F-1343-4462-92DC-9AE66A2E68A3}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Common Files (HKLM\...\{57846DA8-8B5D-4466-B850-E8CDFC94046C}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Connection Info (HKLM\...\{74940EE5-66DB-42E3-AC30-295D13B461A7}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Connection Info (HKLM\...\{8A3AE1F0-0752-435D-A01C-033BDD629C8B}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Services (HKLM\...\{0C457EC3-E998-4041-B856-908D5A2C1708}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Services (HKLM\...\{51574D2C-DE28-4441-BDC2-967F0FFC0918}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Shared (HKLM\...\{686A81C0-C8E4-46F6-952F-B19A28E8C430}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 Database Engine Shared (HKLM\...\{81CABA93-27C0-4BD9-9B5E-227C76B59F46}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server 2016 DMF (HKLM\...\{2FFF0757-4360-42F5-8814-16BB5CF0145F}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 DMF (HKLM\...\{34A20DEE-6AD4-44A6-95FF-DFF95CD22B8C}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects (HKLM\...\{D3FC7A31-F127-4E2A-96F6-B24FA7D3FFAF}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects (HKLM\...\{F8001E21-CFCC-47AD-A3B1-6B3EB6D35E48}) (Version: 13.0.14500.10 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects Extensions (HKLM\...\{B6E1A5EB-1C58-4A04-B76B-E5FE1BE22CA1}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 Shared Management Objects Extensions (HKLM\...\{FA548BCB-5732-40F8-85B0-61515D18D9C1}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 SQL Diagnostics (HKLM\...\{766BE25E-D2B5-4E76-BCB0-29B801BADB3F}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 XEvent (HKLM\...\{8CF2CA8E-3984-46B9-B493-F844F3774FA1}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2016 XEvent (HKLM\...\{E6FFAAAF-D8B5-4D46-8514-26E96D9F3D8D}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
SQL Server 2017 CTP2.1 Integration Services Scale Out Management Portal (HKLM\...\{6041B0C3-CCD5-44DB-B7B5-BE345C145814}) (Version: 14.0.600.259 - Microsoft Corporation) Hidden
SQL Server 2017 CTP2.1 Integration Services Scale Out Management Portal (HKLM\...\{E8ADAA92-92B0-4E45-8E1C-8B2B77748538}) (Version: 14.0.600.259 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{0D9BD39A-A870-4FDF-B590-1E9787CF16D9}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{CC4F832C-7AEC-4BE5-8867-B5CBE2C766A7}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SQL Server Management Studio (HKLM\...\{CD29C330-B9F9-4422-B277-925D943D6C81}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Analysis Services (HKLM\...\{C643F687-EFA3-4A07-ACB0-070629597E20}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SQL Server Management Studio for Reporting Services (HKLM\...\{133819D0-8361-49D0-B5BE-84A12C02168B}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Batch Parser (HKLM\...\{9F0AC388-DF97-47F0-847D-3A7F4D30D2F5}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Client Tools Extensions (HKLM\...\{3D9B20CD-311B-45A9-B922-2CB57F9D484A}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Client Tools Extensions (HKLM\...\{7F2D875F-B3E1-4AC4-A110-A104E2266C9D}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Common Files (HKLM-x32\...\{09C844D7-348F-4CC8-9389-0D8855D17DAE}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Common Files (HKLM-x32\...\{B5F6E8D7-EEB3-465B-B8E1-6D7D6DEEACB9}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Connection Info (HKLM\...\{0A6831A7-ACA7-492D-A4E4-14E934378D9E}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Connection Info (HKLM\...\{4AC839FD-ED10-4B42-B090-9F9C23EB0F04}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 DMF (HKLM\...\{CA4646C1-FDFF-4A39-A5C3-A20330EB6475}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 DMF (HKLM\...\{F1E7459D-D086-45BD-8A7B-395667330BB6}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Management Studio Extensions (HKLM-x32\...\{83712371-F0B7-431E-8A01-AD9AA2CAED7F}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Management Studio Extensions (HKLM-x32\...\{F45F0B6D-91B1-48E8-A49E-9EB23EA9534F}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Shared Management Objects (HKLM\...\{4CDDD06C-85A1-407B-9397-ECAF5C104842}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Shared Management Objects (HKLM\...\{4F5E4529-ADE5-4178-A880-ABD6ED04CF22}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Shared Management Objects Extensions (HKLM\...\{6EBE49B2-EBEF-48A3-BC79-AC4D3DF5AF0E}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 Shared Management Objects Extensions (HKLM\...\{9EDB9595-6FE8-49AB-B93D-605EF3725484}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 SQL Diagnostics (HKLM\...\{A2551258-D304-449F-B238-BC8F4F24E7D2}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 XEvent (HKLM\...\{4CF4DB38-0692-4A5B-BCE8-1667C51E8416}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SQL Server vNext CTP2.0 XEvent (HKLM\...\{97F44FDE-28D2-4434-A901-6696F5F96283}) (Version: 14.0.500.272 - Microsoft Corporation) Hidden
SSMS Post Install Tasks (HKLM\...\{6891D9C9-BB61-46AA-8B11-0EA511841DD0}) (Version: 14.0.17119.0 - Microsoft Corporation) Hidden
SurfacePro Update 18_021_07 (64 bit) (HKLM\...\{62D8F4FF-5F62-492A-9EFF-726D666D8C4B}) (Version: 18.021.18095.0 - Microsoft)
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
VEO (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\VEO) (Version: 6.7.3 - M-SIX Technology, Inc.)
WhatsApp (HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\WhatsApp) (Version: 0.2.8691 - WhatsApp)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{04271989-C4D2-2258-25E4-09A96C248266} -> [OneDrive - HENSEL PHELPS] => C:\Users\RSB3\OneDrive - HENSEL PHELPS [2017-12-27 15:37]
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\en-US\dwgviewrficn.dll (Autodesk, Inc -> Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{7ECF6F97-B4F3-4168-9835-F59C06D7875F}\InprocServer32 -> C:\Users\RSB3\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2018 - English\dwgviewr.exe (Autodesk, Inc -> Autodesk, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2017-02-15] (Autodesk, Inc -> Autodesk, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [AcShellExtension.AcContextMenuHandler] -> {2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} => C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll [2017-02-15] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1-x32: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files (x86)\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll [2017-03-09] (Autodesk, Inc.) [File not signed]
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {04923F58-6635-4651-A6D9-4FB58D6D6A1D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1C280C24-0C3B-466A-9DFB-C6BB6078D52D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {1D51A3F3-339E-4DF9-8F72-0075B17A7838} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {278D907A-69BF-4A34-850D-626D00D94AEA} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {32705C0D-628A-499C-A12A-D9CEAFFFF55E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {4D4E871A-6F84-415F-9B7D-A1BBCC13CA3F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {57EBDE88-AF9C-4FFC-AEBF-0A29AC7EF010} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {615E8EF2-5C9D-46A4-B7EF-FC0AE3330C6D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {637146AD-39C5-41EB-A00A-F6DA1EC1F53E} - System32\Tasks\LANDESK Agent Health Bootstrap Task => C:\Program Files (x86)\LANDesk\LDClient\LANDESKAgentBootStrap.exe (LANDesk Software, Inc. -> Ivanti)
Task: {828B6098-9481-401D-A46B-3003C3D9EF60} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {84758724-E9D5-4FE8-A02F-5EFB3666C346} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {927001D2-04B4-45C7-8B81-3E8800CE2B13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {A1FD2A90-C60B-4F5E-9AA1-CCE20811DE5B} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {A36488B2-3933-4841-9923-06D2A046A04B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {B26A2E79-8155-4F83-9265-9BB39A968EF6} - System32\Tasks\Microsoft\Surface\Color Profile Listener Task => C:\WINDOWS\System32\SurfaceColorTracker.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {DB4E20C4-68F5-4F1A-914D-8E0EB9587D1A} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {FB978D20-41E0-4531-872F-F4473F00F71C} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\RSB3\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
==================== Loaded Modules (Whitelisted) ==============
2019-02-10 14:28 - 2018-10-17 11:36 - 000223744 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\hips\xmllite64.dll
2019-02-10 14:28 - 2018-10-17 11:39 - 000032825 _____ (LANDesk Software Ltd.) [File not signed] C:\WINDOWS\SysWOW64\CBA\pds.exe
2017-10-27 17:54 - 2017-04-29 00:55 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2019-02-10 14:28 - 2018-10-02 19:01 - 000745984 _____ () [File not signed] C:\Program Files (x86)\LANDesk\LDClient\HIPS\x64\sqlite3.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 002217984 _____ (Apache Software Foundation) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\log4cxx.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 006531584 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Core.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 006759936 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Widgets.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 017939968 _____ (M-SIX) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Viewer.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000244736 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Xml.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 001443328 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Network.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 007794688 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Gui.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000389120 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5PrintSupport.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Concurrent.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000249344 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\Qt5Sql.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000069120 _____ () [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\zlib1.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 002082304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\LIBEAY32.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 001452032 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\platforms\qwindows.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000267776 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\imageformats\qjpeg.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000983552 _____ (The Qt Company Ltd) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\sqldrivers\qsqlite.dll
2019-02-06 13:02 - 2019-02-06 13:02 - 000384512 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Users\RSB3\AppData\Local\VEO\app-6.7.3\ssleay32.dll
2018-12-11 09:58 - 2018-12-11 09:58 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll
2018-12-11 09:57 - 2018-12-11 09:57 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2018-12-11 09:57 - 2018-12-11 09:57 - 000000000 ____LMicrosoft Corporation C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2018-08-14 13:52 - 2018-08-14 13:52 - 001325568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\LIBEAY32.dll
2018-05-04 10:48 - 2018-10-17 11:39 - 001325568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\LIBEAY32.dll
2018-05-04 10:48 - 2018-10-17 11:39 - 000348160 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\SSLEAY32.dll
2018-05-04 10:48 - 2018-10-02 19:04 - 000695296 _____ (The curl library, hxxps://curl.haxx.se/) [File not signed] C:\Program Files (x86)\LANDesk\LDClient\curllib.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 003084800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Quick.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 004571648 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Widgets.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000438272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5WinExtras.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 005139968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Gui.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 002950144 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Qml.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 002234880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Network.dll
2019-03-11 09:39 - 2019-02-01 10:55 - 005010944 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 001181184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\platforms\qwindows.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000124928 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\styles\qwindowsvistastyle.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000026112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qico.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000020992 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\imageformats\qsvg.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000259584 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\Qt5Svg.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick.2\qtquick2plugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000729088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000073216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000179712 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Dialogs\dialogplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\Window.2\windowplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000014848 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQml\Models.2\modelsplugin.dll
2019-03-11 09:39 - 2019-02-01 10:56 - 000101888 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\Malwarebytes\Anti-Malware\QtQuick\PrivateWidgets\widgetsplugin.dll
2018-08-14 13:52 - 2018-08-14 13:52 - 001522176 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\LIBEAY32MTFIPS.dll
2018-08-14 13:52 - 2018-08-14 13:52 - 000348672 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\LANDesk\Shared Files\SSLEAY32MTFIPS.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\...\sharepoint.com -> hxxps://hpcc2013-files.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-09-29 06:46 - 2017-09-29 06:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2018-03-04 10:12 - 2018-03-04 10:12 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\130\Tools\Binn\;C:\Program Files\Microsoft SQL Server\130\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\Client SDK\ODBC\130\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\140\Tools\Binn\ManagementStudio\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2576040663-2932046221-3539300486-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-2903611290-4059586168-1443931954-5841391\Control Panel\Desktop\\Wallpaper -> C:\Users\RSB3\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-80-1985561900-798682989-2213159822-1904180398-3434236965\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 172.20.10.47
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run: => "BbInstallUser"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{145EBA52-C6B5-4059-95DC-60AFE33949EB}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{8E24E561-4365-46F6-A09A-0FD86B5DDBAB}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [TCP Query User{1EE91558-87B0-476D-A70B-857457A2EC87}C:\programdata\rsb3\veo\app-6.6.32\veo.exe] => (Allow) C:\programdata\rsb3\veo\app-6.6.32\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{B199D3A2-D81B-4667-9846-EE402849B60B}C:\programdata\rsb3\veo\app-6.6.32\veo.exe] => (Allow) C:\programdata\rsb3\veo\app-6.6.32\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [{43D977EB-6920-48B0-B748-1AA941E6B2B2}] => (Block) C:\programdata\rsb3\veo\app-6.6.32\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [{B1E93009-C20B-4F12-9A60-F7FDD9A0FDC2}] => (Block) C:\programdata\rsb3\veo\app-6.6.32\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [TCP Query User{ACB5021C-9097-44E5-B028-2C908E37E1EA}C:\users\rsb3\appdata\local\veo\app-6.6.43\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.6.43\veo.exe No File
FirewallRules: [UDP Query User{6833EBB4-3430-4292-9044-E8A4994A86CD}C:\users\rsb3\appdata\local\veo\app-6.6.43\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.6.43\veo.exe No File
FirewallRules: [TCP Query User{D6E491CA-D4C6-4B55-8E56-0AA1151A6E03}C:\users\rsb3\appdata\local\veo\app-6.6.53\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.6.53\veo.exe No File
FirewallRules: [UDP Query User{B9254FB7-E28C-40AA-A5DD-6474B70E3A5F}C:\users\rsb3\appdata\local\veo\app-6.6.53\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.6.53\veo.exe No File
FirewallRules: [{7314F678-B4F6-4C59-83C4-6BE7317889DA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B3BEAB47-D0B0-46F3-822F-C86423346621}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3F3354C5-CAAF-45CA-A6BB-34B33DF6EC64}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{75104E39-2974-46F8-9E3F-B5BC0357374B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7B148235-54D0-471D-BA7D-158E401EDDEA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5E151095-A689-423F-BD89-D9D245CA3E3B}C:\program files\microsoft office\root\office16\lync.exe] => (Allow) C:\program files\microsoft office\root\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{A04696C7-880A-4083-AC3F-34EEC9BA40D0}C:\program files\microsoft office\root\office16\lync.exe] => (Allow) C:\program files\microsoft office\root\office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1A368783-AB09-4F4E-A078-9432394FB950}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{D5312C14-9E32-4D6E-8A07-57A2C176320E}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [TCP Query User{7BA906F6-B548-41CF-AE52-FFCA2406726C}C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{C7C7E75F-EC74-4D5B-8968-3BB822E29651}C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [TCP Query User{1692F1EE-A39D-4A2C-BF7F-37AAA2C3C3E4}C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{CA4055A1-846D-48BB-9C73-8D545689C2AA}C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.2\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [TCP Query User{0F82ACD0-1E68-476B-9ECC-E160196AE754}C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{02210028-42EF-4E26-961A-AA8CF3AF7336}C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [{DA394942-3615-49B5-8112-75ED09C4B556}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{DB85C8B8-0486-4FBC-B5D7-8FEBDD7F3DDF}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{D3994AAB-D27F-4781-A8A5-14CD4BE1CB4E}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{95461096-0B72-4E68-9757-25F6FBA11267}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{B4541E4D-4F35-496E-B051-2530794DD9BA}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{8F035A1C-903F-49E1-87C6-4E5F2CEE92B6}] => (Allow) C:\Windows\SysWOW64\cba\pds.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{191F009C-9414-48FD-8F60-0D8C12AB5A68}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{1136B6C8-126D-4BB1-8E3D-F46DFC9BBF07}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{30DF1EA6-24D3-4E2B-99C9-F01B4A41B578}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{3A951865-33AB-46CA-8D05-017C3D400200}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{ED81DF17-5E38-438B-A44A-5BF5F2010A72}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{E5337F19-3038-4BEC-9D41-D3E73D0BB6C5}] => (Allow) C:\Windows\SysWOW64\msgsys.exe (LANDesk Software Ltd.) [File not signed]
FirewallRules: [{E5DE0174-5B72-42D6-A1D2-DBFC046DEE31}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{CED40E2F-1D41-4BA9-99C3-3D418F357B26}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{294493F0-8167-47FF-B9C1-EA220EF41395}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{929EDC7A-5FA8-46B8-B8C3-3035540FCEB0}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [TCP Query User{1968B3F1-D69F-46DC-BD33-3075D72BEB3D}C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [UDP Query User{EC50A1B9-7DAA-4524-9072-21C9A9AD9DBD}C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe] => (Allow) C:\users\rsb3\appdata\local\veo\app-6.7.3\veo.exe (M-SIX Technology Inc -> M-SIX)
FirewallRules: [{92B3C974-8D3D-43B4-BD8A-45CAABEDEB22}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{31D5AED2-9981-4F8C-82E8-DAB44BF1FB49}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{A4907231-00E1-4DDC-A306-885F3395583D}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{A1BB6659-396C-4EED-B957-4676194760EB}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{4CD4ECDE-879D-4F89-89A1-4BA36368C015}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{1D5D869B-13D6-4868-BB51-D9C4AE2CB3C3}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{99E178A4-E57F-40A6-B383-1F77444A2A38}] => (Allow) C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{B69ACAB5-1D22-4CFC-BFE0-5547FA4DED2C}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe (LANDesk Software, Inc. -> Ivanti)
FirewallRules: [{C1DC8F82-39A7-4198-AA84-1EBE3228C316}] => (Allow) C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe (LANDesk Software, Inc. -> Ivanti)
==================== Restore Points =========================
18-02-2019 06:54:29 Windows Update
01-03-2019 07:08:30 Scheduled Checkpoint
08-03-2019 07:26:44 Scheduled Checkpoint
13-03-2019 07:06:21 Windows Update
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/13/2019 01:24:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
Error: (03/13/2019 10:43:18 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
Error: (03/13/2019 10:35:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
Error: (03/13/2019 10:32:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
Error: (03/13/2019 10:21:14 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
Error: (03/13/2019 10:14:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
Error: (03/13/2019 09:09:54 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\RSB3\Desktop\audacity-win-2.1.3\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_fb3d9bff3069e088.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.590_none_42ead2d644e6098e.manifest.
Error: (03/13/2019 07:06:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "SQLAgent$SQLEXPRESS" in DLL "perf-MSSQL13.SQLEXPRESS-sqlagtctr.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
System errors:
=============
Error: (03/13/2019 01:50:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/13/2019 01:50:17 PM) (Source: DCOM) (EventID: 10016) (User: HENSELPHELPS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HENSELPHELPS\RSB3 SID (S-1-5-21-2903611290-4059586168-1443931954-5841391) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/13/2019 01:41:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/13/2019 01:41:46 PM) (Source: DCOM) (EventID: 10016) (User: HENSELPHELPS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HENSELPHELPS\RSB3 SID (S-1-5-21-2903611290-4059586168-1443931954-5841391) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/13/2019 01:02:17 PM) (Source: DCOM) (EventID: 10016) (User: HENSELPHELPS)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user HENSELPHELPS\RSB3 SID (S-1-5-21-2903611290-4059586168-1443931954-5841391) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/13/2019 10:33:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/13/2019 10:33:16 AM) (Source: DCOM) (EventID: 10016) (User: HENSELPHELPS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user HENSELPHELPS\RSB3 SID (S-1-5-21-2903611290-4059586168-1443931954-5841391) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/13/2019 09:09:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
CodeIntegrity:
===================================
Date: 2019-03-13 06:07:55.069
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-03-13 06:07:54.311
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-03-13 06:07:53.862
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-03-13 06:07:53.439
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-03-13 06:07:51.670
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-03-13 06:07:50.852
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-03-13 06:07:49.982
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2019-03-13 06:07:49.398
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i7-7660U CPU @ 2.50GHz
Percentage of memory in use: 57%
Total physical RAM: 16309.2 MB
Available physical RAM: 6910.07 MB
Total Virtual: 32693.2 MB
Available Virtual: 18921.32 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:470.11 GB) (Free:137.32 GB) NTFS
\\?\Volume{ed68a83a-9cbe-4abb-88d7-464e666a6e80}\ (Recovery) (Fixed) (Total:4.75 GB) (Free:4.35 GB) NTFS
\\?\Volume{63588870-3a9d-4255-925d-64b3aefd9697}\ (BOOT) (Fixed) (Total:1.95 GB) (Free:1.92 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: FD27C405)
Partition: GPT.
==================== End of Addition.txt ============================