Jump to content

Buck

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. -Log Details- Scan Date: 8/19/18 Scan Time: 8:57 AM Log File: 7214712a-a3af-11e8-a0b8-00059a3c7a00.json -Software Information- Version: 3.5.1.2522 Components Version: 1.0.421 Update Package Version: 1.0.6397 License: Free -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: ONSTAR\NZH2LQ -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 350359 Threats Detected: 3 Threats Quarantined: 3 Time Elapsed: 5 min, 45 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 2 PUM.Optional.WindowsToolDisabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DISABLECONFIG, Replace-on-Reboot, [12998], [293254],1.0.6397 PUM.Optional.WindowsToolDisabled, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DISABLECONFIG, Replace-on-Reboot, [12998], [293254],1.0.6397 Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 PUP.Optional.Reimage, C:\USERS\NZH2LQ\DOWNLOADS\REIMAGEREPAIR (1).EXE, Delete-on-Reboot, [1370], [331559],1.0.6397 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018 01 Ran by NZH2LQ (19-08-2018 09:11:01) Running from C:\Users\nzh2lq\Downloads Windows 7 Enterprise Service Pack 1 (X64) (2016-03-11 11:34:04) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Guest (S-1-5-21-3038070222-248648148-3247118140-501 - Limited - Disabled) localadmin (S-1-5-21-3038070222-248648148-3247118140-500 - Administrator - Enabled) => C:\Users\localadmin SMSNomadP2P& (S-1-5-21-3038070222-248648148-3247118140-1004 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee VirusScan Enterprise (Enabled - Up to date) {1006DC03-1FB1-9E52-7C81-F2FAB48962E3} AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {AB673DE7-398B-91DC-4631-C988CF0E285E} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 1E NomadBranch x64 (HKLM\...\{7EF6EBBB-38EC-4AFA-B3EB-B3DC50199FC0}) (Version: 6.3.100 - 1E) 64 Bit HP CIO Components Installer (HKLM\...\{30689060-43BD-46E9-8A54-E6CDB18AAB88}) (Version: 20.2.1 - HP Inc.) Hidden Adobe Acrobat Reader 2017 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AE1108756300}) (Version: 17.011.30080 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated) Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated) Adobe Flash Player 30 ActiveX (HKLM-x32\...\{ECCB1019-16A6-49EF-A2F9-E85777C1C588}) (Version: 30.0.0.113 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM-x32\...\{FFD6FA27-3734-44C2-9BCE-4FA90F5CAA64}) (Version: 30.0.0.113 - Adobe Systems Incorporated) Adobe Shockwave Player 12.3 (HKLM-x32\...\{175D1C2E-CEF4-4909-901D-52AF3CD8ECD2}) (Version: 12.3.1.201 - Adobe Systems, Inc) AgentInstall64 (HKLM\...\{BF9489ED-B077-4EA3-9A72-3AE1DC96E6CD}) (Version: 14.6.0204.01004 - Symantec Corp.) Hidden AIPortalSetup (HKLM-x32\...\{146217F4-F38A-41D9-924F-05E76D8562A2}) (Version: 1.00.0000 - GM IT) ALM-Platform Loader 12.0x (HKLM-x32\...\{1E47548C-CDB4-487D-A1CF-8003DBE0C3DF}) (Version: 12.01.838.0 - HP) Archive Ingestion (HKLM-x32\...\{CF3BBE71-C27F-4CC4-8CA6-F16BC60021ED}) (Version: 1.00.0000 - General Motors) Autonomy_Agree (HKLM-x32\...\Autonomy_Agree) (Version: - ) Avecto Defendpoint Client (x64) 5.1.95 (HKLM\...\{CD335205-90FD-496F-8532-FB1FBF9141DB}) (Version: 5.1.95 - Avecto) Avecto Uninstall Program Utility (HKLM\...\CE17490-AvectoProgramUtil) (Version: 1.0 - ) BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden Brother Port Driver (HKLM-x32\...\{6768BCF7-474C-4428-9FC1-3C46969819D6}) (Version: 1.1.4.4 - Brother Industries Ltd.) Hidden Brother Printer Driver (HKLM-x32\...\{A17C3197-24C9-493B-BB9A-A73800A0B61A}) (Version: 1.6.0.1 - Brother Industries Ltd.) Hidden Brother Scanner Driver (HKLM-x32\...\{AE0056FC-36C2-4C09-B9BB-9111617914EA}) (Version: 1.0.11.11 - Brother Industries Ltd.) Hidden BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden CE13061_1_Outlook2013_DotOne (HKLM-x32\...\CE13061_1_Outlook2013) (Version: - ) CE13264_Visioviewer2013 (HKLM-x32\...\CE13264_Visioviewer2013) (Version: 1.0 - ) CE13310_CAPhsKB2520487 (HKLM-x32\...\CE13310_CAPhsKB2520487) (Version: - ) CE13368_AdobeSecurityBundle (HKLM\...\CE13368_AdobeSecurityBundle) (Version: 2016.01.04.0 - ) CE13368_AdobeSecurityBundle (HKLM-x32\...\CE13368_AdobeSecurityBundle) (Version: 2016.01.04.0 - ) CE13406_OracleJavaBundle (HKLM\...\CE13406_OracleJavaBundle) (Version: 2015.02.15.0 - ) CE13406_OracleJavaBundle (HKLM-x32\...\CE13406_OracleJavaBundle) (Version: 2015.02.15.0 - 2017.12.20) CE13453_ARTOOL (HKLM-x32\...\CE13453_ARTOOL) (Version: - ) CE14067_OfficeTemplates (HKLM-x32\...\CE14067_OfficeTemplates) (Version: 1.10 - ) CE14193_KB2852386 (HKLM\...\CE14193_KB2852386) (Version: - ) CE14193_KB2852386 (HKLM-x32\...\CE14193_KB2852386) (Version: - ) CE14363_MBAMv2_1 (HKLM\...\CE14363_MBAMv2_1) (Version: 1.0 - ) CE14363_MBAMv2_1 (HKLM-x32\...\CE14363_MBAMv2_1) (Version: 1.0 - ) CE14367_Boottime (HKLM\...\CE14367_Boottime) (Version: - ) CE14417_ITServiceCenter (HKLM-x32\...\CE14417_ITServiceCenter) (Version: - ) CE14450_Optimize16 (HKLM-x32\...\ce14450_optimize16) (Version: - ) CE14463_Hotfixes (HKLM-x32\...\CE14463_Hotfixes) (Version: - ) CE15026_WMF40 (HKLM-x32\...\CE15026_WMF40) (Version: - ) CE15043_AppVSP3Client (HKLM-x32\...\CE15043_AppVSP3Client) (Version: - ) CE15089_NextGenBrowser_P2 (HKLM\...\CE15089_NextGenBrowser_P2) (Version: 2015.06.02 - ) CE15089_NextGenBrowser_P2 (HKLM-x32\...\CE15089_NextGenBrowser_P2) (Version: 2015.06.02 - ) CE15179_AppVClientUI (HKLM-x32\...\CE15179_AppVClientUI) (Version: - ) CE15196-DST-Hotfix-KB3049874 (HKLM-x32\...\CE15196-DST-Hotfix-KB3049874) (Version: - ) CE15373-Hotfix-KB2444677 (HKLM-x32\...\CE15373-Hotfix-KB2444677) (Version: - ) CE15401_Skype4Biz (HKLM\...\CE15401_Skype4Biz) (Version: 1.0 - ) CE15401_Skype4Biz (HKLM-x32\...\CE15401_Skype4Biz) (Version: 1.0 - ) CE15430_PasswordExpCheck (HKLM-x32\...\CE15430_PasswordExpCheck) (Version: - ) CE15569_M4800VideoDriverUpdate (HKLM\...\CE15569_M4800VideoDriverUpdate) (Version: 10.18.14.4170 - ) CE15569_M4800VideoDriverUpdate (HKLM-x32\...\CE15569_M4800VideoDriverUpdate) (Version: 10.18.14.4170 - ) CE15754-DLP1252 (HKLM\...\CE15754-DLP1252) (Version: 12.5.2 - ) CE15754-DLP1252 (HKLM-x32\...\CE15754-DLP1252) (Version: 12.5.2 - ) CE15755_pdfxchange55 (HKLM\...\CE15755_pdfxchange55) (Version: 1.0 - ) CE15755_pdfxchange55 (HKLM-x32\...\CE15755_pdfxchange55) (Version: 1.0 - ) CE15814-AnyConnect41 (HKLM\...\CE15814-AnyConnect41) (Version: 4.1 - ) CE15814-AnyConnect41 (HKLM-x32\...\CE15814-AnyConnect41) (Version: 4.1 - ) CE15878-v1.0-FixSCCMAgent Schedule Task (HKLM-x32\...\CE15878-FixSCCM) (Version: - ) CE15896_IEResetTool (HKLM-x32\...\CE15896_IEResetTool) (Version: - ) CE15916-OfficeTemplate (HKLM-x32\...\CE15916-OfficeTemplate) (Version: 1.0 - ) CE15922-DNSDeDupe (HKLM-x32\...\CE15922-DNSDeDupe) (Version: - ) CE15946-DST-KB3093503 (HKLM-x32\...\CE15946-DST-KB3093503) (Version: - ) CE160006-UEV21SP1 (HKLM\...\CE160006-UEV21SP1) (Version: 2.1.637.0 - ) CE160006-UEV21SP1 (HKLM-x32\...\CE160006-UEV21SP1) (Version: 2.1.637.0 - ) CE16029-MNE400 (HKLM\...\CE16029-MNE400) (Version: 1.0 - ) CE16029-MNE400 (HKLM-x32\...\CE16029-MNE400) (Version: 1.0 - ) CE16040-WebexConRmv (HKLM-x32\...\CE16040-WebexConRmv) (Version: - ) CE16092-WSUS-Fix2 (HKLM-x32\...\CE16092-WSUS-Fix2) (Version: - ) CE16106-Office365-1 (HKLM-x32\...\CE16106-Office365) (Version: - ) CE16106-PostRestore (HKLM-x32\...\CE16106-PostRestore) (Version: - ) CE16106-PreCapture (HKLM-x32\...\CE16106-PreCapture) (Version: - ) CE16128-WinZip20 (HKLM\...\CE16128-WinZip20) (Version: 20.0.1 - ) CE16128-WinZip20 (HKLM-x32\...\CE16128-WinZip20) (Version: 20.0.1 - ) CE16164-IMEIDriver (HKLM-x32\...\CE16164-IMEIDriver) (Version: - ) CE16197-NCIT (HKLM\...\CE16197-NCIT) (Version: 1.0.5910.27464 - ) <==== ATTENTION CE16197-NCIT (HKLM-x32\...\CE16197-NCIT) (Version: 1.0.5910.27464 - ) <==== ATTENTION CE16203-WaitGMNet100 (HKLM\...\CE16203-WaitGMNet100) (Version: - ) CE16228-BSOD-Fix (HKLM-x32\...\CE16228-BSOD-Fix) (Version: - ) CE16241-IEDictionary (HKLM-x32\...\CE16241-IEDictionary) (Version: - ) CE16261-CadillacFonts (HKLM\...\CE16261-CadillacFonts) (Version: 1.111 - ) CE16261-CadillacFonts (HKLM-x32\...\CE16261-CadillacFonts) (Version: 1.111 - ) CE16265-BadgePrintPCL (HKLM-x32\...\CE16265-BadgePrintPCL) (Version: - ) CE16368-AppV51Client (HKLM-x32\...\CE16368-AppV51Client) (Version: - ) CE16397-RebootReminder (HKLM\...\CE16397-RebootReminder) (Version: 2.00.0003 - ) CE16397-RebootReminder (HKLM-x32\...\CE16397-RebootReminder) (Version: 2.00.0003 - ) CE16412-WMF5 (HKLM\...\CE16412-WMF5) (Version: 2016.07.20 - ) CE16412-WMF5 (HKLM-x32\...\CE16412-WMF5) (Version: 2016.07.20 - ) CE16416-WiFiDriverUpgrade15 (HKLM\...\CE16416-WiFiDriverUpgrade15) (Version: 18.33.3.2 - ) CE16416-WiFiDriverUpgrade15 (HKLM-x32\...\CE16416-WiFiDriverUpgrade15) (Version: 18.33.3.2 - ) CE16472-ZonaFonts (HKLM\...\CE16472-ZonaFonts) (Version: 1.1 - ) CE16472-ZonaFonts (HKLM-x32\...\CE16472-ZonaFonts) (Version: 1.1 - ) CE16473-LatoFonts (HKLM\...\CE16473-LatoFonts) (Version: 1.1 - ) CE16473-LatoFonts (HKLM-x32\...\CE16473-LatoFonts) (Version: 1.1 - ) CE16474-IMEIDriverUpdate (HKLM-x32\...\CE16474-IMEIDriverUpdate) (Version: - ) CE16488-NVIDIA36277 (HKLM\...\CE16488-NVIDIA36277) (Version: 10.18.13.6277 - ) CE16488-NVIDIA36277 (HKLM-x32\...\CE16488-NVIDIA36277) (Version: 10.18.13.6277 - ) CE16524-SSPR111231 (HKLM-x32\...\CE16524-SSPR111231) (Version: 11.1.2.3.1 - ) CE16654-PDFXChangeProV6 (HKLM-x32\...\CE16654-PDFXChangeProV6) (Version: 6.0.318.1 - ) CE17001-DLP14501 (HKLM\...\CE17001-DLP14501) (Version: 14.5.01 - ) CE17036-hotfix (HKLM-x32\...\CE17036-hotfix) (Version: - ) CE17158-Bitlocker (HKLM-x32\...\CE17158-Bitlocker) (Version: 1.0 - ) CE17158-BitlockerRecKeyCheck (HKLM\...\CE17158-BitlockerRecKeyCheck) (Version: 1.1 - ) CE17158-BitlockerRecKeyCheck (HKLM-x32\...\CE17158-BitlockerRecKeyCheck) (Version: 1.1 - ) CE17167-SyncOverlays (HKLM-x32\...\CE17167-SyncOverlays) (Version: 1.0 - ) CE17196-AdobeSecurityBundle (HKLM-x32\...\CE17196-AdobeSecurityBundle) (Version: 2018.06.07.0 - ) CE17249-AnyConnect44 (HKLM-x32\...\CE17249-AnyConnect44) (Version: 4.4 - ) CE17260_Agree (HKLM-x32\...\CE17260_Agree) (Version: - ) CE17260_Autonomy (HKLM-x32\...\CE17260_Autonomy) (Version: - ) CE17279-ConfigureDellAudio (HKLM-x32\...\CE17279-ConfigureDellAudio) (Version: - ) CE17323-LMS-Update (HKLM-x32\...\CE17323-LMS-Update) (Version: 1.0 - ) CE17329-MNE411 (HKLM\...\CE17329-MNE411) (Version: 1.0 - ) CE17329-MNE411 (HKLM-x32\...\CE17329-MNE411) (Version: 4.1.1 - ) CE17373-ITHELPICON (HKLM-x32\...\CE17373-ITHELPICON) (Version: - ) CE17412-AzureADPatch (HKLM-x32\...\CE17412-AzureADPatch) (Version: 2.0.0.0 - ) CE17454-AccessAgent (HKLM-x32\...\CE17454-AccessAgent) (Version: 08.02.20232 - ) CE17464-EnCase (HKLM-x32\...\CE17464-EnCase) (Version: 1.02.00.38 - ) CE17517-IntelWIFI1960Update (HKLM-x32\...\CE17517-IntelWIFI1960Update) (Version: 18.33.7.2 - ) CE17577-Java8u131 (HKLM-x32\...\CE17577-Java8u131) (Version: 8.0.1310.34 - ) <==== ATTENTION CE17586-DotNet47 (HKLM-x32\...\CE17586-DotNet47) (Version: 4.7.02053 - ) CE17634-AdobeAcrobatReader2017 (HKLM-x32\...\CE17634-AdobeAcrobatReader2017) (Version: 17.011.30065 - ) CE17815-Hotfix (HKLM-x32\...\CE17815-Hotfix) (Version: 1.0 - ) CE17833-LAPS (HKLM-x32\...\CE17833-LAPS) (Version: 6.2.0.0 - ) CE17834-USB30DRIVER (HKLM-x32\...\CE17834-USB30DRIVER) (Version: 5.0.4.43 - ) CE17854-WIREDNICUpdate20 (HKLM-x32\...\CE17854-WIREDNICUpdate20) (Version: 12.15.25.6 - ) CE18012-ITSoftwareCenter (HKLM-x32\...\CE18012-ITSoftwareCenter) (Version: 1.1.2 - ) CE18017-ChevyDurantLouisFontv2 (HKLM-x32\...\CE18017-ChevyDurantLouisFontv2) (Version: 1.0 - ) CE18021-HighSecurityPatch (HKLM-x32\...\CE18021-HighSecurityPatch) (Version: 1.0 - ) CE18025-DLP1460MP2 (HKLM-x32\...\CE18025-DLP1460MP2) (Version: 14.6.0204 - ) CE18040-MNE413 (HKLM-x32\...\CE18040-MNE413) (Version: 4.1.3.1 - ) CE18041-Visual-C++-2017 (HKLM-x32\...\CE18041-Visual-C++-2017) (Version: 14.12.25810 - ) CE18046-VMWareHVC47 (HKLM-x32\...\CE18046-VMWareHVC47) (Version: 4.7.0.11074 - ) CE18047-AzureInfoProtect (HKLM-x32\...\CE18047-AzureInfoProtect) (Version: 1.26.6.0 - ) CE18062-WiredPlcyRllBck (HKLM-x32\...\CE18062-WiredPlcyRllBck) (Version: 1.0 - ) CE18063-PhishMeOutlookAddon (HKLM-x32\...\CE18063-PhishMeOutlookAddon) (Version: 3.1.4.0 - ) CE18076-8021xHotFix (HKLM-x32\...\CE18076-8021xHotFix) (Version: 1.0 - ) CE18078-MachineWirdRpr (HKLM-x32\...\CE18078-MachineWirdRpr) (Version: 1.0 - ) CE18090-DWASR (HKLM-x32\...\CE18090-DWASR) (Version: 1.0 - ) CE18097-NetCeaseTool (HKLM-x32\...\CE18097-NetCeaseTool) (Version: 1.0 - ) CE18098-RAMPMulticastSSL (HKLM-x32\...\CE18098-RAMPMulticastSSL) (Version: 1.0 - ) CE18111-PCDashboard (HKLM-x32\...\CE18111-PCDashboard) (Version: 2.2.0 - ) CE18120-AdobeReaderPatch80 (HKLM-x32\...\CE18120-AdobeReaderPatch80) (Version: 2017.011.30080 - ) CE18126-LegacyFWRemoval (HKLM-x32\...\CE18126-LegacyFWRemoval) (Version: 1.0 - ) Chevy Durant Louis Fonts (GM) (HKLM-x32\...\{69672448-B7FD-479D-B03E-A7FA6E4E794F}) (Version: 2.0.0 - GM) Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{24DFC698-B89E-441F-B7B5-DD456819BE9C}) (Version: 4.4.03034 - Cisco Systems, Inc.) Cisco AnyConnect ISE Posture Module (HKLM-x32\...\{9317038A-8547-41F1-B8EA-154CFF895610}) (Version: 4.4.03034 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.03034 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{EB629A98-5E69-40E8-BA9E-C393899F959D}) (Version: 4.4.03034 - Cisco Systems, Inc.) Hidden Cisco WebEx Document Loader (HKLM-x32\...\{C2E43871-6E12-4565-8872-BEEAFB1C33AC}) (Version: 1.0 - Cisco WebEx LLC) Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{BD9555FF-C3B6-4654-BE94-C4E3EDD731D2}) (Version: 8.29.3202 - Cisco WebEx LLC) Cisco Webex Meetings (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) ClientHealth-AutoUpdate (HKLM\...\T16484-CH-AutoUpdate) (Version: 2.0.0.0 - ) Configuration Manager Client (HKLM\...\{5AB8B509-4D5A-47DA-A1D2-CDDC2A7D27E4}) (Version: 5.00.8577.1000 - Microsoft Corporation) Hidden Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.8.6.1 - Autonomy Corporation plc) ContactCard_Office2013 (HKLM-x32\...\{056B01E6-A418-4AB4-8D3B-1001E625090D}) (Version: 1.00.0000 - General Motors) ControlCenter4 (HKLM-x32\...\{9ADB625A-7F6D-4C48-9058-4767A55D5424}) (Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden CV15460-v1.0-IT Software Protocol Handler 2.0 (HKLM-x32\...\CV15460_ITSoftwareProtocol20) (Version: 1.0.0.0 - GM) Dell ControlVault Host Components Installer 64 bit (HKLM\...\{00E61C2A-E507-4662-8534-A0FA48F415AE}) (Version: 2.3.415.120 - Broadcom Corporation) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.) DeviceDetect (HKLM-x32\...\{FF45CD35-CEAA-4B57-81DA-8F215B9249CB}) (Version: 1.4.2.0 - Brother Industries Ltd.) Hidden Enterprise Architect (HKLM-x32\...\{3B5FBE90-8A0A-4978-A148-FA27EB6204D4}) (Version: 12.1.1230.9 - Sparx Systems) FixSCCMAgent (HKLM-x32\...\{371CD4F7-BD31-47BF-8B59-93BDE3E0F454}) (Version: 1.00.0000 - General Motors) GM Durant Louis Fonts (HKLM-x32\...\{A04CFF84-F125-49F4-99A3-050910640D30}) (Version: 1.00 - GM) GM Lato Fonts 1.0.1 (HKLM-x32\...\{62888448-9381-41BD-8E27-98993045847A}) (Version: 1.0.1 - GM) GM Network Connection Info (HKLM-x32\...\{737147C4-758F-408F-BA70-02FA9BB34AFA}) (Version: 1.0.5910.27464 - General Motors) GM Zona Pro Fonts 1.0.1 (HKLM-x32\...\{D6D62470-560D-43A0-A72D-5606FC06F724}) (Version: 1.0.1 - GM) GM_Office_Templates (HKLM-x32\...\{0FF1CE13-621F-4D24-A63F-4ACB35F37110}) (Version: 1.10.0001 - GM) GM-CadillacFonts (HKLM-x32\...\{C755C7A0-6D62-4B99-B519-9808882E8D71}) (Version: 1.111 - General Motors) GMCMTimer (HKLM-x32\...\{F6E42E80-46AB-4375-AAF4-F12CB35F53A2}) (Version: 2.00.0004 - General Motors) Hidden GME Fonts (HKLM-x32\...\{43387746-989B-4F7A-9F5F-222290AC4163}) (Version: 1.00.0000 - General Motors) GMSansFonts (HKLM-x32\...\{BC7DAB1D-8727-4A56-A8E2-255B453B9E62}) (Version: 1.0.0 - General Motors) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel(R) Network Connections 22.7.18.0 (HKLM\...\PROSetDX) (Version: 22.7.18.0 - Intel) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation) Internet Explorer (HKLM-x32\...\{D7C6758C-F5B3-4853-B929-325DADAB028F}) (Version: 9 - Microsoft Corporation) Hidden ISAM ESSO AccessAgent (HKLM\...\{07721473-92B7-4D90-A092-E12D17EBFAC0}) (Version: 08.02.20232 - IBM Corp.) IT Software Installer (HKLM-x32\...\{31768082-7EB2-4E44-9EC7-D028839B915A}) (Version: 1.1.2 - General Motors) Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075F0}) (Version: 7.0.750 - Oracle) Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075F0}) (Version: 7.0.750 - Oracle) Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.34 - Oracle Corporation) Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.34 - Oracle Corporation) Java(TM) 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045F0}) (Version: 6.0.450 - Oracle) Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045F0}) (Version: 6.0.450 - Oracle) Local Administrator Password Solution (HKLM\...\{EA8CB806-C109-4700-96B4-F1F268E5036C}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes) McAfee Agent (HKLM\...\{265FA622-A254-49fb-B380-D9EF9ABFD32D}) (Version: 5.0.5.658 - McAfee, Inc.) McAfee Data Exchange Layer (HKLM\...\{48F152B8-17F4-467F-A65B-49A2A271FA27}) (Version: 3.1.601.0 - McAfee, Inc.) Hidden McAfee Data Exchange Layer (HKLM-x32\...\{d14da861-f859-4506-8497-ebcb682bbca8}) (Version: 3.1.0.601 - McAfee, Inc.) McAfee Management of Native Encryption (HKLM-x32\...\{5276bed0-09a0-4417-a371-906ca1a20697}) (Version: 4.1.3.1 - McAfee, LLC) McAfee Threat Intelligence Exchange module for VSE (HKLM\...\{CB4BEBDB-7B09-4312-B169-602285BA5B29}) (Version: 1.0.3.121 - McAfee, Inc.) McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.09000 - McAfee, Inc.) McAfee/Tanium Real Time Client 2.0.1.1190 (HKLM-x32\...\McAfee Real Time Client) (Version: 2.0.1.1190 - McAfee, Inc. and Tanium Inc.) Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Application Virtualization (App-V) Client (HKLM-x32\...\{b08e77c6-988d-429f-ac06-9a32121a361c}) (Version: 5.1.86.0 - Microsoft Corporation) Microsoft App-V 5.0 Client UI (HKLM-x32\...\{8ED072BE-EF70-448C-8F88-DE4A8BD101C0}) (Version: 5.0.4001.0 - Microsoft Corporation) Microsoft Azure Information Protection (HKLM-x32\...\{b5b8c580-ec05-4974-b20f-ceb9c7806915}) (Version: 1.26.6.0 - Microsoft Corporation) Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2250 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation) Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation) Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProXVolume - en-us) (Version: 16.0.8431.2250 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\Teams) (Version: 1.0.00.19451 - Microsoft Corporation) Microsoft User Experience Virtualization Agent (HKLM\...\{8CE81DCD-C208-4922-A6F0-45725E1601BB}) (Version: 2.1.637.0 - Microsoft Corporation) Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProXVolume - en-us) (Version: 16.0.8431.2250 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation) Microsoft Workplace Join for Windows (HKLM\...\{150031D8-2323-4BA8-9F52-D6E5190D1CBA}) (Version: 2.1.0.0 - Microsoft Corporation) Mnemosyne 2.4 (HKLM-x32\...\Mnemosyne_is1) (Version: - ) Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden NVIDIA 3D Vision Driver 362.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.77 - NVIDIA Corporation) NVIDIA Graphics Driver 362.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.77 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation) NVIDIA nView 147.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 147.00 - NVIDIA Corporation) NVIDIA WMI 2.25.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.25.0 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2250 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden Optimize 1.6 (GM) 64 Bit (HKLM\...\{02F7B900-E227-47D7-AEB8-568A2D65506F}) (Version: 1.6.0 - General Motors) Oracle Enterprise Single Sign-On Password Reset (HKLM\...\{0C53F578-9620-45CB-B19E-52745E50D90E}) (Version: 11.1.2.3.1 - Oracle) Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation) P08012-WindowsFirewall (HKLM-x32\...\P08012-WindowsFirewall) (Version: 1.5 - ) P11003_Win7IEReg (HKLM\...\P11003_Win7IEReg) (Version: 1.0 - ) P11015_Perfmon_Pre_Requisites_1_2 (HKLM\...\P11015_Perfmon_Pre_Requisites_1_2) (Version: 1.2 - ) P11053_DesktopIcons (HKLM\...\P11053_DesktopIcons) (Version: - ) P11057_IExplorer9 (HKLM-x32\...\P11057_IExplorer9) (Version: - ) P11060_regsetting (HKLM\...\P11060_regsetting) (Version: 1.0 - ) P11100_ITSC (HKLM-x32\...\P11100_ITSC) (Version: - ) P12015_SP1Hotfixes (HKLM\...\P12015_SP1Hotfixes) (Version: - ) P12022_SPandHLfix (HKLM-x32\...\P12022_SPandHLfix) (Version: 1.0 - ) P12055_BitLockerTPM300 (HKLM\...\P12055_BitLockerTPM300) (Version: 1.0 - ) P12055_BitLockerTPM300 (HKLM-x32\...\P12055_BitLockerTPM300) (Version: 1.0 - ) P12066_OutlookMailClient (HKLM-x32\...\P12066_OutlookMailClient_DotOne) (Version: - ) PC Dashboard (HKLM-x32\...\{E49035AD-14F1-4A9A-8609-E5648F2B9CC9}) (Version: 2.2.0 - General Motors) PC-FAXReceive (HKLM-x32\...\{DD40894F-7575-4905-90AB-695FD827E358}) (Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden PCFaxTx (HKLM-x32\...\{63530B2D-3A34-4D79-A52D-F3EB5D99A7C1}) (Version: 1.1.1.1 - Brother Industries Ltd.) Hidden PDF-XChange PRO V6 (HKLM\...\{2AFB88EB-3C17-470A-8063-26125FACD62A}) (Version: 6.0.318.1 - Tracker Software Products (Canada) Ltd.) PhishMe Reporter (HKLM-x32\...\{5E35BE91-27F5-4842-A9A7-B291D32B4B97}) (Version: 3.1.4.0 - PhishMe, Inc.) Postman-win64-4.10.7 (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\Postman) (Version: 4.10.7 - Postman) RAMPMulticastPlusReceiver 1.9.0 (HKU\.DEFAULT\...\{596EB59A-1095-4345-9DF6-04A19C703D91}_is1) (Version: 1.9.0 - Ramp Holdings, Inc) Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.) RemoteSetup (HKLM-x32\...\{BDD8C463-1183-4A91-9EC8-BF68E4ECA9B6}) (Version: 3.9.2.1 - Brother Industries Ltd.) Hidden SAFE Servlet (HKLM-x32\...\{E39C38FC-343C-4D3D-8DCA-681C7FF8518A}) (Version: 1.02.00.38 - Guidance Software) Hidden ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden Skype Meetings App (HKLM-x32\...\{E8E6D26B-382E-43C8-91BA-AB8DF2CD0C10}) (Version: 16.2.0.194 - Microsoft Corporation) SoapUI 5.2.1 5.2.1 (HKLM\...\5517-2803-0637-4585) (Version: 5.2.1 - SmartBear Software) ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics) StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden T16484_2018_B-Client Health (HKLM\...\T16484_2018_B-ClientHealth) (Version: 7.0.6747.18450 - ) Tanium Client 6.0.314.1540 (HKLM-x32\...\Tanium Client) (Version: 6.0.314.1540 - Tanium Inc.) Telerik Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.3.44034 - Telerik) TortoiseSVN 1.9.5.27581 (64 bit) (HKLM\...\{1655E9E4-04C9-414E-8581-6D1162DFB802}) (Version: 1.9.27581 - TortoiseSVN) UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden VMware Horizon Client (HKLM\...\{692784AA-FB71-48FF-B628-CEDAEAF5AD2D}) (Version: 4.7.0.11074 - VMware, Inc.) Hidden VMware Horizon Client (HKLM-x32\...\{8cb8771d-2036-4a12-ad5e-ffc7033f6d27}) (Version: 4.7.0.11074 - VMware, Inc.) VMware Horizon HTML5 Multimedia Redirection Client (HKLM\...\{810F152B-2D43-4B83-93CB-59DBCED47DA8}) (Version: 1.0.0.32813 - VMware, Inc.) Hidden VMware Horizon Media Engine 4.0.0.472 (64-bit) (HKLM\...\{4B556185-F57B-4F32-87EE-889C5DB30689}) (Version: 4.0.0.472 - VMware, Inc.) Hidden VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.) VPN Map Drive 3.1.0 (HKLM-x32\...\{F444F904-CCBE-475F-9E04-C1E277E4F477}) (Version: 3.1.0 - GMOL) Wait For GM Network (HKLM-x32\...\{8DC2831A-5A8D-4738-99C3-045BC8AA017D}) (Version: 1.2.0 - General Motors) Webex (HKLM-x32\...\{F892F885-138E-4937-844E-3D26619D53BA}) (Version: 1.0 - GMOL) WebEx Productivity Tools (HKLM-x32\...\{38FFB68E-9EDC-40E9-8B7B-197631EB1973}) (Version: 2.40.6000.10050 - Cisco WebEx LLC) Webmail (HKLM-x32\...\{5E60CA90-FA07-4320-8B95-12F582333BB7}) (Version: 1.0 - GMOL) Windows Driver Package - Intel (NETwNs64) net (04/30/2015 15.11.0.9) (HKLM\...\3A0A5AE912CC81290DB2E472F7DC4CF387C36211) (Version: 04/30/2015 15.11.0.9 - Intel) Windows Driver Package - Intel (NETwNs64) net (04/30/2015 15.17.0.1) (HKLM\...\6215B44C20BCFEEA55D04A5A510C7994E3C7E28F) (Version: 04/30/2015 15.17.0.1 - Intel) Windows Driver Package - Intel (NETwNs64) net (05/03/2016 18.33.3.2) (HKLM\...\F92EDE49C52942811B20D46BDF1AA577D5602A29) (Version: 05/03/2016 18.33.3.2 - Intel) Windows Driver Package - Intel (NETwNs64) net (05/19/2016 18.40.4.2) (HKLM\...\4419AF854EE5ACEB14D99F14BA8B3798E70D8F43) (Version: 05/19/2016 18.40.4.2 - Intel) WinSCP 5.9.2 (HKLM-x32\...\winscp3_is1) (Version: 5.9.2 - Martin Prikryl) WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. ) WPTx64 (HKLM-x32\...\{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}) (Version: 8.100.25984 - Microsoft) XML Notepad (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\8a1eab838c2c5789) (Version: 2.7.1.5 - Chris Lovett) XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\nzh2lq\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File CustomCLSID: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\nzh2lq\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.17186.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\nzh2lq\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.194\GatewayActiveX-x64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\nzh2lq\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.17186.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation) ShellIconOverlayIdentifiers: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ShellIconOverlayIdentifiers-x32: [ Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net) ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Notepad++\NppShell_06.dll [2016-03-28] () ContextMenuHandlers1: [PGExtension] -> {01ED801E-1A37-4434-A7DA-303ABC37B08C} => C:\Program Files\Avecto\Privilege Guard Client\PGExtension.dll [2018-01-15] (Avecto Ltd.) ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers1: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2017-03-30] (McAfee, Inc.) ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing, S.L.) ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-11-25] (VMware, Inc.) ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-11-25] (VMware, Inc.) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers4: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2017-03-30] (McAfee, Inc.) ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing, S.L.) ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2016-06-10] () ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-06-10] (NVIDIA Corporation) ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes) ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net) ContextMenuHandlers6: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2017-03-30] (McAfee, Inc.) ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing, S.L.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {003CA2EB-18BF-40AE-B466-C849E9B528F6} - System32\Tasks\Reset-LAPS => powershell.exe -ExecutionPolicy bypass -file Reset-LAPS.ps1 <==== ATTENTION Task: {05341D34-BDDE-45D9-B1C8-36C856C8CF02} - System32\Tasks\GMOL-Perf-OptimizeFull => C:\deploy\Optimize\Optimize [Argument = /full] Task: {06EF3ECD-CD85-45EB-AD7A-EAA7E4CE228A} - System32\Tasks\BitlockerRecKeyCheck => C:\Windows\System32\wscript.exe //B C:\Deploy\CE17158-BitLockerCheck\BitlockerRecKeyCheck.vbs Task: {09DB0D56-337E-450F-847E-06E928EAE707} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-08] (Microsoft Corporation) Task: {0BE205AD-3B1E-4F2D-8BF0-22A299A5DE48} - System32\Tasks\Run_GMRebootReminder => C:\Program Files (x86)\General Motors\GMCMTimer2\gmcmtimer2.exe [2016-08-16] (General Motors) Task: {11149E59-7757-4E51-A082-54CEB6633353} - System32\Tasks\Environment Path Fix => powershell.exe -ExecutionPolicy bypass -file "\\ONSTAR\dfs\apps\Release Enhancements\GroupPolicy\EnvironmentPathFix\EnvironmentPathFix_v2.1.ps1" Task: {118DE7F8-32E2-43FF-A6A1-8F03A77F1353} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-27] (Microsoft Corporation) Task: {26D21B43-4C7B-4AE3-A68E-6229F48C044A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-27] (Microsoft Corporation) Task: {2A66B6D3-1B6E-4E93-A068-00F445DAAB24} - System32\Tasks\GMOL-Perf-Optimizestartup => C:\deploy\Optimize\Optimize [Argument = /startup] Task: {2A94A85D-F926-48EE-B082-5CEE9E485DF5} - System32\Tasks\update-S-1-5-21-3278618127-1622597835-2076919915-173286 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>) Task: {2E801A68-D5A0-4D8A-BBEE-BAB6FE13D06C} - System32\Tasks\OneDrive NGSC Migration Process => powershell.exe -ExecutionPolicy bypass -file C:\Deploy\GroupPolicy\OneDrive\d4df69c1-74ff-46a1-bb03-00445ba4c7a7.ps1 Task: {2FD42373-9B53-4325-B0B6-BF0C6C315772} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-08] (Microsoft Corporation) Task: {3757A1BE-FB13-4B3F-8271-BFF507EC8CFB} - System32\Tasks\FixSCCMv5.1 => Command(1): cmd.exe -> /c "(if Not Exist c:\Logs\FixSCCM md c:\Logs\FixSCCM)" Task: {3757A1BE-FB13-4B3F-8271-BFF507EC8CFB} - System32\Tasks\FixSCCMv5.1 => Command(2): cmd.exe -> /c "(Timeout /t 2) &amp;&amp; (Echo %Date% %Time% %ComputerName% &gt;&gt; c:\Logs\FixSCCM\FixSCCM.Log) &amp; (Taskkill /f /im ccmexec.exe) &amp; (net stop CcmExec &gt;&gt; c:\Logs\FixSCCM\FixSCCM.log) &amp; (net start CcmExec &gt;&gt; c:\Logs\FixSCCM\FixSCCM.log)" Task: {3B62F538-496F-4B18-BC45-A17F8F7D8291} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2017-11-08] (Microsoft Corporation) Task: {497CC12A-482C-4700-A19E-1EE9CABA0226} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-27] (Google Inc.) Task: {502CD86A-BCBF-4F6D-A66B-6EC54C8F35DF} - System32\Tasks\Microsoft\UE-V\Sync Controller Application => C:\Program Files\Microsoft User Experience Virtualization\Agent\Microsoft.Uev.SyncController.exe [2015-06-25] (Microsoft Corporation) Task: {5053EEAF-ECD9-43CD-B757-BBA2C4676B43} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection Task: {53461F32-2F66-4607-A036-37FE008650B5} - System32\Tasks\Explorer_Monitor => "explorer.exe" Task: {56BC94BA-0B7C-425E-8163-0A6DCCC635D2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-06-08] (Microsoft Corporation) Task: {5D165F0A-F745-4F9D-9476-8E7BF459626B} - System32\Tasks\BitlockerOn => C:\Windows\System32\wscript.exe //B C:\Deploy\MNE\BitLockerOn.vbs Task: {68CCF14D-79B3-417C-A394-69A996927E46} - System32\Tasks\Microsoft\Workplace Join\Automatic-Workplace-Join => C:\Program Files\Microsoft Workplace Join\AutoWorkplace.exe [2017-06-12] (Microsoft Corporation) Task: {7534521F-A196-4003-9FB2-CBB462A83030} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-14] () Task: {7C97C84D-99E1-4826-BCD5-7610764F802E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-27] (Google Inc.) Task: {7D053148-79BF-4CFC-B216-AEEDFEE69212} - System32\Tasks\Microsoft\UE-V\Synchronize Settings at Logoff => C:\Program Files\Microsoft User Experience Virtualization\Agent\Microsoft.Uev.SyncController.exe [2015-06-25] (Microsoft Corporation) Task: {7DA869AA-5984-4854-BCE7-866E8FF826C4} - System32\Tasks\GMOL-Perf-OptimizeQuick => C:\deploy\Optimize\Optimize [Argument = /Quick] Task: {7E2DE09D-940E-4AEF-8D7A-48C7BF31B003} - System32\Tasks\NETBIOS - disable => powershell.exe -ExecutionPolicy bypass -file C:\Deploy\GroupPolicy\NETBIOS\SwitchNetBios.ps1 -set disable Task: {8035F1C2-880D-454D-9CD4-A993CC8D86FA} - System32\Tasks\ClientHealth-AutoUpdate => C:\Program Files\GM IT Tools\ClientHealth\ClientHealthAutoUpdate.exe [2017-09-26] (General Motors) Task: {85C1B114-B426-4B25-BB02-FE5B29EF9BC4} - System32\Tasks\ConfigNetPolicy => C:\Deploy\WiredPolicyRollback\Deploy-Application.exe [2015-04-19] (PSAppDeployToolkit) Task: {8CA8920D-39F6-4E8F-A6F9-C77F1C31691E} - System32\Tasks\Microsoft\UE-V\Upload CEIP data => C:\Program Files\Microsoft User Experience Virtualization\Agent\UevSqmUploader.exe [2015-06-25] (Microsoft Corporation) Task: {962F7F6E-187A-4E3C-9A1E-D6699BFADDD4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-14] () Task: {A00E5665-F310-45B7-B15D-8E341C4A63B6} - System32\Tasks\TPM_Ownership => C:\Windows\System32\wscript.exe //B C:\Deploy\MNE\EnableBitlocker.vbs Task: {A48FB0BC-0679-46C1-9D96-CED6D273806C} - System32\Tasks\FINISHSCREENOFF => REG.EXE ADD HKLM\Software\Microsoft\Windows\Currentversion\Authentication\LogonUI\Background /V OEMBackground /T REG_DWORD /d 00000000 /f Task: {A8D2C618-9A3D-4FF2-A96F-D9761C91FC02} - System32\Tasks\RepairNetPolicy => C:\Deploy\MachineWiredRepair\Files\x64\ServiceUI.exe [2017-09-13] (Microsoft Corporation) Task: {B14B0E54-E31B-4EDE-9CC3-AD8232311CCB} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>) Task: {B938AAC0-BAC6-4E86-833F-695669B85E5D} - System32\Tasks\Microsoft\UE-V\Template Auto Update => C:\Program Files\Microsoft User Experience Virtualization\Agent\x64\ApplySettingsTemplateCatalog.exe [2015-06-25] (Microsoft Corporation) Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION Task: {CBA042FD-483A-4F63-ACC3-60A971ACACA4} - System32\Tasks\Boot Time => cscript.exe c:\deploy\boottime\boot_analysis.vbs /SLEEP:1800 Task: {CDE87C87-F00D-4E98-A266-E4368BD99573} - System32\Tasks\BitlockerOnCheck => C:\Windows\System32\wscript.exe //B C:\Deploy\MNE\BitLockerOnCheck.vbs Task: {D60EB475-04F3-497A-8F35-A95FD2981E27} - System32\Tasks\Microsoft\UE-V\Collect CEIP data => C:\Program Files\Microsoft User Experience Virtualization\Agent\UevSqmSession.exe [2015-06-25] (Microsoft Corporation) Task: {DAE6FBDA-C9FB-4363-910B-42F3AE2CCBED} - System32\Tasks\SD_Bitlocker_Reboot => C:\Windows\System32\wscript.exe //B C:\Deploy\CE17158-BitLockerCheck\SD_Bitlocker_Reboot.vbs Task: {DC7DB04D-725D-43DD-AEED-5EE9BD4CEF96} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-23] (Adobe Systems Incorporated) Task: {EA918F87-2376-4D43-8114-8A16D73C8C4D} - System32\Tasks\Launch_Explorer => Explorer.exe Task: {F40E16D3-B4E9-43C9-88C4-752223FAFDCC} - System32\Tasks\Microsoft\UE-V\Monitor Application Settings => C:\Program Files\Microsoft User Experience Virtualization\Agent\UevAppMonitor.exe [2015-06-25] (Microsoft Corporation) Task: {F85A1B73-9DD6-44ED-BD7D-7FD192942DF1} - System32\Tasks\P12066_OutlookMailClient => C:\DEPLOY\P12066_OutlookMailClient\P12066_OutlookMailClient.vbs [Argument = /Silent] (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\update-S-1-5-21-3278618127-1622597835-2076919915-173286.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) Shortcut: C:\Users\nzh2lq\Desktop\jm.bat - Shortcut.lnk -> D:\jmeter\apache-jmeter-2.13\bin\jm.bat () ShortcutWithArgument: C:\Users\nzh2lq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop ShortcutWithArgument: C:\Users\nzh2lq\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d5c17e1c574d23d\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop ShortcutWithArgument: C:\Users\Public\Desktop\Webmail.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://webmail.gm.com" ==================== Loaded Modules (Whitelisted) ============== 2016-03-11 07:28 - 2016-06-10 06:54 - 003167168 _____ () C:\WINDOWS\system32\nvwmi64.exe 2015-11-26 09:53 - 2015-11-26 09:53 - 000089088 _____ () C:\Program Files\IBM\ISAM ESSO\AA\zlibwapi.dll 2015-11-26 10:18 - 2015-11-26 10:18 - 000186880 _____ () C:\Program Files\IBM\ISAM ESSO\AA\GSKit\N\icc\icclib\icclib019.dll 2015-11-26 10:18 - 2015-11-26 10:18 - 001224704 _____ () C:\Program Files\IBM\ISAM ESSO\AA\GSKit\N\icc\osslib\libeay32IBM019.dll 2016-03-11 07:27 - 2016-06-10 02:24 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-05-01 07:38 - 2010-05-13 23:48 - 000192512 _____ () C:\WINDOWS\System32\zlhp1020.dll 2015-05-01 07:38 - 2010-05-13 23:48 - 000065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll 2017-11-17 22:43 - 2017-11-17 22:43 - 000349576 _____ () C:\Program Files\Windows\D56\edpa.exe 2017-11-17 22:43 - 2017-11-17 22:43 - 000050568 _____ () C:\Program Files\Windows\D56\cdh.dll 2016-03-29 19:14 - 2016-03-29 19:14 - 000104616 _____ () C:\Program Files\Windows\D56\boost_thread-vc100-mt-1_54.dll 2016-03-29 19:14 - 2016-03-29 19:14 - 000025768 _____ () C:\Program Files\Windows\D56\boost_system-vc100-mt-1_54.dll 2016-03-29 19:14 - 2016-03-29 19:14 - 000034984 _____ () C:\Program Files\Windows\D56\boost_chrono-vc100-mt-1_54.dll 2017-11-17 22:43 - 2017-11-17 22:43 - 000309640 _____ () C:\Program Files\Windows\D56\cm.DLL 2016-03-29 19:14 - 2016-03-29 19:14 - 000125096 _____ () C:\Program Files\Windows\D56\boost_filesystem-vc100-mt-1_54.dll 2017-11-17 22:43 - 2017-11-17 22:43 - 003765128 _____ () C:\Program Files\Windows\D56\asvc.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 000954248 _____ () C:\Program Files\Windows\D56\as.DLL 2017-11-17 22:44 - 2017-11-17 22:44 - 001086856 _____ () C:\Program Files\Windows\D56\scs.DLL 2017-11-17 22:44 - 2017-11-17 22:44 - 000297352 _____ () C:\Program Files\Windows\D56\tl.dll 2016-03-29 19:14 - 2016-03-29 19:14 - 000057000 _____ () C:\Program Files\Windows\D56\boost_date_time-vc100-mt-1_54.dll 2017-11-17 22:45 - 2017-11-17 22:45 - 000030088 _____ () C:\Program Files\Windows\D56\l10n\en_US.dll 2017-11-17 22:43 - 2017-11-17 22:43 - 000107400 _____ () C:\Program Files\Windows\D56\aqp.dll 2017-11-17 22:43 - 2017-11-17 22:43 - 001106312 _____ () C:\Program Files\Windows\D56\ntwc.DLL 2017-11-17 22:44 - 2017-11-17 22:44 - 000237960 _____ () C:\Program Files\Windows\D56\nfi.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 000379272 _____ () C:\Program Files\Windows\D56\caed.dll 2017-11-17 22:44 - 2017-11-17 22:44 - 001484168 _____ () C:\Program Files\Windows\D56\pp.DLL 2017-11-17 22:44 - 2017-11-17 22:44 - 000177032 _____ () C:\Program Files\Windows\D56\rtc.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 000160136 _____ () C:\Program Files\Windows\D56\msl.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 001081224 _____ () C:\Program Files\Windows\D56\disc.DLL 2016-03-29 19:14 - 2016-03-29 19:14 - 000790184 _____ () C:\Program Files\Windows\D56\boost_regex-vc100-mt-1_54.dll 2017-11-17 22:43 - 2017-11-17 22:43 - 001548680 _____ () C:\Program Files\Windows\D56\ih.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 002048392 _____ () C:\Program Files\Windows\D56\appc.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 000428424 _____ () C:\Program Files\Windows\D56\hmc.DLL 2017-11-17 22:44 - 2017-11-17 22:44 - 000598408 _____ () C:\Program Files\Windows\D56\ui.DLL 2017-11-17 22:44 - 2017-11-17 22:44 - 000470920 _____ () C:\Program Files\Windows\D56\sch.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 000788872 _____ () C:\Program Files\Windows\D56\fsc.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 000188296 _____ () C:\Program Files\Windows\D56\cdc.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 001086856 _____ () C:\Program Files\Windows\D56\amc.DLL 2017-11-17 22:44 - 2017-11-17 22:44 - 000343944 _____ () C:\Program Files\Windows\D56\qm.DLL 2017-11-17 22:44 - 2017-11-17 22:44 - 000672136 _____ () C:\Program Files\Windows\D56\PluginProxy.DLL 2017-11-17 22:43 - 2017-11-17 22:43 - 004272520 _____ () C:\Program Files\Windows\D56\dc.DLL 2017-11-17 22:45 - 2017-11-17 22:45 - 000124808 _____ () C:\Program Files\Windows\D56\IDMCoreDynLib.dll 2017-09-12 10:38 - 2017-09-12 10:38 - 003748352 _____ () C:\WINDOWS\system32\enstart64.exe 2017-04-24 17:39 - 2017-04-24 17:39 - 000218528 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe 2017-10-18 15:44 - 2017-10-18 15:44 - 002951584 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe 2018-03-01 13:11 - 2018-03-01 13:11 - 000046080 _____ () C:\Program Files (x86)\General Motors\IT Software Center\ITSC Service.exe 2017-03-23 19:43 - 2017-03-23 19:43 - 000558312 _____ () C:\Program Files\McAfee\Agent\sqlite.dll 2017-03-23 19:42 - 2017-03-23 19:42 - 000058376 _____ () C:\Program Files\McAfee\Agent\MXML.dll 2017-03-23 19:44 - 2017-03-23 19:44 - 000027920 _____ () C:\Program Files\McAfee\Agent\trex.dll 2017-03-23 19:11 - 2017-03-23 19:11 - 000152352 _____ () C:\Program Files\McAfee\Agent\libuv.dll 2017-03-23 19:46 - 2017-03-23 19:46 - 000120872 _____ () C:\Program Files\McAfee\Agent\zlib.dll 2017-03-23 19:10 - 2017-03-23 19:10 - 000033552 _____ () C:\Program Files\McAfee\Agent\libini.dll 2018-07-24 16:10 - 2017-12-05 11:17 - 000012800 _____ () C:\Program Files (x86)\RAMPMulticastPlusReceiver\RAMPMulticastPlusReceiverService.exe 2017-11-17 22:43 - 2017-11-17 22:43 - 000390536 _____ () C:\Program Files\Windows\D56\wdp.exe 2016-03-29 18:41 - 2016-03-29 18:41 - 000068096 _____ () C:\Program Files\Windows\D56\Verity\kvthread.dll 2016-08-22 14:55 - 2016-08-22 14:55 - 004914112 _____ () C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe 2017-11-17 22:43 - 2017-11-17 22:43 - 000262536 _____ () C:\Program Files\Windows\D56\fom64.dll 2017-11-17 22:44 - 2017-11-17 22:44 - 000284552 _____ () C:\Program Files\Windows\D56\pom64.dll 2017-07-25 13:15 - 2018-03-14 09:12 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll 2016-11-26 14:48 - 2016-11-26 14:48 - 000095184 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll 2017-11-17 22:43 - 2017-11-17 22:43 - 002665864 _____ () C:\WINDOWS\system32\cui.exe 2017-11-17 22:44 - 2017-11-17 22:44 - 000286600 _____ () C:\Program Files\Windows\D56\chrm64.dll 2017-11-17 22:43 - 2017-11-17 22:43 - 000426376 _____ () C:\Program Files\Windows\D56\clpbm64.dll 2018-08-08 14:24 - 2018-08-07 20:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll 2018-08-08 14:24 - 2018-08-07 20:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll 2017-11-17 22:44 - 2017-11-17 22:44 - 000210824 _____ () C:\Program Files\Windows\D56\brkrprcs64.exe 2018-08-19 08:56 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2017-05-17 09:16 - 2017-05-17 09:16 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll 2017-04-05 00:15 - 2017-04-05 00:15 - 000079256 _____ () C:\Program Files (x86)\Autonomy\Connected BackupPC\SDK8.dll 2017-07-25 13:15 - 2018-03-14 09:12 - 008928968 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll 2017-04-24 17:39 - 2017-04-24 17:39 - 000230304 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll 2017-11-20 14:03 - 2017-11-20 14:03 - 000666216 _____ () C:\Program Files (x86)\McAfee\Management of Native Encryption\mfeccf32mn.dll 2015-11-25 18:10 - 2015-11-25 18:10 - 001301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll 2017-03-23 19:43 - 2017-03-23 19:43 - 000433808 _____ () C:\Program Files\McAfee\Agent\x86\sqlite.dll 2017-03-23 19:41 - 2017-03-23 19:41 - 000048536 _____ () C:\Program Files\McAfee\Agent\x86\MXML.dll 2017-03-23 19:44 - 2017-03-23 19:44 - 000026824 _____ () C:\Program Files\McAfee\Agent\x86\trex.dll 2017-03-23 19:11 - 2017-03-23 19:11 - 000141496 _____ () C:\Program Files\McAfee\Agent\x86\libuv.dll 2017-03-23 19:10 - 2017-03-23 19:10 - 000028904 _____ () C:\Program Files\McAfee\Agent\x86\libini.dll 2017-05-17 09:16 - 2017-05-17 09:16 - 000033792 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_system-vc140-mt-1_59.dll 2017-05-17 09:16 - 2017-05-17 09:16 - 000062976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_date_time-vc140-mt-1_59.dll 2017-05-17 09:16 - 2017-05-17 09:16 - 000126976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_filesystem-vc140-mt-1_59.dll 2016-08-22 14:52 - 2016-08-22 14:52 - 002187712 _____ () C:\Program Files (x86)\Tanium\Tanium Client\TaniumCryptoLibrary.dll 2017-07-25 13:15 - 2017-07-25 13:15 - 001754296 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\tmpod.dll 2017-07-25 13:15 - 2018-03-14 09:12 - 000039112 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconvpxy.dll 2009-02-27 16:38 - 2009-02-27 16:38 - 000139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2017-05-17 09:06 - 2017-05-17 09:06 - 000171008 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Plugins\aciseapi.dll 2018-01-25 10:21 - 2018-01-25 10:21 - 000038568 _____ () C:\Program Files\McAfee\TIEM\mfelpcHelper.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\nzh2lq\Desktop\2018-CombinedCalendars.xlsx:PG$Secure [402] AlternateDataStreams: C:\Users\nzh2lq\Downloads\000.xls:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\2017-cad-xt5-brochure.pdf:PG$Secure [634] AlternateDataStreams: C:\Users\nzh2lq\Downloads\2017FallCourseCatalogOutput [Term-A17][7.13.2017 7.34.13 PM].doc:PG$Secure [638] AlternateDataStreams: C:\Users\nzh2lq\Downloads\2018-CombinedCalendars.xlsx:PG$Secure [402] AlternateDataStreams: C:\Users\nzh2lq\Downloads\24852531_10209071049093246_6502460086890419016_n.jpg:PG$Secure [658] AlternateDataStreams: C:\Users\nzh2lq\Downloads\61665_EDM.pdf:PG$Secure [554] AlternateDataStreams: C:\Users\nzh2lq\Downloads\AdjustGetVehicleUnitEnrollActV1.zip:PG$Secure [650] AlternateDataStreams: C:\Users\nzh2lq\Downloads\adwcleaner_7.2.2.exe:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\agent confiuration + activity screens.docx:PG$Secure [466] AlternateDataStreams: C:\Users\nzh2lq\Downloads\AI.jpg:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\AI.jpg:PG$Secure [261] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ALM-Platform-Loader.msi:PG$Secure [274] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Appointment Letter.pdf:PG$Secure [366] AlternateDataStreams: C:\Users\nzh2lq\Downloads\appOnly.zip:PG$Secure [502] AlternateDataStreams: C:\Users\nzh2lq\Downloads\AprilDotMaster_V17_20180427.jar:PG$Secure [594] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Assessment_gener_en6_20170421.html:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\basic_overview.pptx:PG$Secure [578] AlternateDataStreams: C:\Users\nzh2lq\Downloads\CATALOG.zip:PG$Secure [390] AlternateDataStreams: C:\Users\nzh2lq\Downloads\CDPT Overview.ppt:PG$Secure [318] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ComponentStatistics.xls:PG$Secure [1166] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Contacts.vcf:PG$Secure [1582] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Content Staging Request for Release - R6.9_Maj2017.10 WNPROD R6.9_Maj2017.10 MFPROD.msg:PG$Secure [858] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Controller.pdf:PG$Secure [3195] AlternateDataStreams: C:\Users\nzh2lq\Downloads\CSSA 7.1 Study Guide (2016 February 64 pages).docx:PG$Secure [626] AlternateDataStreams: C:\Users\nzh2lq\Downloads\detailed_overview.wmv:PG$Secure [586] AlternateDataStreams: C:\Users\nzh2lq\Downloads\DL-72184.zip:PG$Secure [410] AlternateDataStreams: C:\Users\nzh2lq\Downloads\DL-75747.zip:PG$Secure [410] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Download File.pdf:PG$Secure [366] AlternateDataStreams: C:\Users\nzh2lq\Downloads\DSS and prconfig.xml (2).docx:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\dss.zip:PG$Secure [498] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM0701-010215NoApp.zip:PG$Secure [562] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM0701-070102toMaxNo070101NoApp.jar:PG$Secure [614] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM0701RSV070101-OnlyNoApp.zip:PG$Secure [590] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM701.jar:PG$Secure [510] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDMProductIDT7PP7PP8V2 - Copy.zip:PG$Secure [562] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDMProductIDT7PP7PP8V2.zip:PG$Secure [562] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDMProductIDT7PP7PP8v3.zip:PG$Secure [574] AlternateDataStreams: C:\Users\nzh2lq\Downloads\edmsvcAppRuleOnly.zip:PG$Secure [610] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM_2018_NA_03_Mar_DDL.zip:PG$Secure [1194] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM_61665_Quick_RunBookV2.7.docx:PG$Secure [2611] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM_61665_SystemDesignDocument_V1.4.docx:PG$Secure [622] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Entilement_Dec_Master_fromDev2.jar:PG$Secure [662] AlternateDataStreams: C:\Users\nzh2lq\Downloads\entireEdmApplicationFromeDev02.zip:PG$Secure [606] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Entitlements06-09-17FromIDT3 (1).zip:PG$Secure [654] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Entitlements06-09-17FromIDT3.zip:PG$Secure [654] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EntitlementsRSV_060941_20180315T0546PM.jar:PG$Secure [682] AlternateDataStreams: C:\Users\nzh2lq\Downloads\EntitlementsRSV_060941_20180315T0546PM.zip:PG$Secure [682] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Entitlements_NBM_RSV_061001_20180213T1157AM.jar:PG$Secure [714] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ExceptionCountByDayForPCF_2018-01-03_16-22-23.xls:PG$Secure [1302] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ExportData (1).xls:PG$Secure [778] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ExportData.xls:PG$Secure [686] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Ezell.docx:PG$Secure [3199] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Fences3-sd-setup.exe:PG$Secure [270] AlternateDataStreams: C:\Users\nzh2lq\Downloads\FiddlerSetup.exe:PG$Secure [334] AlternateDataStreams: C:\Users\nzh2lq\Downloads\FRST64.exe:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\FRST64.exe:PG$Secure [714] AlternateDataStreams: C:\Users\nzh2lq\Downloads\GAA_Events_Guide_Sep 2018 (1).docx:PG$Secure [438] AlternateDataStreams: C:\Users\nzh2lq\Downloads\GAA_Events_Guide_Sep 2018.docx:PG$Secure [438] AlternateDataStreams: C:\Users\nzh2lq\Downloads\GM-GCCX-EDM-Data-EventMessageConsumer_20170815T193336.116 GMT.csv:PG$Secure [930] AlternateDataStreams: C:\Users\nzh2lq\Downloads\GPD GPSC All People Meeting Oct 4.ics:PG$Secure [974] AlternateDataStreams: C:\Users\nzh2lq\Downloads\GPD-GPSC-Quality-Feb-2018-APM2 (1).ics:PG$Secure [914] AlternateDataStreams: C:\Users\nzh2lq\Downloads\GPD-GPSC-Quality-Feb-2018-APM2.ics:PG$Secure [914] AlternateDataStreams: C:\Users\nzh2lq\Downloads\HottNotes4.1Setup.exe:PG$Secure [294] AlternateDataStreams: C:\Users\nzh2lq\Downloads\How-to-Use-OAP-and-Apply-to-an-Internal-Posting (3-7-17) (1).pptx:PG$Secure [646] AlternateDataStreams: C:\Users\nzh2lq\Downloads\https.edm-idt1-epgw.onstar.gm.com151472018-01-03T18.10.24.fpr:PG$Secure [558] AlternateDataStreams: C:\Users\nzh2lq\Downloads\IMG_0343.JPG:PG$Secure [558] AlternateDataStreams: C:\Users\nzh2lq\Downloads\installbackupandsync.exe:PG$Secure [1010] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Item+details_2018-01-03_16-24-29.xls:PG$Secure [1446] AlternateDataStreams: C:\Users\nzh2lq\Downloads\LogsAuth.txt_0.zip:PG$Secure [330] AlternateDataStreams: C:\Users\nzh2lq\Downloads\LWAPlugin64BitInstaller32.msi:PG$Secure [370] AlternateDataStreams: C:\Users\nzh2lq\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6397.exe:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6397.exe:PG$Secure [498] AlternateDataStreams: C:\Users\nzh2lq\Downloads\MXOLE_20170720T195626_GMT.jar:PG$Secure [642] AlternateDataStreams: C:\Users\nzh2lq\Downloads\NavTest_20171002T153411_GMT.jar:PG$Secure [634] AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnetasticInstaller.x86.exe:PG$Secure [390] AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsContext014404to014606-20171122T1041AM.jar:PG$Secure [646] AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchData_20180216T0320PM.jar:PG$Secure [666] AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchData_V2_20180417T0915AM.jar:PG$Secure [678] AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchMaster_20180118T0917AM.jar:PG$Secure [674] AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchMaster_20180216T1255PM.jar:PG$Secure [674] AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchMaster_20180221T0203PM.jar:PG$Secure [674] AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchMaster_V4_20180417T0851AM.jar:PG$Secure [686] AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnStar_Global_Application_Release_Form (2).xls:PG$Secure [470] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega Platform Security.pdf:PG$Secure [450] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-DecisionEngine071026.zip:PG$Secure [574] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-ImportExport071026.zip:PG$Secure [566] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-IntegrationArchitect071026.zip:PG$Secure [598] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-LP-Application071026.zip:PG$Secure [574] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-LP-SystemSettings071026.zip:PG$Secure [586] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-RULES071026.zip:PG$Secure [538] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega7 - Customizing Login-Screen.docx:PG$Secure [502] AlternateDataStreams: C:\Users\nzh2lq\Downloads\PEGA_EVENTS_FOR_GM20180222.csv:PG$Secure [498] AlternateDataStreams: C:\Users\nzh2lq\Downloads\PEGA_EVENTS_FOR_GM20180319 (1).csv:PG$Secure [498] AlternateDataStreams: C:\Users\nzh2lq\Downloads\PEGA_EVENTS_FOR_GM20180319.csv:PG$Secure [498] AlternateDataStreams: C:\Users\nzh2lq\Downloads\PEGA_TRIGGERED20180419.csv:PG$Secure [498] AlternateDataStreams: C:\Users\nzh2lq\Downloads\PenTest_Report_ASMS-61665_PPM-86413_Aug-30-2017 (1) (1).zip:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\PenTest_Report_ASMS-61665_PPM-86413_Aug-30-2017 (1) (2).zip:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\PICNIC LUNCH MENU.docx:PG$Secure [3111] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Policy_Sec_6_web.mht:PG$Secure [438] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Procmon.exe:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Proof of Citizenship.pdf:PG$Secure [366] AlternateDataStreams: C:\Users\nzh2lq\Downloads\propositions-swagger-single.yaml:PG$Secure [602] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ReimageRepair (1).exe:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ReimageRepair (1).exe:PG$Secure [294] AlternateDataStreams: C:\Users\nzh2lq\Downloads\RS_GetVehicleUnitSvc060433D20171208T0122PM.jar:PG$Secure [710] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Rule Resolution.docx:PG$Secure [346] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20170921T162133.643 GMT.zip:PG$Secure [1182] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20171024T210526.695 GMT.zip:PG$Secure [1150] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180206T034138.774 GMT (1).zip:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180206T034138.774 GMT (1).zip:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180206T034138.774 GMT.zip:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180206T034138.774 GMT.zip:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180216T192510.286 GMT.zip:PG$Secure [1150] AlternateDataStreams: C:\Users\nzh2lq\Downloads\section.docx:PG$Secure [257] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Secure_CrossSiteForgeOFF.zip:PG$Secure [582] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Secure_CrossSiteForgeON.zip:PG$Secure [578] AlternateDataStreams: C:\Users\nzh2lq\Downloads\SecurityDSSRules.jar:PG$Secure [606] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Security_Assessment_gener_en6_20170504.html:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\SendLog_Pega20180213.csv:PG$Secure [498] AlternateDataStreams: C:\Users\nzh2lq\Downloads\setup-lightshot.exe:PG$Secure [270] AlternateDataStreams: C:\Users\nzh2lq\Downloads\setup.exe:PG$Secure [362] AlternateDataStreams: C:\Users\nzh2lq\Downloads\SharedDrive_1349-191.xlsx:PG$Secure [454] AlternateDataStreams: C:\Users\nzh2lq\Downloads\SharedDrive_1349-209 (1).xlsx:PG$Secure [454] AlternateDataStreams: C:\Users\nzh2lq\Downloads\SharedDrive_1349-209.xlsx:PG$Secure [454] AlternateDataStreams: C:\Users\nzh2lq\Downloads\SharedDrive_1349-246.xlsx:PG$Secure [454] AlternateDataStreams: C:\Users\nzh2lq\Downloads\sivaid.zip:PG$Secure [510] AlternateDataStreams: C:\Users\nzh2lq\Downloads\SSAAdv_73_20170801.ova:PG$Secure [406] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Story 3647 - Dynamic Advisor - QA.docx:PG$Secure [634] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Story 3695 - Dynamic Advisor - Cancel Save Flow.docx:PG$Secure [706] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Story 3707 - Advisor Ops Enhancements - Advisor Payout-Rank.docx:PG$Secure [778] AlternateDataStreams: C:\Users\nzh2lq\Downloads\TestMultiAppsInOneProduct_20180313T1047AM.zip:PG$Secure [706] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Thesis.pdf:PG$Secure [3199] AlternateDataStreams: C:\Users\nzh2lq\Downloads\United-States-Holidays.zip:PG$Secure [454] AlternateDataStreams: C:\Users\nzh2lq\Downloads\User Guide - People Data Request.pptx:PG$Secure [510] AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (1).zip:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (2).zip:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (2).zip:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (3).zip:Avecto.Zone.Identifier [26] AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (3).zip:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11).zip:PG$Secure [1478] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Web Service Scan Results Feb.pdf:PG$Secure [626] AlternateDataStreams: C:\Users\nzh2lq\Downloads\Y15A_C2_UWC_PP-inst-E1.EXE:PG$Secure [362] AlternateDataStreams: C:\Users\nzh2lq\Documents\Pega Report future-of-work-report.pdf:PG$Secure [398] AlternateDataStreams: C:\Users\nzh2lq\Documents\Pega_Academy_Virtual_Machine_User_Guide.pdf:PG$Secure [526] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\achievers.com -> hxxps://gm.achievers.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\bluejeans.com -> gm.bluejeans.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\centerlearning.com -> centerlearning.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\coremetrics.com -> hxxps://libs.coremetrics.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\dcwipvggmnp01 -> hxxp://dcwipvggmnp01 IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\e-access.att.com -> e-access.att.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\egain.net -> egain.net IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\exct.net -> image.exct.net IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\gmprograminfo.com -> gmprograminfo.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\hp.com -> hp.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\Intradiem.com -> Intradiem.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\jasperwireless.com -> jasperwireless.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\Knowlagentondemand.com -> Knowlagentondemand.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\kontiki.com -> kontiki.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\live.com -> live.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\liveperson.net -> hxxps://lptag.liveperson.net IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\mediaplatform.com -> mediaplatform.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\merkleinc.com -> merkleinc.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\mibpi.com -> mibpi.com IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\minacs.com -> minacs.com There are 19 more sites. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2018-07-26 10:25 - 000000077 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 view-localhost # view localhost server ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\Control Panel\Desktop\\Wallpaper -> C:\Users\nzh2lq\AppData\Local\Microsoft\DesktopData\DesktopWallpaper.jpg DNS Servers: 10.121.160.122 - 148.93.52.152 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{FDB3A40B-DBA7-43C2-9F50-FBDBC225113E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{BEEFBA38-99E5-4FFF-B803-76C4059B789E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{0010B3A7-8E85-4182-9E3F-211F710C7663}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{D7E61E2B-A21F-48D8-B9DC-5855AECCD191}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{19B698E0-DBAE-406D-A86A-B3A55175AC80}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{4EEEF7A0-C360-4B97-83E3-55B12EA69565}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{3894D9FE-974B-4128-9CE1-1CB2BFF4940F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{21E52303-5270-4568-B992-B7CBED801FEC}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe FirewallRules: [{E6B75D49-BEC8-4383-A010-5C74EF3855C6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe FirewallRules: [{91BC7DB3-B6B4-497C-A63C-2A65984844D7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe FirewallRules: [{1F96746E-BC78-4E1A-A44F-642171E18EB5}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe FirewallRules: [{3FB547E6-A64D-4790-BEF2-BB939D09FAED}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe FirewallRules: [{C108EB46-F16A-4C72-8325-A9B3DC9105C8}] => (Allow) LPort=17472 FirewallRules: [{439B3EA3-5715-4D3E-9F24-94B53E21854A}] => (Allow) LPort=17472 FirewallRules: [TCP Query User{AD660C74-8413-4F7D-B11F-3236FD508251}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe FirewallRules: [UDP Query User{E4ADC1A4-7752-4835-80A9-BDD074C14A7E}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe FirewallRules: [{A1C2E321-D7E1-46C5-BF0D-3FEEB9D52592}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [{6096057D-CDC6-4243-B1BA-16D9F06B0884}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe FirewallRules: [TCP Query User{9EE302C7-3619-491B-B4E2-9909190FEF47}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe FirewallRules: [UDP Query User{D6F79139-A6BB-4032-AD35-A4267F22E796}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe FirewallRules: [TCP Query User{05D7A614-C174-4A27-BAE1-CBB8078ACE22}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe FirewallRules: [UDP Query User{18F3A893-0287-46EB-A690-EE907E972CF8}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe FirewallRules: [TCP Query User{7D727B4C-F8DF-412F-ACB3-4BFCD8B195C6}C:\windows\system32\java.exe] => (Block) C:\windows\system32\java.exe FirewallRules: [UDP Query User{B3D3847C-D7A2-491D-B491-68D510B79E37}C:\windows\system32\java.exe] => (Block) C:\windows\system32\java.exe FirewallRules: [TCP Query User{812BC331-6F3B-4DE3-945E-FC18B46B331F}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe FirewallRules: [UDP Query User{BA94B4E1-3973-4AB1-9109-BB3E58ECC6C0}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe FirewallRules: [TCP Query User{AB39CFE8-AEB9-4ED3-BA4F-C56FF0AA8FD2}C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe] => (Allow) C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe FirewallRules: [UDP Query User{67BF3FFD-63C0-467E-B98A-B519A5898E1F}C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe] => (Allow) C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe FirewallRules: [{24446560-D1B1-4F91-9AA8-98B8177E651B}] => (Block) C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe FirewallRules: [{9FCFAB55-5F3A-466B-83F8-3F602D929FFC}] => (Block) C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe FirewallRules: [{D71BC3BC-7AEA-45B8-8EC3-9AB8211F269C}] => (Allow) D:\Programs\brodnt\install\wlan_wiz\.\wlan_assistant\waw.exe FirewallRules: [{37F32EB4-BF67-4C6E-B30C-57742B851E88}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe FirewallRules: [{E041D87E-5FF9-4FB8-9813-1DE1A4F3E2B1}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe FirewallRules: [TCP Query User{5B0D0036-F2F2-4B25-9615-65EDB0675475}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [UDP Query User{FB8CC181-4E28-4668-B72F-193EC5274B29}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe FirewallRules: [{B5E944A1-919A-42AB-963A-1B28846FC723}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{8DD75EF2-3725-40D1-82FA-A4BD9D1DF266}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{AD32FD7E-3F7F-4AB8-B320-825F3A802355}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{7F10C83C-75AB-45AF-9B6A-B00583FD2465}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{50FC4349-BB8F-42FC-8B4F-6D8E86EC6249}] => (Allow) LPort=17472 FirewallRules: [{F2F91A2A-9D29-4A1B-AD41-B6813BB59C6E}] => (Allow) LPort=17472 FirewallRules: [{3A80C758-A31E-49DD-819D-A73951CCD4BC}] => (Allow) LPort=17472 FirewallRules: [{BE9D3F37-59EA-4CD9-B761-025ECB5134DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{C7EA5B17-700A-4F9B-9C47-36A4A9DE77B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{2BE14760-EDDF-434E-B07A-CEE4A213020E}] => (Allow) D:\Programs\Fiddler\Fiddler2\Fiddler.exe FirewallRules: [{F472A6A7-8098-4B56-9879-8B561C825C86}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{66DABE1F-1E09-4B93-A999-EB01DBB70679}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{0F9E1C09-D264-42D0-A217-86E59229BD2F}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{DBD8BE7D-2C7E-4029-9F1E-D67928C8490C}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{53288CCB-DEB8-43D4-8DBD-5618037943BF}] => (Allow) LPort=17472 FirewallRules: [{DA398D84-1FE8-4BF4-9C44-5F6B1F5E55ED}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{2200691B-5D1F-49BA-B3D9-DF66667F5D78}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{54D4B6B0-01FB-4829-9CDB-562A593397B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{4051E499-CAB6-42F2-A57B-B7459D504B53}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{530CEF05-A264-4946-B832-35CA6678B09B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{DB4A5758-5CFA-4635-85FC-A27821FB587C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{95A93D24-37A5-4C8E-9651-B6CD336DA310}] => (Allow) C:\WINDOWS\system32\enstart64.exe FirewallRules: [{5B0F8DFA-7775-4851-8150-9A4DE16F3F86}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe FirewallRules: [{2203FCB4-B3B3-41BF-878B-E26DBD293F73}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe FirewallRules: [TCP Query User{F6FBAAD4-1D96-4DF8-AC0C-8A2B9798CBA6}C:\users\nzh2lq\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.194\pluginhost.exe] => (Block) C:\users\nzh2lq\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.194\pluginhost.exe FirewallRules: [UDP Query User{269BE6E5-C7DF-483B-A104-43512695CD6D}C:\users\nzh2lq\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.194\pluginhost.exe] => (Block) C:\users\nzh2lq\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.194\pluginhost.exe FirewallRules: [{456E9DCB-59AD-41CD-9C2F-ABE6F3067355}] => (Allow) LPort=54925 FirewallRules: [{DC9AFE37-2B47-430C-9B95-DE8398359F11}] => (Allow) C:\Program Files\1E\NomadBranch\NomadPackageLocator.exe FirewallRules: [{84526BC0-50B3-4C46-BE55-AAC66D0418F7}] => (Allow) C:\Program Files\1E\NomadBranch\NomadPackageLocator.exe FirewallRules: [{3A1C3CDE-AB53-4E05-B71C-E66B0F0DEE94}] => (Allow) C:\Program Files\1E\NomadBranch\PackageStatusRequest.exe FirewallRules: [{C3C71CCB-FC0B-451B-86A5-2FE5D566C56E}] => (Allow) C:\Program Files\1E\NomadBranch\PackageStatusRequest.exe FirewallRules: [{02FDFFEB-7BEE-4753-A9D7-738DC78581CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe FirewallRules: [TCP Query User{40D79E1E-DC1A-48BD-B601-8F8FEFB0B67B}C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe FirewallRules: [UDP Query User{5E7726A2-AAE8-4D48-B5C5-4FFD65FA8153}C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe FirewallRules: [{ACEA1DEA-86B2-458C-9B03-5330AB7239B5}] => (Block) C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe FirewallRules: [{6A93A791-F9B4-4830-BE50-B6085C22CC7A}] => (Block) C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe FirewallRules: [TCP Query User{ED2BCEEF-4C1F-4443-98E1-F14FB88722E7}D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe] => (Allow) D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe FirewallRules: [UDP Query User{E2022105-318A-4E62-98B9-17C67DFFCDB7}D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe] => (Allow) D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe FirewallRules: [{DCADD52F-AFFB-49DE-819A-C8D1E88E079E}] => (Block) D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe FirewallRules: [{570BCE1C-56FD-47F0-8ED6-2189AAF8B44C}] => (Block) D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe FirewallRules: [{09F0F6BD-2500-4E9C-B569-1210AF6791D0}] => (Allow) C:\Program Files (x86)\RAMPMulticastPlusReceiver\RAMPMulticastPlusReceiverService.exe FirewallRules: [{81DA8BF2-83F2-4449-A2CE-DDAD463939C2}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe FirewallRules: [{A92C774B-9DE5-4AA2-B3C9-D6172ABEC65E}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe FirewallRules: [{4B677B1A-83CB-4842-A92D-4DDA371D0452}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe FirewallRules: [{4C9811CB-BE43-4873-BD11-2394480A4457}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe FirewallRules: [{C8BE6EA3-832B-4B03-9EB2-688B03FEABD7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{029C33B9-9FB4-4B9C-90E5-8827E87BA8AD}] => (Allow) C:\Program Files\1E\NomadBranch\NomadBranch.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Intel(R) Wireless Bluetooth(R) 4.0 Adapter Description: Intel(R) Wireless Bluetooth(R) 4.0 Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Intel Corporation Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Brother MFC-J480DW LAN Description: Brother MFC-J480DW LAN Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Brother Service: StillCam Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/19/2018 09:00:49 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/19/2018 08:56:57 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/19/2018 08:56:57 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/19/2018 08:56:49 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/19/2018 08:55:25 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/19/2018 08:55:25 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/19/2018 08:55:05 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/19/2018 08:55:05 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (08/19/2018 08:59:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Error: (08/19/2018 08:52:31 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ONSTAR) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (08/19/2018 08:52:31 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (08/19/2018 08:52:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Superfetch service terminated with the following error: The system cannot find the file specified. Error: (08/19/2018 08:51:54 AM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: Access is denied. Error: (08/19/2018 08:51:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: cdrom Error: (08/19/2018 08:51:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Service Installer TrueKey service failed to start due to the following error: The system cannot find the file specified. Error: (08/19/2018 08:51:34 AM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain ONSTAR due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz Percentage of memory in use: 22% Total physical RAM: 32707.12 MB Available physical RAM: 25449.97 MB Total Virtual: 65412.4 MB Available Virtual: 57279.57 MB ==================== Drives ================================ Drive ? (OSDisk) (Fixed) (Total:237.98 GB) (Free:86.64 GB) NTFS Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:651.22 GB) NTFS \\?\Volume{07177958-e77c-11e5-b9d4-806e6f6e6963}\ () (Fixed) (Total:0.49 GB) (Free:0.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 1AD21EE5) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 520FBC6A) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
  2. I run AdwCleaner again, it finds the PUP.Optional.Legacy virus (again), I clean & repair, reboot. I am good for a couple of hours and then the notifications start again. This is a vicious cycle that seems to never end. It happened when I joined some music files and downloaded the result. Please help
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.