Jump to content

Notification Keeps Coming Back PUP.Optional.Legacy


Buck
 Share

Recommended Posts

I run AdwCleaner again, it finds the PUP.Optional.Legacy virus (again), I clean & repair, reboot.  I am good for a couple of hours and then the notifications start again.

 

This is a vicious cycle that seems to never end.  It happened when I joined some music files and downloaded the result.

 

Please help

Link to post
Share on other sites

Hello Buck and welcome to Malwarebytes,

Continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

-Log Details-
Scan Date: 8/19/18
Scan Time: 8:57 AM
Log File: 7214712a-a3af-11e8-a0b8-00059a3c7a00.json
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.421
Update Package Version: 1.0.6397
License: Free
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ONSTAR\NZH2LQ
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 350359
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 5 min, 45 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 2
PUM.Optional.WindowsToolDisabled, HKLM\SOFTWARE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DISABLECONFIG, Replace-on-Reboot, [12998], [293254],1.0.6397
PUM.Optional.WindowsToolDisabled, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\WINDOWS NT\SYSTEMRESTORE|DISABLECONFIG, Replace-on-Reboot, [12998], [293254],1.0.6397
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 1
PUP.Optional.Reimage, C:\USERS\NZH2LQ\DOWNLOADS\REIMAGEREPAIR (1).EXE, Delete-on-Reboot, [1370], [331559],1.0.6397
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19.08.2018 01
Ran by NZH2LQ (19-08-2018 09:11:01)
Running from C:\Users\nzh2lq\Downloads
Windows 7 Enterprise Service Pack 1 (X64) (2016-03-11 11:34:04)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Guest (S-1-5-21-3038070222-248648148-3247118140-501 - Limited - Disabled)
localadmin (S-1-5-21-3038070222-248648148-3247118140-500 - Administrator - Enabled) => C:\Users\localadmin
SMSNomadP2P& (S-1-5-21-3038070222-248648148-3247118140-1004 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {1006DC03-1FB1-9E52-7C81-F2FAB48962E3}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {AB673DE7-398B-91DC-4631-C988CF0E285E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1E NomadBranch x64 (HKLM\...\{7EF6EBBB-38EC-4AFA-B3EB-B3DC50199FC0}) (Version: 6.3.100 - 1E)
64 Bit HP CIO Components Installer (HKLM\...\{30689060-43BD-46E9-8A54-E6CDB18AAB88}) (Version: 20.2.1 - HP Inc.) Hidden
Adobe Acrobat Reader 2017 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AE1108756300}) (Version: 17.011.30080 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 24.0.0.180 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.126 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM-x32\...\{ECCB1019-16A6-49EF-A2F9-E85777C1C588}) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\{FFD6FA27-3734-44C2-9BCE-4FA90F5CAA64}) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\{175D1C2E-CEF4-4909-901D-52AF3CD8ECD2}) (Version: 12.3.1.201 - Adobe Systems, Inc)
AgentInstall64 (HKLM\...\{BF9489ED-B077-4EA3-9A72-3AE1DC96E6CD}) (Version: 14.6.0204.01004 - Symantec Corp.) Hidden
AIPortalSetup (HKLM-x32\...\{146217F4-F38A-41D9-924F-05E76D8562A2}) (Version: 1.00.0000 - GM IT)
ALM-Platform Loader 12.0x (HKLM-x32\...\{1E47548C-CDB4-487D-A1CF-8003DBE0C3DF}) (Version: 12.01.838.0 - HP)
Archive Ingestion (HKLM-x32\...\{CF3BBE71-C27F-4CC4-8CA6-F16BC60021ED}) (Version: 1.00.0000 - General Motors)
Autonomy_Agree (HKLM-x32\...\Autonomy_Agree) (Version:  - )
Avecto Defendpoint Client (x64) 5.1.95 (HKLM\...\{CD335205-90FD-496F-8532-FB1FBF9141DB}) (Version: 5.1.95 - Avecto)
Avecto Uninstall Program Utility (HKLM\...\CE17490-AvectoProgramUtil) (Version: 1.0 - )
BrLauncher (HKLM-x32\...\{C661197A-6B93-4E37-9E3F-2A1DFCD64234}) (Version: 1.1.15.0 - Brother Industries Ltd.) Hidden
BrLogRx (HKLM-x32\...\{B556F816-FF4D-4BB6-9339-ED28639E2EF3}) (Version: 1.0.2.1 - Brother Industries Ltd.) Hidden
Brother PCFax Driver (HKLM-x32\...\{56BA05BD-7A67-4EF8-85A7-8C6528AEE2AC}) (Version: 1.4.0.0 - Brother Industries Ltd.) Hidden
Brother Port Driver (HKLM-x32\...\{6768BCF7-474C-4428-9FC1-3C46969819D6}) (Version: 1.1.4.4 - Brother Industries Ltd.) Hidden
Brother Printer Driver (HKLM-x32\...\{A17C3197-24C9-493B-BB9A-A73800A0B61A}) (Version: 1.6.0.1 - Brother Industries Ltd.) Hidden
Brother Scanner Driver (HKLM-x32\...\{AE0056FC-36C2-4C09-B9BB-9111617914EA}) (Version: 1.0.11.11 - Brother Industries Ltd.) Hidden
BrotherHelpInstaller (HKLM-x32\...\{4E461C2A-EC1C-46D1-AF5B-7FEFD0054AF8}) (Version: 1.0.0.0 - Brother) Hidden
BrSupportTools (HKLM-x32\...\{F8F9EB58-33BA-4FF8-80E7-66D87D2E0C3C}) (Version: 1.0.9.0 - Brother Industries Ltd.) Hidden
CE13061_1_Outlook2013_DotOne (HKLM-x32\...\CE13061_1_Outlook2013) (Version:  - )
CE13264_Visioviewer2013 (HKLM-x32\...\CE13264_Visioviewer2013) (Version: 1.0 - )
CE13310_CAPhsKB2520487 (HKLM-x32\...\CE13310_CAPhsKB2520487) (Version:  - )
CE13368_AdobeSecurityBundle (HKLM\...\CE13368_AdobeSecurityBundle) (Version: 2016.01.04.0 - )
CE13368_AdobeSecurityBundle (HKLM-x32\...\CE13368_AdobeSecurityBundle) (Version: 2016.01.04.0 - )
CE13406_OracleJavaBundle (HKLM\...\CE13406_OracleJavaBundle) (Version: 2015.02.15.0 - )
CE13406_OracleJavaBundle (HKLM-x32\...\CE13406_OracleJavaBundle) (Version: 2015.02.15.0 - 2017.12.20)
CE13453_ARTOOL (HKLM-x32\...\CE13453_ARTOOL) (Version:  - )
CE14067_OfficeTemplates (HKLM-x32\...\CE14067_OfficeTemplates) (Version: 1.10 - )
CE14193_KB2852386 (HKLM\...\CE14193_KB2852386) (Version:  - )
CE14193_KB2852386 (HKLM-x32\...\CE14193_KB2852386) (Version:  - )
CE14363_MBAMv2_1 (HKLM\...\CE14363_MBAMv2_1) (Version: 1.0 - )
CE14363_MBAMv2_1 (HKLM-x32\...\CE14363_MBAMv2_1) (Version: 1.0 - )
CE14367_Boottime (HKLM\...\CE14367_Boottime) (Version:  - )
CE14417_ITServiceCenter (HKLM-x32\...\CE14417_ITServiceCenter) (Version:  - )
CE14450_Optimize16 (HKLM-x32\...\ce14450_optimize16) (Version:  - )
CE14463_Hotfixes (HKLM-x32\...\CE14463_Hotfixes) (Version:  - )
CE15026_WMF40 (HKLM-x32\...\CE15026_WMF40) (Version:  - )
CE15043_AppVSP3Client (HKLM-x32\...\CE15043_AppVSP3Client) (Version:  - )
CE15089_NextGenBrowser_P2 (HKLM\...\CE15089_NextGenBrowser_P2) (Version: 2015.06.02 - )
CE15089_NextGenBrowser_P2 (HKLM-x32\...\CE15089_NextGenBrowser_P2) (Version: 2015.06.02 - )
CE15179_AppVClientUI (HKLM-x32\...\CE15179_AppVClientUI) (Version:  - )
CE15196-DST-Hotfix-KB3049874 (HKLM-x32\...\CE15196-DST-Hotfix-KB3049874) (Version:  - )
CE15373-Hotfix-KB2444677 (HKLM-x32\...\CE15373-Hotfix-KB2444677) (Version:  - )
CE15401_Skype4Biz (HKLM\...\CE15401_Skype4Biz) (Version: 1.0 - )
CE15401_Skype4Biz (HKLM-x32\...\CE15401_Skype4Biz) (Version: 1.0 - )
CE15430_PasswordExpCheck (HKLM-x32\...\CE15430_PasswordExpCheck) (Version:  - )
CE15569_M4800VideoDriverUpdate (HKLM\...\CE15569_M4800VideoDriverUpdate) (Version: 10.18.14.4170 - )
CE15569_M4800VideoDriverUpdate (HKLM-x32\...\CE15569_M4800VideoDriverUpdate) (Version: 10.18.14.4170 - )
CE15754-DLP1252 (HKLM\...\CE15754-DLP1252) (Version: 12.5.2 - )
CE15754-DLP1252 (HKLM-x32\...\CE15754-DLP1252) (Version: 12.5.2 - )
CE15755_pdfxchange55 (HKLM\...\CE15755_pdfxchange55) (Version: 1.0 - )
CE15755_pdfxchange55 (HKLM-x32\...\CE15755_pdfxchange55) (Version: 1.0 - )
CE15814-AnyConnect41 (HKLM\...\CE15814-AnyConnect41) (Version: 4.1 - )
CE15814-AnyConnect41 (HKLM-x32\...\CE15814-AnyConnect41) (Version: 4.1 - )
CE15878-v1.0-FixSCCMAgent Schedule Task (HKLM-x32\...\CE15878-FixSCCM) (Version:  - )
CE15896_IEResetTool (HKLM-x32\...\CE15896_IEResetTool) (Version:  - )
CE15916-OfficeTemplate (HKLM-x32\...\CE15916-OfficeTemplate) (Version: 1.0 - )
CE15922-DNSDeDupe (HKLM-x32\...\CE15922-DNSDeDupe) (Version:  - )
CE15946-DST-KB3093503 (HKLM-x32\...\CE15946-DST-KB3093503) (Version:  - )
CE160006-UEV21SP1 (HKLM\...\CE160006-UEV21SP1) (Version: 2.1.637.0 - )
CE160006-UEV21SP1 (HKLM-x32\...\CE160006-UEV21SP1) (Version: 2.1.637.0 - )
CE16029-MNE400 (HKLM\...\CE16029-MNE400) (Version: 1.0 - )
CE16029-MNE400 (HKLM-x32\...\CE16029-MNE400) (Version: 1.0 - )
CE16040-WebexConRmv (HKLM-x32\...\CE16040-WebexConRmv) (Version:  - )
CE16092-WSUS-Fix2 (HKLM-x32\...\CE16092-WSUS-Fix2) (Version:  - )
CE16106-Office365-1 (HKLM-x32\...\CE16106-Office365) (Version:  - )
CE16106-PostRestore (HKLM-x32\...\CE16106-PostRestore) (Version:  - )
CE16106-PreCapture (HKLM-x32\...\CE16106-PreCapture) (Version:  - )
CE16128-WinZip20 (HKLM\...\CE16128-WinZip20) (Version: 20.0.1 - )
CE16128-WinZip20 (HKLM-x32\...\CE16128-WinZip20) (Version: 20.0.1 - )
CE16164-IMEIDriver (HKLM-x32\...\CE16164-IMEIDriver) (Version:  - )
CE16197-NCIT (HKLM\...\CE16197-NCIT) (Version: 1.0.5910.27464 - ) <==== ATTENTION
CE16197-NCIT (HKLM-x32\...\CE16197-NCIT) (Version: 1.0.5910.27464 - ) <==== ATTENTION
CE16203-WaitGMNet100 (HKLM\...\CE16203-WaitGMNet100) (Version:  - )
CE16228-BSOD-Fix (HKLM-x32\...\CE16228-BSOD-Fix) (Version:  - )
CE16241-IEDictionary (HKLM-x32\...\CE16241-IEDictionary) (Version:  - )
CE16261-CadillacFonts (HKLM\...\CE16261-CadillacFonts) (Version: 1.111 - )
CE16261-CadillacFonts (HKLM-x32\...\CE16261-CadillacFonts) (Version: 1.111 - )
CE16265-BadgePrintPCL (HKLM-x32\...\CE16265-BadgePrintPCL) (Version:  - )
CE16368-AppV51Client (HKLM-x32\...\CE16368-AppV51Client) (Version:  - )
CE16397-RebootReminder (HKLM\...\CE16397-RebootReminder) (Version: 2.00.0003 - )
CE16397-RebootReminder (HKLM-x32\...\CE16397-RebootReminder) (Version: 2.00.0003 - )
CE16412-WMF5 (HKLM\...\CE16412-WMF5) (Version: 2016.07.20 - )
CE16412-WMF5 (HKLM-x32\...\CE16412-WMF5) (Version: 2016.07.20 - )
CE16416-WiFiDriverUpgrade15 (HKLM\...\CE16416-WiFiDriverUpgrade15) (Version: 18.33.3.2 - )
CE16416-WiFiDriverUpgrade15 (HKLM-x32\...\CE16416-WiFiDriverUpgrade15) (Version: 18.33.3.2 - )
CE16472-ZonaFonts (HKLM\...\CE16472-ZonaFonts) (Version: 1.1 - )
CE16472-ZonaFonts (HKLM-x32\...\CE16472-ZonaFonts) (Version: 1.1 - )
CE16473-LatoFonts (HKLM\...\CE16473-LatoFonts) (Version: 1.1 - )
CE16473-LatoFonts (HKLM-x32\...\CE16473-LatoFonts) (Version: 1.1 - )
CE16474-IMEIDriverUpdate (HKLM-x32\...\CE16474-IMEIDriverUpdate) (Version:  - )
CE16488-NVIDIA36277 (HKLM\...\CE16488-NVIDIA36277) (Version: 10.18.13.6277 - )
CE16488-NVIDIA36277 (HKLM-x32\...\CE16488-NVIDIA36277) (Version: 10.18.13.6277 - )
CE16524-SSPR111231 (HKLM-x32\...\CE16524-SSPR111231) (Version: 11.1.2.3.1 - )
CE16654-PDFXChangeProV6 (HKLM-x32\...\CE16654-PDFXChangeProV6) (Version: 6.0.318.1 - )
CE17001-DLP14501 (HKLM\...\CE17001-DLP14501) (Version: 14.5.01 - )
CE17036-hotfix (HKLM-x32\...\CE17036-hotfix) (Version:  - )
CE17158-Bitlocker (HKLM-x32\...\CE17158-Bitlocker) (Version: 1.0 - )
CE17158-BitlockerRecKeyCheck (HKLM\...\CE17158-BitlockerRecKeyCheck) (Version: 1.1 - )
CE17158-BitlockerRecKeyCheck (HKLM-x32\...\CE17158-BitlockerRecKeyCheck) (Version: 1.1 - )
CE17167-SyncOverlays (HKLM-x32\...\CE17167-SyncOverlays) (Version: 1.0 - )
CE17196-AdobeSecurityBundle (HKLM-x32\...\CE17196-AdobeSecurityBundle) (Version: 2018.06.07.0 - )
CE17249-AnyConnect44 (HKLM-x32\...\CE17249-AnyConnect44) (Version: 4.4 - )
CE17260_Agree (HKLM-x32\...\CE17260_Agree) (Version:  - )
CE17260_Autonomy (HKLM-x32\...\CE17260_Autonomy) (Version:  - )
CE17279-ConfigureDellAudio (HKLM-x32\...\CE17279-ConfigureDellAudio) (Version:  - )
CE17323-LMS-Update (HKLM-x32\...\CE17323-LMS-Update) (Version: 1.0 - )
CE17329-MNE411 (HKLM\...\CE17329-MNE411) (Version: 1.0 - )
CE17329-MNE411 (HKLM-x32\...\CE17329-MNE411) (Version: 4.1.1 - )
CE17373-ITHELPICON (HKLM-x32\...\CE17373-ITHELPICON) (Version:  - )
CE17412-AzureADPatch (HKLM-x32\...\CE17412-AzureADPatch) (Version: 2.0.0.0 - )
CE17454-AccessAgent (HKLM-x32\...\CE17454-AccessAgent) (Version: 08.02.20232 - )
CE17464-EnCase (HKLM-x32\...\CE17464-EnCase) (Version: 1.02.00.38 - )
CE17517-IntelWIFI1960Update (HKLM-x32\...\CE17517-IntelWIFI1960Update) (Version: 18.33.7.2 - )
CE17577-Java8u131 (HKLM-x32\...\CE17577-Java8u131) (Version: 8.0.1310.34 - ) <==== ATTENTION
CE17586-DotNet47 (HKLM-x32\...\CE17586-DotNet47) (Version: 4.7.02053 - )
CE17634-AdobeAcrobatReader2017 (HKLM-x32\...\CE17634-AdobeAcrobatReader2017) (Version: 17.011.30065 - )
CE17815-Hotfix (HKLM-x32\...\CE17815-Hotfix) (Version: 1.0 - )
CE17833-LAPS (HKLM-x32\...\CE17833-LAPS) (Version: 6.2.0.0 - )
CE17834-USB30DRIVER (HKLM-x32\...\CE17834-USB30DRIVER) (Version: 5.0.4.43 - )
CE17854-WIREDNICUpdate20 (HKLM-x32\...\CE17854-WIREDNICUpdate20) (Version: 12.15.25.6 - )
CE18012-ITSoftwareCenter (HKLM-x32\...\CE18012-ITSoftwareCenter) (Version: 1.1.2 - )
CE18017-ChevyDurantLouisFontv2 (HKLM-x32\...\CE18017-ChevyDurantLouisFontv2) (Version: 1.0 - )
CE18021-HighSecurityPatch (HKLM-x32\...\CE18021-HighSecurityPatch) (Version: 1.0 - )
CE18025-DLP1460MP2 (HKLM-x32\...\CE18025-DLP1460MP2) (Version: 14.6.0204 - )
CE18040-MNE413 (HKLM-x32\...\CE18040-MNE413) (Version: 4.1.3.1 - )
CE18041-Visual-C++-2017 (HKLM-x32\...\CE18041-Visual-C++-2017) (Version: 14.12.25810 - )
CE18046-VMWareHVC47 (HKLM-x32\...\CE18046-VMWareHVC47) (Version: 4.7.0.11074 - )
CE18047-AzureInfoProtect (HKLM-x32\...\CE18047-AzureInfoProtect) (Version: 1.26.6.0 - )
CE18062-WiredPlcyRllBck (HKLM-x32\...\CE18062-WiredPlcyRllBck) (Version: 1.0 - )
CE18063-PhishMeOutlookAddon (HKLM-x32\...\CE18063-PhishMeOutlookAddon) (Version: 3.1.4.0 - )
CE18076-8021xHotFix (HKLM-x32\...\CE18076-8021xHotFix) (Version: 1.0 - )
CE18078-MachineWirdRpr (HKLM-x32\...\CE18078-MachineWirdRpr) (Version: 1.0 - )
CE18090-DWASR (HKLM-x32\...\CE18090-DWASR) (Version: 1.0 - )
CE18097-NetCeaseTool (HKLM-x32\...\CE18097-NetCeaseTool) (Version: 1.0 - )
CE18098-RAMPMulticastSSL (HKLM-x32\...\CE18098-RAMPMulticastSSL) (Version: 1.0 - )
CE18111-PCDashboard (HKLM-x32\...\CE18111-PCDashboard) (Version: 2.2.0 - )
CE18120-AdobeReaderPatch80 (HKLM-x32\...\CE18120-AdobeReaderPatch80) (Version: 2017.011.30080 - )
CE18126-LegacyFWRemoval (HKLM-x32\...\CE18126-LegacyFWRemoval) (Version: 1.0 - )
Chevy Durant Louis Fonts (GM) (HKLM-x32\...\{69672448-B7FD-479D-B03E-A7FA6E4E794F}) (Version: 2.0.0 - GM)
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{24DFC698-B89E-441F-B7B5-DD456819BE9C}) (Version: 4.4.03034 - Cisco Systems, Inc.)
Cisco AnyConnect ISE Posture Module (HKLM-x32\...\{9317038A-8547-41F1-B8EA-154CFF895610}) (Version: 4.4.03034 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.4.03034 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{EB629A98-5E69-40E8-BA9E-C393899F959D}) (Version: 4.4.03034 - Cisco Systems, Inc.) Hidden
Cisco WebEx Document Loader (HKLM-x32\...\{C2E43871-6E12-4565-8872-BEEAFB1C33AC}) (Version: 1.0 - Cisco WebEx LLC)
Cisco WebEx Meeting Center for Internet Explorer (HKLM-x32\...\{BD9555FF-C3B6-4654-BE94-C4E3EDD731D2}) (Version: 8.29.3202 - Cisco WebEx LLC)
Cisco Webex Meetings (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
ClientHealth-AutoUpdate (HKLM\...\T16484-CH-AutoUpdate) (Version: 2.0.0.0 - )
Configuration Manager Client (HKLM\...\{5AB8B509-4D5A-47DA-A1D2-CDDC2A7D27E4}) (Version: 5.00.8577.1000 - Microsoft Corporation) Hidden
Connected Backup/PC Agent (HKLM-x32\...\{393E4C89-67E9-43BF-AD29-94D19F7624F7}) (Version: 8.8.6.1 - Autonomy Corporation plc)
ContactCard_Office2013 (HKLM-x32\...\{056B01E6-A418-4AB4-8D3B-1001E625090D}) (Version: 1.00.0000 - General Motors)
ControlCenter4 (HKLM-x32\...\{9ADB625A-7F6D-4C48-9058-4767A55D5424}) (Version: 4.2.438.1 - Brother Insutries Ltd.) Hidden
ControlCenter4 CSDK (HKLM-x32\...\{1BAE50D4-5F2A-4E34-BD81-B4555109F7C2}) (Version: 4.2.3.1 - Brother Insutries Ltd.) Hidden
CV15460-v1.0-IT Software Protocol Handler 2.0 (HKLM-x32\...\CV15460_ITSoftwareProtocol20) (Version: 1.0.0.0 - GM)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{00E61C2A-E507-4662-8534-A0FA48F415AE}) (Version: 2.3.415.120 - Broadcom Corporation)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.109 - ALPS ELECTRIC CO., LTD.)
DeviceDetect (HKLM-x32\...\{FF45CD35-CEAA-4B57-81DA-8F215B9249CB}) (Version: 1.4.2.0 - Brother Industries Ltd.) Hidden
Enterprise Architect (HKLM-x32\...\{3B5FBE90-8A0A-4978-A148-FA27EB6204D4}) (Version: 12.1.1230.9 - Sparx Systems)
FixSCCMAgent (HKLM-x32\...\{371CD4F7-BD31-47BF-8B59-93BDE3E0F454}) (Version: 1.00.0000 - General Motors)
GM Durant Louis Fonts (HKLM-x32\...\{A04CFF84-F125-49F4-99A3-050910640D30}) (Version: 1.00 - GM)
GM Lato Fonts 1.0.1 (HKLM-x32\...\{62888448-9381-41BD-8E27-98993045847A}) (Version: 1.0.1 - GM)
GM Network Connection Info (HKLM-x32\...\{737147C4-758F-408F-BA70-02FA9BB34AFA}) (Version: 1.0.5910.27464 - General Motors)
GM Zona Pro Fonts 1.0.1 (HKLM-x32\...\{D6D62470-560D-43A0-A72D-5606FC06F724}) (Version: 1.0.1 - GM)
GM_Office_Templates (HKLM-x32\...\{0FF1CE13-621F-4D24-A63F-4ACB35F37110}) (Version: 1.10.0001 - GM)
GM-CadillacFonts (HKLM-x32\...\{C755C7A0-6D62-4B99-B519-9808882E8D71}) (Version: 1.111 - General Motors)
GMCMTimer (HKLM-x32\...\{F6E42E80-46AB-4375-AAF4-F12CB35F53A2}) (Version: 2.00.0004 - General Motors) Hidden
GME Fonts (HKLM-x32\...\{43387746-989B-4F7A-9F5F-222290AC4163}) (Version: 1.00.0000 - General Motors)
GMSansFonts (HKLM-x32\...\{BC7DAB1D-8727-4A56-A8E2-255B453B9E62}) (Version: 1.0.0 - General Motors)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.115 - Google Inc.) Hidden
HowToGuide (HKLM-x32\...\{36580EEB-4EDF-4880-BBD4-097E2C645ECD}) (Version: 1.0.1.0 - Brother Industries Ltd.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 22.7.18.0 (HKLM\...\PROSetDX) (Version: 22.7.18.0 - Intel)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1414.3) (HKLM\...\{302600C1-6BDF-4FD1-1403-148929CC1385}) (Version: 17.0.1403.0442 - Intel Corporation)
Internet Explorer (HKLM-x32\...\{D7C6758C-F5B3-4853-B929-325DADAB028F}) (Version: 9 - Microsoft Corporation) Hidden
ISAM ESSO AccessAgent (HKLM\...\{07721473-92B7-4D90-A092-E12D17EBFAC0}) (Version: 08.02.20232 - IBM Corp.)
IT Software Installer (HKLM-x32\...\{31768082-7EB2-4E44-9EC7-D028839B915A}) (Version: 1.1.2 - General Motors)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075F0}) (Version: 7.0.750 - Oracle)
Java 7 Update 75 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217075F0}) (Version: 7.0.750 - Oracle)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.34 - Oracle Corporation)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.34 - Oracle Corporation)
Java(TM) 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045F0}) (Version: 6.0.450 - Oracle)
Java(TM) 6 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216045F0}) (Version: 6.0.450 - Oracle)
Local Administrator Password Solution (HKLM\...\{EA8CB806-C109-4700-96B4-F1F268E5036C}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee Agent (HKLM\...\{265FA622-A254-49fb-B380-D9EF9ABFD32D}) (Version: 5.0.5.658 - McAfee, Inc.)
McAfee Data Exchange Layer (HKLM\...\{48F152B8-17F4-467F-A65B-49A2A271FA27}) (Version: 3.1.601.0 - McAfee, Inc.) Hidden
McAfee Data Exchange Layer (HKLM-x32\...\{d14da861-f859-4506-8497-ebcb682bbca8}) (Version: 3.1.0.601 - McAfee, Inc.)
McAfee Management of Native Encryption (HKLM-x32\...\{5276bed0-09a0-4417-a371-906ca1a20697}) (Version: 4.1.3.1 - McAfee, LLC)
McAfee Threat Intelligence Exchange module for VSE (HKLM\...\{CB4BEBDB-7B09-4312-B169-602285BA5B29}) (Version: 1.0.3.121 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.09000 - McAfee, Inc.)
McAfee/Tanium Real Time Client 2.0.1.1190 (HKLM-x32\...\McAfee Real Time Client) (Version: 2.0.1.1190 - McAfee, Inc. and Tanium Inc.)
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Application Virtualization (App-V) Client (HKLM-x32\...\{b08e77c6-988d-429f-ac06-9a32121a361c}) (Version: 5.1.86.0 - Microsoft Corporation)
Microsoft App-V 5.0 Client UI (HKLM-x32\...\{8ED072BE-EF70-448C-8F88-DE4A8BD101C0}) (Version: 5.0.4001.0 - Microsoft Corporation)
Microsoft Azure Information Protection (HKLM-x32\...\{b5b8c580-ec05-4974-b20f-ceb9c7806915}) (Version: 1.26.6.0 - Microsoft Corporation)
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.8431.2250 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProXVolume - en-us) (Version: 16.0.8431.2250 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\Teams) (Version: 1.0.00.19451 - Microsoft Corporation)
Microsoft User Experience Virtualization Agent (HKLM\...\{8CE81DCD-C208-4922-A6F0-45725E1601BB}) (Version: 2.1.637.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProXVolume - en-us) (Version: 16.0.8431.2250 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Workplace Join for Windows (HKLM\...\{150031D8-2323-4BA8-9F52-D6E5190D1CBA}) (Version: 2.1.0.0 - Microsoft Corporation)
Mnemosyne 2.4 (HKLM-x32\...\Mnemosyne_is1) (Version:  - )
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetworkRepairTool (HKLM-x32\...\{4694AD3E-D4A2-4D98-9848-662A0475E872}) (Version: 1.2.11.0 - Brother Insutries Ltd.) Hidden
NVIDIA 3D Vision Driver 362.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 362.77 - NVIDIA Corporation)
NVIDIA Graphics Driver 362.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA nView 147.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 147.00 - NVIDIA Corporation)
NVIDIA WMI 2.25.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.25.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8431.2250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8431.2250 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2076 - Microsoft Corporation) Hidden
Optimize 1.6 (GM) 64 Bit (HKLM\...\{02F7B900-E227-47D7-AEB8-568A2D65506F}) (Version: 1.6.0 - General Motors)
Oracle Enterprise Single Sign-On Password Reset (HKLM\...\{0C53F578-9620-45CB-B19E-52745E50D90E}) (Version: 11.1.2.3.1 - Oracle)
Oracle VM VirtualBox 5.1.8 (HKLM\...\{65402252-5DA1-4360-A144-E09BB16AC7A9}) (Version: 5.1.8 - Oracle Corporation)
P08012-WindowsFirewall (HKLM-x32\...\P08012-WindowsFirewall) (Version: 1.5 - )
P11003_Win7IEReg (HKLM\...\P11003_Win7IEReg) (Version: 1.0 - )
P11015_Perfmon_Pre_Requisites_1_2 (HKLM\...\P11015_Perfmon_Pre_Requisites_1_2) (Version: 1.2 - )
P11053_DesktopIcons (HKLM\...\P11053_DesktopIcons) (Version:  - )
P11057_IExplorer9 (HKLM-x32\...\P11057_IExplorer9) (Version:  - )
P11060_regsetting (HKLM\...\P11060_regsetting) (Version: 1.0 - )
P11100_ITSC (HKLM-x32\...\P11100_ITSC) (Version:  - )
P12015_SP1Hotfixes (HKLM\...\P12015_SP1Hotfixes) (Version:  - )
P12022_SPandHLfix (HKLM-x32\...\P12022_SPandHLfix) (Version: 1.0 - )
P12055_BitLockerTPM300 (HKLM\...\P12055_BitLockerTPM300) (Version: 1.0 - )
P12055_BitLockerTPM300 (HKLM-x32\...\P12055_BitLockerTPM300) (Version: 1.0 - )
P12066_OutlookMailClient (HKLM-x32\...\P12066_OutlookMailClient_DotOne) (Version:  - )
PC Dashboard (HKLM-x32\...\{E49035AD-14F1-4A9A-8609-E5648F2B9CC9}) (Version: 2.2.0 - General Motors)
PC-FAXReceive (HKLM-x32\...\{DD40894F-7575-4905-90AB-695FD827E358}) (Version: 1.4.24.0 - Brother Insutries Ltd.) Hidden
PCFaxTx (HKLM-x32\...\{63530B2D-3A34-4D79-A52D-F3EB5D99A7C1}) (Version: 1.1.1.1 - Brother Industries Ltd.) Hidden
PDF-XChange PRO V6 (HKLM\...\{2AFB88EB-3C17-470A-8063-26125FACD62A}) (Version: 6.0.318.1 - Tracker Software Products (Canada) Ltd.)
PhishMe Reporter (HKLM-x32\...\{5E35BE91-27F5-4842-A9A7-B291D32B4B97}) (Version: 3.1.4.0 - PhishMe, Inc.)
Postman-win64-4.10.7 (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\Postman) (Version: 4.10.7 - Postman)
RAMPMulticastPlusReceiver 1.9.0 (HKU\.DEFAULT\...\{596EB59A-1095-4345-9DF6-04A19C703D91}_is1) (Version: 1.9.0 - Ramp Holdings, Inc)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5988 - Realtek Semiconductor Corp.)
RemoteSetup (HKLM-x32\...\{BDD8C463-1183-4A91-9EC8-BF68E4ECA9B6}) (Version: 3.9.2.1 - Brother Industries Ltd.) Hidden
SAFE Servlet (HKLM-x32\...\{E39C38FC-343C-4D3D-8DCA-681C7FF8518A}) (Version: 1.02.00.38 - Guidance Software) Hidden
ScannerUtilityInstaller (HKLM-x32\...\{5B645FE2-19E9-4B15-B5B2-3D8766F6FA27}) (Version: 1.0.0.0 - Brother) Hidden
Skype Meetings App (HKLM-x32\...\{E8E6D26B-382E-43C8-91BA-AB8DF2CD0C10}) (Version: 16.2.0.194 - Microsoft Corporation)
SoapUI 5.2.1 5.2.1 (HKLM\...\5517-2803-0637-4585) (Version: 5.2.1 - SmartBear Software)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
StatusMonitor (HKLM-x32\...\{86D16055-3C14-44C6-BCD7-5514B83BAD34}) (Version: 1.12.4.0 - Brother Insutries Ltd.) Hidden
T16484_2018_B-Client Health (HKLM\...\T16484_2018_B-ClientHealth) (Version: 7.0.6747.18450 - )
Tanium Client 6.0.314.1540 (HKLM-x32\...\Tanium Client) (Version: 6.0.314.1540 - Tanium Inc.)
Telerik Fiddler (HKLM-x32\...\Fiddler2) (Version: 4.6.3.44034 - Telerik)
TortoiseSVN 1.9.5.27581 (64 bit) (HKLM\...\{1655E9E4-04C9-414E-8581-6D1162DFB802}) (Version: 1.9.27581 - TortoiseSVN)
UsbRepairTool (HKLM-x32\...\{523276A4-5779-4105-9163-CA1CF94EC533}) (Version: 1.4.0.0 - Brother Insutries Ltd.) Hidden
VMware Horizon Client (HKLM\...\{692784AA-FB71-48FF-B628-CEDAEAF5AD2D}) (Version: 4.7.0.11074 - VMware, Inc.) Hidden
VMware Horizon Client (HKLM-x32\...\{8cb8771d-2036-4a12-ad5e-ffc7033f6d27}) (Version: 4.7.0.11074 - VMware, Inc.)
VMware Horizon HTML5 Multimedia Redirection Client (HKLM\...\{810F152B-2D43-4B83-93CB-59DBCED47DA8}) (Version: 1.0.0.32813 - VMware, Inc.) Hidden
VMware Horizon Media Engine 4.0.0.472 (64-bit) (HKLM\...\{4B556185-F57B-4F32-87EE-889C5DB30689}) (Version: 4.0.0.472 - VMware, Inc.) Hidden
VMware Player (HKLM\...\{57AA4E8A-E2C9-4F1C-B3F1-762C36E34472}) (Version: 12.1.0 - VMware, Inc.)
VPN Map Drive 3.1.0 (HKLM-x32\...\{F444F904-CCBE-475F-9E04-C1E277E4F477}) (Version: 3.1.0 - GMOL)
Wait For GM Network (HKLM-x32\...\{8DC2831A-5A8D-4738-99C3-045BC8AA017D}) (Version: 1.2.0 - General Motors)
Webex (HKLM-x32\...\{F892F885-138E-4937-844E-3D26619D53BA}) (Version: 1.0 - GMOL)
WebEx Productivity Tools (HKLM-x32\...\{38FFB68E-9EDC-40E9-8B7B-197631EB1973}) (Version: 2.40.6000.10050 - Cisco WebEx LLC)
Webmail (HKLM-x32\...\{5E60CA90-FA07-4320-8B95-12F582333BB7}) (Version: 1.0 - GMOL)
Windows Driver Package - Intel (NETwNs64) net  (04/30/2015 15.11.0.9) (HKLM\...\3A0A5AE912CC81290DB2E472F7DC4CF387C36211) (Version: 04/30/2015 15.11.0.9 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (04/30/2015 15.17.0.1) (HKLM\...\6215B44C20BCFEEA55D04A5A510C7994E3C7E28F) (Version: 04/30/2015 15.17.0.1 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (05/03/2016 18.33.3.2) (HKLM\...\F92EDE49C52942811B20D46BDF1AA577D5602A29) (Version: 05/03/2016 18.33.3.2 - Intel)
Windows Driver Package - Intel (NETwNs64) net  (05/19/2016 18.40.4.2) (HKLM\...\4419AF854EE5ACEB14D99F14BA8B3798E70D8F43) (Version: 05/19/2016 18.40.4.2 - Intel)
WinSCP 5.9.2 (HKLM-x32\...\winscp3_is1) (Version: 5.9.2 - Martin Prikryl)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
WPTx64 (HKLM-x32\...\{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}) (Version: 8.100.25984 - Microsoft)
XML Notepad (HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\8a1eab838c2c5789) (Version: 2.7.1.5 - Chris Lovett)
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\nzh2lq\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\nzh2lq\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.17186.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\nzh2lq\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.194\GatewayActiveX-x64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\nzh2lq\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.17186.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => D:\Notepad++\NppShell_06.dll [2016-03-28] ()
ContextMenuHandlers1: [PGExtension] -> {01ED801E-1A37-4434-A7DA-303ABC37B08C} => C:\Program Files\Avecto\Privilege Guard Client\PGExtension.dll [2018-01-15] (Avecto Ltd.)
ContextMenuHandlers1: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers1: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2017-03-30] (McAfee, Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers2: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Player\vmdkShellExt.dll [2015-11-25] (VMware, Inc.)
ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Player\x64\vmdkShellExt64.dll [2015-11-25] (VMware, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers4: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2017-03-30] (McAfee, Inc.)
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2016-06-10] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-06-10] (NVIDIA Corporation)
ContextMenuHandlers5: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [TortoiseSVN] -> {30351349-7B7D-4FCC-81B4-1E394CA267EB} => C:\Program Files\TortoiseSVN\bin\TortoiseStub.dll [2016-11-26] (hxxp://tortoisesvn.net)
ContextMenuHandlers6: [VirusScan] -> {cda2863e-2497-4c49-9b89-06840e070a87} => C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\shext.dll [2017-03-30] (McAfee, Inc.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-10-27] (WinZip Computing, S.L.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {003CA2EB-18BF-40AE-B466-C849E9B528F6} - System32\Tasks\Reset-LAPS => powershell.exe -ExecutionPolicy bypass -file Reset-LAPS.ps1 <==== ATTENTION
Task: {05341D34-BDDE-45D9-B1C8-36C856C8CF02} - System32\Tasks\GMOL-Perf-OptimizeFull => C:\deploy\Optimize\Optimize [Argument = /full]
Task: {06EF3ECD-CD85-45EB-AD7A-EAA7E4CE228A} - System32\Tasks\BitlockerRecKeyCheck => C:\Windows\System32\wscript.exe //B C:\Deploy\CE17158-BitLockerCheck\BitlockerRecKeyCheck.vbs
Task: {09DB0D56-337E-450F-847E-06E928EAE707} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-08] (Microsoft Corporation)
Task: {0BE205AD-3B1E-4F2D-8BF0-22A299A5DE48} - System32\Tasks\Run_GMRebootReminder => C:\Program Files (x86)\General Motors\GMCMTimer2\gmcmtimer2.exe [2016-08-16] (General Motors)
Task: {11149E59-7757-4E51-A082-54CEB6633353} - System32\Tasks\Environment Path Fix => powershell.exe -ExecutionPolicy bypass -file "\\ONSTAR\dfs\apps\Release Enhancements\GroupPolicy\EnvironmentPathFix\EnvironmentPathFix_v2.1.ps1"
Task: {118DE7F8-32E2-43FF-A6A1-8F03A77F1353} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-27] (Microsoft Corporation)
Task: {26D21B43-4C7B-4AE3-A68E-6229F48C044A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-04-27] (Microsoft Corporation)
Task: {2A66B6D3-1B6E-4E93-A068-00F445DAAB24} - System32\Tasks\GMOL-Perf-Optimizestartup => C:\deploy\Optimize\Optimize [Argument = /startup]
Task: {2A94A85D-F926-48EE-B082-5CEE9E485DF5} - System32\Tasks\update-S-1-5-21-3278618127-1622597835-2076919915-173286 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {2E801A68-D5A0-4D8A-BBEE-BAB6FE13D06C} - System32\Tasks\OneDrive NGSC Migration Process => powershell.exe -ExecutionPolicy bypass -file C:\Deploy\GroupPolicy\OneDrive\d4df69c1-74ff-46a1-bb03-00445ba4c7a7.ps1
Task: {2FD42373-9B53-4325-B0B6-BF0C6C315772} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-08] (Microsoft Corporation)
Task: {3757A1BE-FB13-4B3F-8271-BFF507EC8CFB} - System32\Tasks\FixSCCMv5.1 => Command(1): cmd.exe -> /c "(if Not Exist c:\Logs\FixSCCM md c:\Logs\FixSCCM)"
Task: {3757A1BE-FB13-4B3F-8271-BFF507EC8CFB} - System32\Tasks\FixSCCMv5.1 => Command(2): cmd.exe -> /c "(Timeout /t 2) &amp;&amp; (Echo %Date% %Time% %ComputerName% &gt;&gt; c:\Logs\FixSCCM\FixSCCM.Log) &amp; (Taskkill /f /im ccmexec.exe) &amp; (net stop CcmExec &gt;&gt; c:\Logs\FixSCCM\FixSCCM.log) &amp; (net start CcmExec &gt;&gt; c:\Logs\FixSCCM\FixSCCM.log)"
Task: {3B62F538-496F-4B18-BC45-A17F8F7D8291} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe [2017-11-08] (Microsoft Corporation)
Task: {497CC12A-482C-4700-A19E-1EE9CABA0226} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-27] (Google Inc.)
Task: {502CD86A-BCBF-4F6D-A66B-6EC54C8F35DF} - System32\Tasks\Microsoft\UE-V\Sync Controller Application => C:\Program Files\Microsoft User Experience Virtualization\Agent\Microsoft.Uev.SyncController.exe [2015-06-25] (Microsoft Corporation)
Task: {5053EEAF-ECD9-43CD-B757-BBA2C4676B43} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {53461F32-2F66-4607-A036-37FE008650B5} - System32\Tasks\Explorer_Monitor => "explorer.exe" 
Task: {56BC94BA-0B7C-425E-8163-0A6DCCC635D2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-06-08] (Microsoft Corporation)
Task: {5D165F0A-F745-4F9D-9476-8E7BF459626B} - System32\Tasks\BitlockerOn => C:\Windows\System32\wscript.exe //B C:\Deploy\MNE\BitLockerOn.vbs
Task: {68CCF14D-79B3-417C-A394-69A996927E46} - System32\Tasks\Microsoft\Workplace Join\Automatic-Workplace-Join => C:\Program Files\Microsoft Workplace Join\AutoWorkplace.exe [2017-06-12] (Microsoft Corporation)
Task: {7534521F-A196-4003-9FB2-CBB462A83030} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-14] ()
Task: {7C97C84D-99E1-4826-BCD5-7610764F802E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-27] (Google Inc.)
Task: {7D053148-79BF-4CFC-B216-AEEDFEE69212} - System32\Tasks\Microsoft\UE-V\Synchronize Settings at Logoff => C:\Program Files\Microsoft User Experience Virtualization\Agent\Microsoft.Uev.SyncController.exe [2015-06-25] (Microsoft Corporation)
Task: {7DA869AA-5984-4854-BCE7-866E8FF826C4} - System32\Tasks\GMOL-Perf-OptimizeQuick => C:\deploy\Optimize\Optimize [Argument = /Quick]
Task: {7E2DE09D-940E-4AEF-8D7A-48C7BF31B003} - System32\Tasks\NETBIOS - disable => powershell.exe -ExecutionPolicy bypass -file C:\Deploy\GroupPolicy\NETBIOS\SwitchNetBios.ps1 -set disable
Task: {8035F1C2-880D-454D-9CD4-A993CC8D86FA} - System32\Tasks\ClientHealth-AutoUpdate => C:\Program Files\GM IT Tools\ClientHealth\ClientHealthAutoUpdate.exe [2017-09-26] (General Motors)
Task: {85C1B114-B426-4B25-BB02-FE5B29EF9BC4} - System32\Tasks\ConfigNetPolicy => C:\Deploy\WiredPolicyRollback\Deploy-Application.exe [2015-04-19] (PSAppDeployToolkit)
Task: {8CA8920D-39F6-4E8F-A6F9-C77F1C31691E} - System32\Tasks\Microsoft\UE-V\Upload CEIP data => C:\Program Files\Microsoft User Experience Virtualization\Agent\UevSqmUploader.exe [2015-06-25] (Microsoft Corporation)
Task: {962F7F6E-187A-4E3C-9A1E-D6699BFADDD4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-14] ()
Task: {A00E5665-F310-45B7-B15D-8E341C4A63B6} - System32\Tasks\TPM_Ownership => C:\Windows\System32\wscript.exe //B C:\Deploy\MNE\EnableBitlocker.vbs
Task: {A48FB0BC-0679-46C1-9D96-CED6D273806C} - System32\Tasks\FINISHSCREENOFF => REG.EXE ADD HKLM\Software\Microsoft\Windows\Currentversion\Authentication\LogonUI\Background /V OEMBackground /T REG_DWORD /d 00000000 /f
Task: {A8D2C618-9A3D-4FF2-A96F-D9761C91FC02} - System32\Tasks\RepairNetPolicy => C:\Deploy\MachineWiredRepair\Files\x64\ServiceUI.exe [2017-09-13] (Microsoft Corporation)
Task: {B14B0E54-E31B-4EDE-9CC3-AD8232311CCB} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2017-04-12] (TODO: <Company name>)
Task: {B938AAC0-BAC6-4E86-833F-695669B85E5D} - System32\Tasks\Microsoft\UE-V\Template Auto Update => C:\Program Files\Microsoft User Experience Virtualization\Agent\x64\ApplySettingsTemplateCatalog.exe [2015-06-25] (Microsoft Corporation)
Task: {C016366B-7126-46CA-B36B-592A3D95A60B} - \Microsoft\Windows\Customer Experience Improvement Program\Consolidator -> No File <==== ATTENTION
Task: {CBA042FD-483A-4F63-ACC3-60A971ACACA4} - System32\Tasks\Boot Time => cscript.exe c:\deploy\boottime\boot_analysis.vbs /SLEEP:1800
Task: {CDE87C87-F00D-4E98-A266-E4368BD99573} - System32\Tasks\BitlockerOnCheck => C:\Windows\System32\wscript.exe //B C:\Deploy\MNE\BitLockerOnCheck.vbs
Task: {D60EB475-04F3-497A-8F35-A95FD2981E27} - System32\Tasks\Microsoft\UE-V\Collect CEIP data => C:\Program Files\Microsoft User Experience Virtualization\Agent\UevSqmSession.exe [2015-06-25] (Microsoft Corporation)
Task: {DAE6FBDA-C9FB-4363-910B-42F3AE2CCBED} - System32\Tasks\SD_Bitlocker_Reboot => C:\Windows\System32\wscript.exe //B C:\Deploy\CE17158-BitLockerCheck\SD_Bitlocker_Reboot.vbs
Task: {DC7DB04D-725D-43DD-AEED-5EE9BD4CEF96} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_126_pepper.exe [2017-12-23] (Adobe Systems Incorporated)
Task: {EA918F87-2376-4D43-8114-8A16D73C8C4D} - System32\Tasks\Launch_Explorer => Explorer.exe 
Task: {F40E16D3-B4E9-43C9-88C4-752223FAFDCC} - System32\Tasks\Microsoft\UE-V\Monitor Application Settings => C:\Program Files\Microsoft User Experience Virtualization\Agent\UevAppMonitor.exe [2015-06-25] (Microsoft Corporation)
Task: {F85A1B73-9DD6-44ED-BD7D-7FD192942DF1} - System32\Tasks\P12066_OutlookMailClient => C:\DEPLOY\P12066_OutlookMailClient\P12066_OutlookMailClient.vbs [Argument = /Silent]
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3278618127-1622597835-2076919915-173286.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
Shortcut: C:\Users\nzh2lq\Desktop\jm.bat - Shortcut.lnk -> D:\jmeter\apache-jmeter-2.13\bin\jm.bat ()
 
ShortcutWithArgument: C:\Users\nzh2lq\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
ShortcutWithArgument: C:\Users\nzh2lq\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d5c17e1c574d23d\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
ShortcutWithArgument: C:\Users\Public\Desktop\Webmail.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://webmail.gm.com"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-11 07:28 - 2016-06-10 06:54 - 003167168 _____ () C:\WINDOWS\system32\nvwmi64.exe
2015-11-26 09:53 - 2015-11-26 09:53 - 000089088 _____ () C:\Program Files\IBM\ISAM ESSO\AA\zlibwapi.dll
2015-11-26 10:18 - 2015-11-26 10:18 - 000186880 _____ () C:\Program Files\IBM\ISAM ESSO\AA\GSKit\N\icc\icclib\icclib019.dll
2015-11-26 10:18 - 2015-11-26 10:18 - 001224704 _____ () C:\Program Files\IBM\ISAM ESSO\AA\GSKit\N\icc\osslib\libeay32IBM019.dll
2016-03-11 07:27 - 2016-06-10 02:24 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-01 07:38 - 2010-05-13 23:48 - 000192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2015-05-01 07:38 - 2010-05-13 23:48 - 000065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2017-11-17 22:43 - 2017-11-17 22:43 - 000349576 _____ () C:\Program Files\Windows\D56\edpa.exe
2017-11-17 22:43 - 2017-11-17 22:43 - 000050568 _____ () C:\Program Files\Windows\D56\cdh.dll
2016-03-29 19:14 - 2016-03-29 19:14 - 000104616 _____ () C:\Program Files\Windows\D56\boost_thread-vc100-mt-1_54.dll
2016-03-29 19:14 - 2016-03-29 19:14 - 000025768 _____ () C:\Program Files\Windows\D56\boost_system-vc100-mt-1_54.dll
2016-03-29 19:14 - 2016-03-29 19:14 - 000034984 _____ () C:\Program Files\Windows\D56\boost_chrono-vc100-mt-1_54.dll
2017-11-17 22:43 - 2017-11-17 22:43 - 000309640 _____ () C:\Program Files\Windows\D56\cm.DLL
2016-03-29 19:14 - 2016-03-29 19:14 - 000125096 _____ () C:\Program Files\Windows\D56\boost_filesystem-vc100-mt-1_54.dll
2017-11-17 22:43 - 2017-11-17 22:43 - 003765128 _____ () C:\Program Files\Windows\D56\asvc.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 000954248 _____ () C:\Program Files\Windows\D56\as.DLL
2017-11-17 22:44 - 2017-11-17 22:44 - 001086856 _____ () C:\Program Files\Windows\D56\scs.DLL
2017-11-17 22:44 - 2017-11-17 22:44 - 000297352 _____ () C:\Program Files\Windows\D56\tl.dll
2016-03-29 19:14 - 2016-03-29 19:14 - 000057000 _____ () C:\Program Files\Windows\D56\boost_date_time-vc100-mt-1_54.dll
2017-11-17 22:45 - 2017-11-17 22:45 - 000030088 _____ () C:\Program Files\Windows\D56\l10n\en_US.dll
2017-11-17 22:43 - 2017-11-17 22:43 - 000107400 _____ () C:\Program Files\Windows\D56\aqp.dll
2017-11-17 22:43 - 2017-11-17 22:43 - 001106312 _____ () C:\Program Files\Windows\D56\ntwc.DLL
2017-11-17 22:44 - 2017-11-17 22:44 - 000237960 _____ () C:\Program Files\Windows\D56\nfi.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 000379272 _____ () C:\Program Files\Windows\D56\caed.dll
2017-11-17 22:44 - 2017-11-17 22:44 - 001484168 _____ () C:\Program Files\Windows\D56\pp.DLL
2017-11-17 22:44 - 2017-11-17 22:44 - 000177032 _____ () C:\Program Files\Windows\D56\rtc.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 000160136 _____ () C:\Program Files\Windows\D56\msl.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 001081224 _____ () C:\Program Files\Windows\D56\disc.DLL
2016-03-29 19:14 - 2016-03-29 19:14 - 000790184 _____ () C:\Program Files\Windows\D56\boost_regex-vc100-mt-1_54.dll
2017-11-17 22:43 - 2017-11-17 22:43 - 001548680 _____ () C:\Program Files\Windows\D56\ih.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 002048392 _____ () C:\Program Files\Windows\D56\appc.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 000428424 _____ () C:\Program Files\Windows\D56\hmc.DLL
2017-11-17 22:44 - 2017-11-17 22:44 - 000598408 _____ () C:\Program Files\Windows\D56\ui.DLL
2017-11-17 22:44 - 2017-11-17 22:44 - 000470920 _____ () C:\Program Files\Windows\D56\sch.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 000788872 _____ () C:\Program Files\Windows\D56\fsc.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 000188296 _____ () C:\Program Files\Windows\D56\cdc.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 001086856 _____ () C:\Program Files\Windows\D56\amc.DLL
2017-11-17 22:44 - 2017-11-17 22:44 - 000343944 _____ () C:\Program Files\Windows\D56\qm.DLL
2017-11-17 22:44 - 2017-11-17 22:44 - 000672136 _____ () C:\Program Files\Windows\D56\PluginProxy.DLL
2017-11-17 22:43 - 2017-11-17 22:43 - 004272520 _____ () C:\Program Files\Windows\D56\dc.DLL
2017-11-17 22:45 - 2017-11-17 22:45 - 000124808 _____ () C:\Program Files\Windows\D56\IDMCoreDynLib.dll
2017-09-12 10:38 - 2017-09-12 10:38 - 003748352 _____ () C:\WINDOWS\system32\enstart64.exe
2017-04-24 17:39 - 2017-04-24 17:39 - 000218528 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2017-10-18 15:44 - 2017-10-18 15:44 - 002951584 _____ () C:\Program Files (x86)\VMware\ScannerRedirection\ftscanmgrhv.exe
2018-03-01 13:11 - 2018-03-01 13:11 - 000046080 _____ () C:\Program Files (x86)\General Motors\IT Software Center\ITSC Service.exe
2017-03-23 19:43 - 2017-03-23 19:43 - 000558312 _____ () C:\Program Files\McAfee\Agent\sqlite.dll
2017-03-23 19:42 - 2017-03-23 19:42 - 000058376 _____ () C:\Program Files\McAfee\Agent\MXML.dll
2017-03-23 19:44 - 2017-03-23 19:44 - 000027920 _____ () C:\Program Files\McAfee\Agent\trex.dll
2017-03-23 19:11 - 2017-03-23 19:11 - 000152352 _____ () C:\Program Files\McAfee\Agent\libuv.dll
2017-03-23 19:46 - 2017-03-23 19:46 - 000120872 _____ () C:\Program Files\McAfee\Agent\zlib.dll
2017-03-23 19:10 - 2017-03-23 19:10 - 000033552 _____ () C:\Program Files\McAfee\Agent\libini.dll
2018-07-24 16:10 - 2017-12-05 11:17 - 000012800 _____ () C:\Program Files (x86)\RAMPMulticastPlusReceiver\RAMPMulticastPlusReceiverService.exe
2017-11-17 22:43 - 2017-11-17 22:43 - 000390536 _____ () C:\Program Files\Windows\D56\wdp.exe
2016-03-29 18:41 - 2016-03-29 18:41 - 000068096 _____ () C:\Program Files\Windows\D56\Verity\kvthread.dll
2016-08-22 14:55 - 2016-08-22 14:55 - 004914112 _____ () C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe
2017-11-17 22:43 - 2017-11-17 22:43 - 000262536 _____ () C:\Program Files\Windows\D56\fom64.dll
2017-11-17 22:44 - 2017-11-17 22:44 - 000284552 _____ () C:\Program Files\Windows\D56\pom64.dll
2017-07-25 13:15 - 2018-03-14 09:12 - 008929480 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-11-26 14:48 - 2016-11-26 14:48 - 000095184 _____ () C:\Program Files\TortoiseSVN\bin\libsasl.dll
2017-11-17 22:43 - 2017-11-17 22:43 - 002665864 _____ () C:\WINDOWS\system32\cui.exe
2017-11-17 22:44 - 2017-11-17 22:44 - 000286600 _____ () C:\Program Files\Windows\D56\chrm64.dll
2017-11-17 22:43 - 2017-11-17 22:43 - 000426376 _____ () C:\Program Files\Windows\D56\clpbm64.dll
2018-08-08 14:24 - 2018-08-07 20:41 - 004855640 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libglesv2.dll
2018-08-08 14:24 - 2018-08-07 20:41 - 000115544 _____ () C:\Program Files (x86)\Google\Chrome\Application\68.0.3440.106\libegl.dll
2017-11-17 22:44 - 2017-11-17 22:44 - 000210824 _____ () C:\Program Files\Windows\D56\brkrprcs64.exe
2018-08-19 08:56 - 2018-07-24 12:32 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-05-17 09:16 - 2017-05-17 09:16 - 000073728 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2017-04-05 00:15 - 2017-04-05 00:15 - 000079256 _____ () C:\Program Files (x86)\Autonomy\Connected BackupPC\SDK8.dll
2017-07-25 13:15 - 2018-03-14 09:12 - 008928968 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-04-24 17:39 - 2017-04-24 17:39 - 000230304 _____ () C:\Program Files (x86)\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2017-11-20 14:03 - 2017-11-20 14:03 - 000666216 _____ () C:\Program Files (x86)\McAfee\Management of Native Encryption\mfeccf32mn.dll
2015-11-25 18:10 - 2015-11-25 18:10 - 001301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2017-03-23 19:43 - 2017-03-23 19:43 - 000433808 _____ () C:\Program Files\McAfee\Agent\x86\sqlite.dll
2017-03-23 19:41 - 2017-03-23 19:41 - 000048536 _____ () C:\Program Files\McAfee\Agent\x86\MXML.dll
2017-03-23 19:44 - 2017-03-23 19:44 - 000026824 _____ () C:\Program Files\McAfee\Agent\x86\trex.dll
2017-03-23 19:11 - 2017-03-23 19:11 - 000141496 _____ () C:\Program Files\McAfee\Agent\x86\libuv.dll
2017-03-23 19:10 - 2017-03-23 19:10 - 000028904 _____ () C:\Program Files\McAfee\Agent\x86\libini.dll
2017-05-17 09:16 - 2017-05-17 09:16 - 000033792 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_system-vc140-mt-1_59.dll
2017-05-17 09:16 - 2017-05-17 09:16 - 000062976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_date_time-vc140-mt-1_59.dll
2017-05-17 09:16 - 2017-05-17 09:16 - 000126976 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\boost_filesystem-vc140-mt-1_59.dll
2016-08-22 14:52 - 2016-08-22 14:52 - 002187712 _____ () C:\Program Files (x86)\Tanium\Tanium Client\TaniumCryptoLibrary.dll
2017-07-25 13:15 - 2017-07-25 13:15 - 001754296 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\tmpod.dll
2017-07-25 13:15 - 2018-03-14 09:12 - 000039112 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\lynchtmlconvpxy.dll
2009-02-27 16:38 - 2009-02-27 16:38 - 000139264 _____ () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-05-17 09:06 - 2017-05-17 09:06 - 000171008 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Plugins\aciseapi.dll
2018-01-25 10:21 - 2018-01-25 10:21 - 000038568 _____ () C:\Program Files\McAfee\TIEM\mfelpcHelper.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\nzh2lq\Desktop\2018-CombinedCalendars.xlsx:PG$Secure [402]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\000.xls:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\2017-cad-xt5-brochure.pdf:PG$Secure [634]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\2017FallCourseCatalogOutput  [Term-A17][7.13.2017 7.34.13 PM].doc:PG$Secure [638]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\2018-CombinedCalendars.xlsx:PG$Secure [402]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\24852531_10209071049093246_6502460086890419016_n.jpg:PG$Secure [658]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\61665_EDM.pdf:PG$Secure [554]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\AdjustGetVehicleUnitEnrollActV1.zip:PG$Secure [650]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\adwcleaner_7.2.2.exe:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\agent confiuration + activity screens.docx:PG$Secure [466]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\AI.jpg:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\AI.jpg:PG$Secure [261]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ALM-Platform-Loader.msi:PG$Secure [274]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Appointment Letter.pdf:PG$Secure [366]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\appOnly.zip:PG$Secure [502]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\AprilDotMaster_V17_20180427.jar:PG$Secure [594]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Assessment_gener_en6_20170421.html:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\basic_overview.pptx:PG$Secure [578]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\CATALOG.zip:PG$Secure [390]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\CDPT Overview.ppt:PG$Secure [318]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ComponentStatistics.xls:PG$Secure [1166]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Contacts.vcf:PG$Secure [1582]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Content Staging Request for Release - R6.9_Maj2017.10 WNPROD    R6.9_Maj2017.10 MFPROD.msg:PG$Secure [858]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Controller.pdf:PG$Secure [3195]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\CSSA 7.1 Study Guide (2016 February 64 pages).docx:PG$Secure [626]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\detailed_overview.wmv:PG$Secure [586]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\DL-72184.zip:PG$Secure [410]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\DL-75747.zip:PG$Secure [410]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Download File.pdf:PG$Secure [366]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\DSS and prconfig.xml (2).docx:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\dss.zip:PG$Secure [498]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM0701-010215NoApp.zip:PG$Secure [562]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM0701-070102toMaxNo070101NoApp.jar:PG$Secure [614]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM0701RSV070101-OnlyNoApp.zip:PG$Secure [590]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM701.jar:PG$Secure [510]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDMProductIDT7PP7PP8V2 - Copy.zip:PG$Secure [562]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDMProductIDT7PP7PP8V2.zip:PG$Secure [562]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDMProductIDT7PP7PP8v3.zip:PG$Secure [574]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\edmsvcAppRuleOnly.zip:PG$Secure [610]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM_2018_NA_03_Mar_DDL.zip:PG$Secure [1194]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM_61665_Quick_RunBookV2.7.docx:PG$Secure [2611]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EDM_61665_SystemDesignDocument_V1.4.docx:PG$Secure [622]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Entilement_Dec_Master_fromDev2.jar:PG$Secure [662]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\entireEdmApplicationFromeDev02.zip:PG$Secure [606]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Entitlements06-09-17FromIDT3 (1).zip:PG$Secure [654]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Entitlements06-09-17FromIDT3.zip:PG$Secure [654]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EntitlementsRSV_060941_20180315T0546PM.jar:PG$Secure [682]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\EntitlementsRSV_060941_20180315T0546PM.zip:PG$Secure [682]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Entitlements_NBM_RSV_061001_20180213T1157AM.jar:PG$Secure [714]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ExceptionCountByDayForPCF_2018-01-03_16-22-23.xls:PG$Secure [1302]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ExportData (1).xls:PG$Secure [778]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ExportData.xls:PG$Secure [686]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Ezell.docx:PG$Secure [3199]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Fences3-sd-setup.exe:PG$Secure [270]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\FiddlerSetup.exe:PG$Secure [334]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\FRST64.exe:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\FRST64.exe:PG$Secure [714]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\GAA_Events_Guide_Sep 2018 (1).docx:PG$Secure [438]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\GAA_Events_Guide_Sep 2018.docx:PG$Secure [438]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\GM-GCCX-EDM-Data-EventMessageConsumer_20170815T193336.116 GMT.csv:PG$Secure [930]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\GPD GPSC All People Meeting Oct 4.ics:PG$Secure [974]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\GPD-GPSC-Quality-Feb-2018-APM2 (1).ics:PG$Secure [914]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\GPD-GPSC-Quality-Feb-2018-APM2.ics:PG$Secure [914]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\HottNotes4.1Setup.exe:PG$Secure [294]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\How-to-Use-OAP-and-Apply-to-an-Internal-Posting (3-7-17) (1).pptx:PG$Secure [646]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\https.edm-idt1-epgw.onstar.gm.com151472018-01-03T18.10.24.fpr:PG$Secure [558]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\IMG_0343.JPG:PG$Secure [558]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\installbackupandsync.exe:PG$Secure [1010]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Item+details_2018-01-03_16-24-29.xls:PG$Secure [1446]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\LogsAuth.txt_0.zip:PG$Secure [330]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\LWAPlugin64BitInstaller32.msi:PG$Secure [370]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6397.exe:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.421-1.0.6397.exe:PG$Secure [498]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\MXOLE_20170720T195626_GMT.jar:PG$Secure [642]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\NavTest_20171002T153411_GMT.jar:PG$Secure [634]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnetasticInstaller.x86.exe:PG$Secure [390]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsContext014404to014606-20171122T1041AM.jar:PG$Secure [646]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchData_20180216T0320PM.jar:PG$Secure [666]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchData_V2_20180417T0915AM.jar:PG$Secure [678]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchMaster_20180118T0917AM.jar:PG$Secure [674]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchMaster_20180216T1255PM.jar:PG$Secure [674]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchMaster_20180221T0203PM.jar:PG$Secure [674]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnsMKTBatchMaster_V4_20180417T0851AM.jar:PG$Secure [686]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\OnStar_Global_Application_Release_Form (2).xls:PG$Secure [470]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega Platform Security.pdf:PG$Secure [450]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-DecisionEngine071026.zip:PG$Secure [574]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-ImportExport071026.zip:PG$Secure [566]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-IntegrationArchitect071026.zip:PG$Secure [598]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-LP-Application071026.zip:PG$Secure [574]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-LP-SystemSettings071026.zip:PG$Secure [586]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega-RULES071026.zip:PG$Secure [538]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Pega7 - Customizing Login-Screen.docx:PG$Secure [502]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\PEGA_EVENTS_FOR_GM20180222.csv:PG$Secure [498]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\PEGA_EVENTS_FOR_GM20180319 (1).csv:PG$Secure [498]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\PEGA_EVENTS_FOR_GM20180319.csv:PG$Secure [498]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\PEGA_TRIGGERED20180419.csv:PG$Secure [498]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\PenTest_Report_ASMS-61665_PPM-86413_Aug-30-2017 (1) (1).zip:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\PenTest_Report_ASMS-61665_PPM-86413_Aug-30-2017 (1) (2).zip:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\PICNIC LUNCH MENU.docx:PG$Secure [3111]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Policy_Sec_6_web.mht:PG$Secure [438]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Procmon.exe:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Proof of Citizenship.pdf:PG$Secure [366]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\propositions-swagger-single.yaml:PG$Secure [602]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ReimageRepair (1).exe:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ReimageRepair (1).exe:PG$Secure [294]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\RS_GetVehicleUnitSvc060433D20171208T0122PM.jar:PG$Secure [710]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Rule Resolution.docx:PG$Secure [346]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20170921T162133.643 GMT.zip:PG$Secure [1182]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20171024T210526.695 GMT.zip:PG$Secure [1150]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180206T034138.774 GMT (1).zip:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180206T034138.774 GMT (1).zip:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180206T034138.774 GMT.zip:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180206T034138.774 GMT.zip:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\ScanResults_20180216T192510.286 GMT.zip:PG$Secure [1150]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\section.docx:PG$Secure [257]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Secure_CrossSiteForgeOFF.zip:PG$Secure [582]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Secure_CrossSiteForgeON.zip:PG$Secure [578]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\SecurityDSSRules.jar:PG$Secure [606]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Security_Assessment_gener_en6_20170504.html:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\SendLog_Pega20180213.csv:PG$Secure [498]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\setup-lightshot.exe:PG$Secure [270]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\setup.exe:PG$Secure [362]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\SharedDrive_1349-191.xlsx:PG$Secure [454]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\SharedDrive_1349-209 (1).xlsx:PG$Secure [454]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\SharedDrive_1349-209.xlsx:PG$Secure [454]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\SharedDrive_1349-246.xlsx:PG$Secure [454]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\sivaid.zip:PG$Secure [510]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\SSAAdv_73_20170801.ova:PG$Secure [406]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Story 3647 - Dynamic Advisor - QA.docx:PG$Secure [634]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Story 3695 - Dynamic Advisor - Cancel Save Flow.docx:PG$Secure [706]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Story 3707 - Advisor Ops Enhancements - Advisor Payout-Rank.docx:PG$Secure [778]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\TestMultiAppsInOneProduct_20180313T1047AM.zip:PG$Secure [706]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Thesis.pdf:PG$Secure [3199]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\United-States-Holidays.zip:PG$Secure [454]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\User Guide - People Data Request.pptx:PG$Secure [510]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (1).zip:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (2).zip:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (2).zip:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (3).zip:Avecto.Zone.Identifier [26]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11) (3).zip:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\was-report-ASMS-00061665-SITEID-00000000-UID-127258816-APPNAME-enterprise_decision_management_idt1-ANALYZED (11).zip:PG$Secure [1478]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Web Service Scan Results Feb.pdf:PG$Secure [626]
AlternateDataStreams: C:\Users\nzh2lq\Downloads\Y15A_C2_UWC_PP-inst-E1.EXE:PG$Secure [362]
AlternateDataStreams: C:\Users\nzh2lq\Documents\Pega Report future-of-work-report.pdf:PG$Secure [398]
AlternateDataStreams: C:\Users\nzh2lq\Documents\Pega_Academy_Virtual_Machine_User_Guide.pdf:PG$Secure [526]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\achievers.com -> hxxps://gm.achievers.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\bluejeans.com -> gm.bluejeans.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\centerlearning.com -> centerlearning.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\coremetrics.com -> hxxps://libs.coremetrics.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\dcwipvggmnp01 -> hxxp://dcwipvggmnp01
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\e-access.att.com -> e-access.att.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\egain.net -> egain.net
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\exct.net -> image.exct.net
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\gmprograminfo.com -> gmprograminfo.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\hp.com -> hp.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\Intradiem.com -> Intradiem.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\jasperwireless.com -> jasperwireless.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\Knowlagentondemand.com -> Knowlagentondemand.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\kontiki.com -> kontiki.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\live.com -> live.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\liveperson.net -> hxxps://lptag.liveperson.net
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\mediaplatform.com -> mediaplatform.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\merkleinc.com -> merkleinc.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\mibpi.com -> mibpi.com
IE trusted site: HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\...\minacs.com -> minacs.com
 
There are 19 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2018-07-26 10:25 - 000000077 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 view-localhost # view localhost server
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3278618127-1622597835-2076919915-173286\Control Panel\Desktop\\Wallpaper -> C:\Users\nzh2lq\AppData\Local\Microsoft\DesktopData\DesktopWallpaper.jpg
DNS Servers: 10.121.160.122 - 148.93.52.152
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{FDB3A40B-DBA7-43C2-9F50-FBDBC225113E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{BEEFBA38-99E5-4FFF-B803-76C4059B789E}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{0010B3A7-8E85-4182-9E3F-211F710C7663}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{D7E61E2B-A21F-48D8-B9DC-5855AECCD191}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{19B698E0-DBAE-406D-A86A-B3A55175AC80}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{4EEEF7A0-C360-4B97-83E3-55B12EA69565}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
FirewallRules: [{3894D9FE-974B-4128-9CE1-1CB2BFF4940F}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{21E52303-5270-4568-B992-B7CBED801FEC}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\MfeServiceMgr.exe
FirewallRules: [{E6B75D49-BEC8-4383-A010-5C74EF3855C6}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe
FirewallRules: [{91BC7DB3-B6B4-497C-A63C-2A65984844D7}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe
FirewallRules: [{1F96746E-BC78-4E1A-A44F-642171E18EB5}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe
FirewallRules: [{3FB547E6-A64D-4790-BEF2-BB939D09FAED}] => (Allow) C:\Program Files (x86)\McAfee\Common Framework\macmnsvc.exe
FirewallRules: [{C108EB46-F16A-4C72-8325-A9B3DC9105C8}] => (Allow) LPort=17472
FirewallRules: [{439B3EA3-5715-4D3E-9F24-94B53E21854A}] => (Allow) LPort=17472
FirewallRules: [TCP Query User{AD660C74-8413-4F7D-B11F-3236FD508251}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [UDP Query User{E4ADC1A4-7752-4835-80A9-BDD074C14A7E}C:\windows\system32\rundll32.exe] => (Allow) C:\windows\system32\rundll32.exe
FirewallRules: [{A1C2E321-D7E1-46C5-BF0D-3FEEB9D52592}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{6096057D-CDC6-4243-B1BA-16D9F06B0884}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{9EE302C7-3619-491B-B4E2-9909190FEF47}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe
FirewallRules: [UDP Query User{D6F79139-A6BB-4032-AD35-A4267F22E796}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe
FirewallRules: [TCP Query User{05D7A614-C174-4A27-BAE1-CBB8078ACE22}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{18F3A893-0287-46EB-A690-EE907E972CF8}C:\windows\system32\java.exe] => (Allow) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{7D727B4C-F8DF-412F-ACB3-4BFCD8B195C6}C:\windows\system32\java.exe] => (Block) C:\windows\system32\java.exe
FirewallRules: [UDP Query User{B3D3847C-D7A2-491D-B491-68D510B79E37}C:\windows\system32\java.exe] => (Block) C:\windows\system32\java.exe
FirewallRules: [TCP Query User{812BC331-6F3B-4DE3-945E-FC18B46B331F}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe
FirewallRules: [UDP Query User{BA94B4E1-3973-4AB1-9109-BB3E58ECC6C0}C:\program files (x86)\microsoft office\office15\lync.exe] => (Block) C:\program files (x86)\microsoft office\office15\lync.exe
FirewallRules: [TCP Query User{AB39CFE8-AEB9-4ED3-BA4F-C56FF0AA8FD2}C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe] => (Allow) C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe
FirewallRules: [UDP Query User{67BF3FFD-63C0-467E-B98A-B519A5898E1F}C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe] => (Allow) C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe
FirewallRules: [{24446560-D1B1-4F91-9AA8-98B8177E651B}] => (Block) C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe
FirewallRules: [{9FCFAB55-5F3A-466B-83F8-3F602D929FFC}] => (Block) C:\program files\smartbear\soapui-5.2.1\bin\soapui-5.2.1.exe
FirewallRules: [{D71BC3BC-7AEA-45B8-8EC3-9AB8211F269C}] => (Allow) D:\Programs\brodnt\install\wlan_wiz\.\wlan_assistant\waw.exe
FirewallRules: [{37F32EB4-BF67-4C6E-B30C-57742B851E88}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [{E041D87E-5FF9-4FB8-9813-1DE1A4F3E2B1}] => (Allow) c:\program files (x86)\pc-faxreceive\brengineprocess.exe
FirewallRules: [TCP Query User{5B0D0036-F2F2-4B25-9615-65EDB0675475}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [UDP Query User{FB8CC181-4E28-4668-B72F-193EC5274B29}C:\windows\explorer.exe] => (Allow) C:\windows\explorer.exe
FirewallRules: [{B5E944A1-919A-42AB-963A-1B28846FC723}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
FirewallRules: [{8DD75EF2-3725-40D1-82FA-A4BD9D1DF266}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
FirewallRules: [{AD32FD7E-3F7F-4AB8-B320-825F3A802355}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
FirewallRules: [{7F10C83C-75AB-45AF-9B6A-B00583FD2465}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe
FirewallRules: [{50FC4349-BB8F-42FC-8B4F-6D8E86EC6249}] => (Allow) LPort=17472
FirewallRules: [{F2F91A2A-9D29-4A1B-AD41-B6813BB59C6E}] => (Allow) LPort=17472
FirewallRules: [{3A80C758-A31E-49DD-819D-A73951CCD4BC}] => (Allow) LPort=17472
FirewallRules: [{BE9D3F37-59EA-4CD9-B761-025ECB5134DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C7EA5B17-700A-4F9B-9C47-36A4A9DE77B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2BE14760-EDDF-434E-B07A-CEE4A213020E}] => (Allow) D:\Programs\Fiddler\Fiddler2\Fiddler.exe
FirewallRules: [{F472A6A7-8098-4B56-9879-8B561C825C86}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{66DABE1F-1E09-4B93-A999-EB01DBB70679}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{0F9E1C09-D264-42D0-A217-86E59229BD2F}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{DBD8BE7D-2C7E-4029-9F1E-D67928C8490C}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{53288CCB-DEB8-43D4-8DBD-5618037943BF}] => (Allow) LPort=17472
FirewallRules: [{DA398D84-1FE8-4BF4-9C44-5F6B1F5E55ED}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2200691B-5D1F-49BA-B3D9-DF66667F5D78}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{54D4B6B0-01FB-4829-9CDB-562A593397B6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{4051E499-CAB6-42F2-A57B-B7459D504B53}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{530CEF05-A264-4946-B832-35CA6678B09B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{DB4A5758-5CFA-4635-85FC-A27821FB587C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{95A93D24-37A5-4C8E-9651-B6CD336DA310}] => (Allow) C:\WINDOWS\system32\enstart64.exe
FirewallRules: [{5B0F8DFA-7775-4851-8150-9A4DE16F3F86}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [{2203FCB4-B3B3-41BF-878B-E26DBD293F73}] => (Allow) C:\Program Files (x86)\Autonomy\Connected BackupPC\ConnectedAgent.exe
FirewallRules: [TCP Query User{F6FBAAD4-1D96-4DF8-AC0C-8A2B9798CBA6}C:\users\nzh2lq\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.194\pluginhost.exe] => (Block) C:\users\nzh2lq\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.194\pluginhost.exe
FirewallRules: [UDP Query User{269BE6E5-C7DF-483B-A104-43512695CD6D}C:\users\nzh2lq\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.194\pluginhost.exe] => (Block) C:\users\nzh2lq\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.194\pluginhost.exe
FirewallRules: [{456E9DCB-59AD-41CD-9C2F-ABE6F3067355}] => (Allow) LPort=54925
FirewallRules: [{DC9AFE37-2B47-430C-9B95-DE8398359F11}] => (Allow) C:\Program Files\1E\NomadBranch\NomadPackageLocator.exe
FirewallRules: [{84526BC0-50B3-4C46-BE55-AAC66D0418F7}] => (Allow) C:\Program Files\1E\NomadBranch\NomadPackageLocator.exe
FirewallRules: [{3A1C3CDE-AB53-4E05-B71C-E66B0F0DEE94}] => (Allow) C:\Program Files\1E\NomadBranch\PackageStatusRequest.exe
FirewallRules: [{C3C71CCB-FC0B-451B-86A5-2FE5D566C56E}] => (Allow) C:\Program Files\1E\NomadBranch\PackageStatusRequest.exe
FirewallRules: [{02FDFFEB-7BEE-4753-A9D7-738DC78581CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{40D79E1E-DC1A-48BD-B601-8F8FEFB0B67B}C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [UDP Query User{5E7726A2-AAE8-4D48-B5C5-4FFD65FA8153}C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe] => (Allow) C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{ACEA1DEA-86B2-458C-9B03-5330AB7239B5}] => (Block) C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [{6A93A791-F9B4-4830-BE50-B6085C22CC7A}] => (Block) C:\users\nzh2lq\appdata\local\microsoft\lwaplugin\x86\15.8\lwaplugin.exe
FirewallRules: [TCP Query User{ED2BCEEF-4C1F-4443-98E1-F14FB88722E7}D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe] => (Allow) D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe
FirewallRules: [UDP Query User{E2022105-318A-4E62-98B9-17C67DFFCDB7}D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe] => (Allow) D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe
FirewallRules: [{DCADD52F-AFFB-49DE-819A-C8D1E88E079E}] => (Block) D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe
FirewallRules: [{570BCE1C-56FD-47F0-8ED6-2189AAF8B44C}] => (Block) D:\programs\oracle sql developer\sqldeveloper-4.1.3.20.78-x64\sqldeveloper\sqldeveloper\bin\sqldeveloper64w.exe
FirewallRules: [{09F0F6BD-2500-4E9C-B569-1210AF6791D0}] => (Allow) C:\Program Files (x86)\RAMPMulticastPlusReceiver\RAMPMulticastPlusReceiverService.exe
FirewallRules: [{81DA8BF2-83F2-4449-A2CE-DDAD463939C2}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [{A92C774B-9DE5-4AA2-B3C9-D6172ABEC65E}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [{4B677B1A-83CB-4842-A92D-4DDA371D0452}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [{4C9811CB-BE43-4873-BD11-2394480A4457}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe
FirewallRules: [{C8BE6EA3-832B-4B03-9EB2-688B03FEABD7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{029C33B9-9FB4-4B9C-90E5-8827E87BA8AD}] => (Allow) C:\Program Files\1E\NomadBranch\NomadBranch.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Intel(R) Wireless Bluetooth(R) 4.0 Adapter
Description: Intel(R) Wireless Bluetooth(R) 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Brother MFC-J480DW LAN
Description: Brother MFC-J480DW LAN
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Brother
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/19/2018 09:00:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2018 08:56:57 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2018 08:56:57 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2018 08:56:49 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2018 08:55:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2018 08:55:25 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2018 08:55:05 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (08/19/2018 08:55:05 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (08/19/2018 08:59:48 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Windows Biometric Service service depends on the Credential Manager service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (08/19/2018 08:52:31 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: ONSTAR)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/19/2018 08:52:31 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (08/19/2018 08:52:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The system cannot find the file specified.
 
Error: (08/19/2018 08:51:54 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
Access is denied.
 
Error: (08/19/2018 08:51:47 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (08/19/2018 08:51:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/19/2018 08:51:34 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain ONSTAR due to the following: 
There are currently no logon servers available to service the logon request.
 
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
==================== Memory info =========================== 
 
Processor: Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz
Percentage of memory in use: 22%
Total physical RAM: 32707.12 MB
Available physical RAM: 25449.97 MB
Total Virtual: 65412.4 MB
Available Virtual: 57279.57 MB
 
==================== Drives ================================
 
Drive ? (OSDisk) (Fixed) (Total:237.98 GB) (Free:86.64 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.51 GB) (Free:651.22 GB) NTFS
 
\\?\Volume{07177958-e77c-11e5-b9d4-806e6f6e6963}\ () (Fixed) (Total:0.49 GB) (Free:0.28 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 1AD21EE5)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 520FBC6A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.