Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018 Ran by jfillmore (18-10-2018 13:20:37) Running from C:\Users\jfillmore\Documents Windows 10 Pro Version 1809 18252.1000 (X64) (2018-10-03 22:45:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3534181592-3248098377-1547968892-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3534181592-3248098377-1547968892-503 - Limited - Disabled) Guest (S-1-5-21-3534181592-3248098377-1547968892-501 - Limited - Disabled) sysbuild (S-1-5-21-3534181592-3248098377-1547968892-1001 - Administrator - Enabled) => C:\Users\sysbuild WDAGUtilityAccount (S-1-5-21-3534181592-3248098377-1547968892-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden Administrative Templates (.admx) for Windows 10 Fall Creators Update (HKLM-x32\...\{4EB5CC28-4B50-4EE5-A24A-725C4714EFE9}) (Version: 1.0 - Microsoft Corporation) Adobe Acrobat DC (2015) (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30456 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated) Adobe Connect (HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\...\Adobe Connect App) (Version: 11.9.985.57 - Adobe Systems Inc.) Agent Shell (HKLM-x32\...\{F5BC8335-FC8B-47C6-B19A-B2AE9E06EE4C}) (Version: 0.3.17.0 - Spiceworks) Apple Application Support (32-bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0CB84A7D-9697-4526-A819-60FB050E8F05}) (Version: 7.0.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{77F8C879-88CD-4145-945A-541C35285285}) (Version: 12.0.0.1039 - Apple Inc.) Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.) Asus ApoDispatchConfigurator (HKLM\...\{4FEB3307-A0EF-4385-9C8F-4B4C1503311C}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden Asus AudioCaptureNotificationConfigurator (HKLM\...\{04C5CE55-7F32-4D2D-AEA2-FDC03E8F65CC}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden ASUS AURA Component (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.14 - ASUSTeK Computer Inc.) Hidden ASUS AURA Component (HKLM-x32\...\{f5ee0aee-2bb8-4116-9507-7a4328810fd3}) (Version: 1.0.14 - ASUSTeK Computer Inc.) Hidden ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.18 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA Display Component (HKLM-x32\...\{f489fc88-047b-4188-acec-dfbe60961344}) (Version: 1.1.18 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.1.8 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Headset Component (HKLM-x32\...\{2ac788c2-0083-4396-962a-3a46fadecf3c}) (Version: 1.1.8 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.20 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM-x32\...\{3c837735-ebff-409b-8037-1fcfbb677f08}) (Version: 1.0.21 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.6 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Odd Component (HKLM-x32\...\{464b68db-d535-46fc-83d2-d19c65d2cb0c}) (Version: 1.0.6 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.1.3 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA VGA Component (HKLM-x32\...\{daf54373-a8f9-4bd6-979b-a09dbb731baf}) (Version: 0.0.1.3 - ASUSTek COMPUTER INC. ) Hidden Asus DeviceRoutingConfigurator (HKLM\...\{AC306567-A1B7-4208-8FED-97CF535050BC}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden ASUS GLCKIO2 Driver (HKLM-x32\...\{548dd834-70c5-4426-8065-fbeabdd2bb5d}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.10 - ASUSTeK Computer Inc.) Hidden ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.22 - ASUSTek COMPUTER INC.) Hidden ASUS Keyboard HAL (HKLM-x32\...\{07dd3a1c-593b-4ea1-a639-7f76ff7c3610}) (Version: 1.0.22 - ASUSTek COMPUTER INC.) Hidden ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.20 - ASUSTek COMPUTER INC.) Hidden ASUS Mouse HAL (HKLM-x32\...\{c7dbfb14-6ee3-4bb5-83c2-43fb3f6bf066}) (Version: 1.0.20 - ASUSTek COMPUTER INC.) Hidden Asus NahimicSettingsConfigurator (HKLM\...\{B850C58A-ACF3-4FD3-B72D-8D668D6FEED2}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden Asus ProductDaemonSetup (HKLM\...\{36606417-B1C4-42C2-B5C1-67972DA63DAB}) (Version: 3.6.2001 - ASUSTeK COMPUTER INC) Hidden Asus ProfileSwitcherCleanup (HKLM\...\{CBBACC80-97A1-421D-8D18-DC4E1CD6C950}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Hidden Asus Sonic Radar 3 (HKLM-x32\...\{03578a87-5019-45bd-995a-0f27d579a180}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Asus Sonic Studio 3 (HKLM-x32\...\{31ef8b8e-8686-4b42-a8f9-71206319efdf}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Asus SonicMapperConfigurator (HKLM\...\{A37684FD-2AA6-4B0F-BAC3-97E7DFFC6C2E}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Hidden Asus SonicRadar3Setup (HKLM\...\{E71A86BF-6EA5-42D2-A735-F41C603FB180}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Hidden Asus SonicStudio3Setup (HKLM\...\{D027E5BB-DDAE-4CD9-A030-B3C0EF5FB602}) (Version: 3.6.20.45572 - ASUSTeK COMPUTER INC) Hidden ASUS Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.101.0 - ASUSTeK Computer Inc.) Hidden AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.06.95 - ASUSTeK Computer Inc.) AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.12 - ASUS) Hidden AURA DRAM Component (HKLM-x32\...\{692ea681-13f0-4e9b-82a7-484076e07aaf}) (Version: 1.0.12 - ASUS) Hidden AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 1.00.95 - ASUSTeK Computer Inc.) Hidden AURA Service (HKLM-x32\...\{8d86889e-0e55-43e5-82c4-7740083e2ac3}) (Version: 1.00.95 - ASUSTeK Computer Inc.) Auto Follow Up for Outlook (HKLM\...\{71AAB5BE-29BF-4CCB-A99B-61412F221B55}) (Version: 3.0.259.0 - DS Development) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco WebEx Meetings (HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) ConnectWise Automate Control Center (HKLM-x32\...\{6C5F2B57-DA09-426C-AB4A-A80BD9FC2F21}) (Version: 12.0.451 - ConnectWise, Inc.) Hidden ConnectWise Automate Control Center (HKLM-x32\...\{78ed7612-9ca9-4716-b2bd-6999b83d6363}) (Version: 12.0.451 - ConnectWise, Inc.) Core Temp 1.11 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.11 - ALCPU) Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.4 - CORSAIR COMPONENTS INC.) Hidden Corsair AURA DRAM Component (HKLM-x32\...\{6f09b03f-dfb3-4bfc-be78-e7e5b00f2182}) (Version: 1.0.4 - CORSAIR COMPONENTS INC.) Hidden CPUID CPU-Z 1.85 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.85 - CPUID, Inc.) Crystal Reports 2008 Runtime SP2 (HKLM-x32\...\{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}) (Version: 12.2.0.290 - Business Objects) Hidden Crystal Reports XI Release 2 .NET 2005 Server (HKLM-x32\...\{A7FE99B6-E077-4F52-BC6A-E24C338F3C23}) (Version: 11.5.0.0 - Business Objects) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.34 - NVIDIA Corporation) Hidden Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Futuremark SystemInfo (HKLM-x32\...\{8AD048D8-1975-47F5-800F-15028E84F2C5}) (Version: 5.5.646.0 - Futuremark) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 69.0.3497.100 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.) GoToMeeting 8.36.0.10831 (HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\...\GoToMeeting) (Version: 8.36.0.10831 - LogMeIn, Inc.) HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - ) Intel(R) Chipset Device Software (HKLM-x32\...\{49bc1e38-39b4-4728-9e75-cbe67ba9a329}) (Version: 10.1.1.42 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation) Intel(R) Network Connections 22.9.16.0 (HKLM\...\PROSetDX) (Version: 22.9.16.0 - Intel) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4927 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation) Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden iTunes (HKLM\...\{645877C4-2AB6-46B6-BD32-B251B0666F63}) (Version: 12.9.0.167 - Apple Inc.) Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.5 - KINGSTON COMPONENTS INC.) Hidden Kingston AURA DRAM Component (HKLM-x32\...\{9318ff53-fbe0-422e-9982-3dc51a1b685d}) (Version: 1.0.5 - KINGSTON COMPONENTS INC.) Hidden LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.81 - Logitech Inc.) Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech) Malwarebytes Endpoint Agent (HKLM\...\{949D1792-E377-4348-8BC4-6D643EF49B21}) (Version: 1.1.2.0 - Malwarebytes) Hidden Malwarebytes Endpoint Agent (HKLM-x32\...\{c43e2e71-c65b-4017-b5ce-6f0aaf96a11e}) (Version: 1.1.2.0 - Malwarebytes) Malwarebytes version 3.5.1.2600 (HKLM\...\{680231FF-ABC9-40A2-A1E3-1AFD6FE45C8D}_is1) (Version: 3.5.1.2600 - Malwarebytes) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11001.20038 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3534181592-3248098377-1547968892-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10182018122056268\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\...\OneDriveSetup.exe) (Version: 18.172.0826.0010 - Microsoft Corporation) Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.11001.20038 - Microsoft Corporation) Microsoft SharePoint Designer 2013 (HKLM\...\Office15.SharePointDesigner) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft SQL Server 2012 Native Client (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{751EE164-9F12-4E57-ADB0-02D8F34A10AD}) (Version: 9.00.1399.06 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\...\Teams) (Version: 1.0.00.26863 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) MobileAsset (HKLM-x32\...\{32FC4F62-B2B4-4826-879C-94A61EA5CF54}) (Version: 6 - Wasp Technologies) MobileAsset Help (HKLM-x32\...\{5E198DF1-9CB5-C4A6-7912-7E12B5F5AD4C}) (Version: 7.1 - UNKNOWN) Hidden MobileAsset Help (HKLM-x32\...\8282014.055B361DA36FDBCE4E24367467B4B85008A931DE.1) (Version: 7.1 - UNKNOWN) Mozilla Firefox 62.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0.3 (x64 en-US)) (Version: 62.0.3 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 62.0.3 - Mozilla) MSP Remote Support by Splashtop (HKLM-x32\...\{B50A01B7-1780-4CFF-90A3-9E4143E415F5}) (Version: 1.0.2.0 - Splashtop Inc.) MySQL Connector/ODBC 3.51 (HKLM-x32\...\{B53D7D6B-9BB0-4EA8-82B9-9293CB41FCE1}) (Version: 3.51.26 - MySQL AB) Hidden NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.11 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller Driver 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation) NVIDIA 3D Vision Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 416.34 - NVIDIA Corporation) NVIDIA GeForce Experience 3.15.0.164 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.15.0.164 - NVIDIA Corporation) NVIDIA Graphics Driver 416.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 416.34 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.37.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.5 - NVIDIA Corporation) NVIDIA PhysX System Software 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.11001.20038 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.11001.20038 - Microsoft Corporation) Hidden OldMHUUninstaller (HKLM-x32\...\{2c80edc0-e8d9-4dcf-88cb-bae459d51dd6}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden OldMHUUninstaller (HKLM-x32\...\{408c15a0-e7bc-4e0e-8bfd-12775001c0f2}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden OldMHUUninstaller (HKLM-x32\...\{54e320b1-1c6e-42e7-9ad0-261c878a7306}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden OldMHUUninstallerMSI (HKLM-x32\...\{30894BB1-55D0-4568-B5BD-9E9135A17777}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden OldMHUUninstallerMSI (HKLM-x32\...\{3B603454-E670-4E18-B363-184B3A7572AF}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden OldMHUUninstallerMSI (HKLM-x32\...\{8DCAC685-91FA-4844-A3BE-D394F1B3BEE1}) (Version: 3.2.0.0 - Plantronics, Inc.) Hidden OneDriveRx - 4.02 [64-bit] (HKLM\...\OneDriveRx_is1) (Version: 4.02 - Assistance and Resources for Computing, Inc.) Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Pandora (HKLM-x32\...\{CF73D1C4-4D78-890A-BF35-E275B96E678E}) (Version: 2.0.10 - Pandora Media, Inc) Hidden Pandora (HKLM-x32\...\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1) (Version: 2.0.10 - Pandora Media, Inc) Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.05 - Patriot Memory) Hidden Patriot Viper RGB (HKLM-x32\...\{0ea44351-5397-43b0-a9c7-c4c53d9948ef}) (Version: 1.00.05 - Patriot Memory) Plantronics Hub Software (HKLM\...\{821B4EA9-7A6C-44E5-8621-B336FF9E3B27}) (Version: 3.11.52216.23527 - Plantronics, Inc.) Hidden Plantronics Hub Software (HKLM-x32\...\{dd32c3f1-d1da-4f67-a8a0-dff4fb1d2513}) (Version: 3.11.52216.23527 - Plantronics, Inc.) Plantronics RIG Dolby Game Audio (HKLM-x32\...\{1B6D9EA4-D1D6-4225-ADBB-441707C49D02}) (Version: 1.31.35.2 - Plantronics, Inc) Print Conductor 6.0 (HKLM-x32\...\Print Conductor_is1) (Version: 6.0 - fCoder SIA) PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham) Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10454 - Qualcomm) Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8273 - Realtek Semiconductor Corp.) ReportApplication (HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\...\fd5828ddd75bb606) (Version: 1.0.0.84 - ReportApplication) Revo Uninstaller Pro 4.0.0 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 4.0.0 - VS Revo Group, Ltd.) Sage 100 Standard 2017 Workstation (HKLM-x32\...\{42ABB8F4-B59D-4C02-892B-8FD82BCF6E06}) (Version: 5.40.0.0 - Sage) SAP Crystal Reports runtime engine for .NET Framework (32-bit) (HKLM-x32\...\{BB4E642E-4F07-4C2A-B146-AB4CB1C3CEA2}) (Version: 13.0.20.2399 - SAP) SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM\...\{900D6ADF-DF79-46FB-A58E-E89A73B2A132}) (Version: 13.0.20.2399 - SAP) ScreenConnect Client (1c2f2cb99efd3fe5) (HKLM-x32\...\{7F422CD9-344C-4AC9-8CEB-212891ABFCDB}) (Version: 6.6.18120.6697 - ScreenConnect Software) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0017-0000-1000-0000000FF1CE}_Office15.SharePointDesigner_{67A083C6-0A9E-48E8-BC90-C1EDA8028ED4}) (Version: - Microsoft) SharePoint Online Management Shell (HKLM\...\{95160000-115B-0409-1000-0000000FF1CE}) (Version: 16.0.7521.1200 - Microsoft Corporation) Skype Meetings App (HKLM-x32\...\{D20CE315-AC32-4B25-AB3A-7112A9AB6FC3}) (Version: 16.2.0.232 - Microsoft Corporation) Splashtop Software Updater (HKLM-x32\...\Splashtop Software Updater) (Version: 1.5.6.15 - Splashtop Inc.) Splashtop Streamer (HKLM-x32\...\{B7C5EA94-B96A-41F5-BE95-25D78B486678}) (Version: 3.1.8.0 - Splashtop Inc.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) Synergy (64-bit) (HKLM\...\{AFC0B660-3BC8-492B-A17C-338DBF633EFA}) (Version: 1.8.8 - Symless Ltd) Update for Skype for Business 2015 (KB4461446) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.SharePointDesigner_{BFBBF6D0-F140-40E9-B5AE-BDE708FC4817}) (Version: - Microsoft) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.8 - VideoLAN) VMware Enhanced Authentication Plug-in 6.5.0 (HKLM-x32\...\{38BA6ED4-099D-468A-93C8-4C26016C42E6}) (Version: 6.5.0.4809 - VMware, Inc.) VMware Plug-in Service (HKLM-x32\...\{CEAAE9E5-590B-4CE4-80C1-E6AF3AB81C31}) (Version: 6.5.0.151 - VMware, Inc.) VMware Remote Console (HKLM-x32\...\{0757C458-6096-4B1B-A76D-30B0150E69B9}) (Version: 10.0.2 - VMware, Inc.) VMware Workstation (HKLM\...\{ADC3121A-3EBA-4016-AF64-00B8FE017080}) (Version: 14.1.1 - VMware, Inc.) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-10) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-11) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-5) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-6) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-7) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-8) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-9) (Version: 1.0.65.1 - LunarG, Inc.) Hidden Wasp Labeler V7 (HKLM-x32\...\{AB7F5727-293B-41A3-81AC-6FC502C32C8A}) (Version: 7.0 - Wasp Technologies) WinDirStat 1.1.2 (HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\...\WinDirStat) (Version: - ) Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation) Windows Driver Package - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio) Windows Driver Package - Plantronics, Inc. (usbser.ntamd64) Ports (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.) WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH) Zoom (HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-4195487528-1405154400-3010511488-2101_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\jfillmore\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.17234.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4195487528-1405154400-3010511488-2101_Classes\CLSID\{23066764-9BDD-4FBD-8B1F-F4547CF2684F}\InprocServer32 -> C:\Users\jfillmore\AppData\Local\Microsoft\OneDrive\18.070.0405.0002\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-4195487528-1405154400-3010511488-2101_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\jfillmore\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.232\GatewayActiveX-x64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-4195487528-1405154400-3010511488-2101_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\jfillmore\AppData\Local\GoToMeeting\8473\G2MOutlookAddin64.dll => No File CustomCLSID: HKU\S-1-5-21-4195487528-1405154400-3010511488-2101_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\jfillmore\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.17234.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.) ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers2-x32: [VMDiskMenuHandler] -> {271DC252-6FE1-4D59-9053-E4CF50AB99DE} => C:\Program Files (x86)\VMware\VMware Workstation\vmdkShellExt.dll [2018-01-08] (VMware, Inc.) ContextMenuHandlers2-x32: [VMDiskMenuHandler64] -> {E4D28EDC-8C0B-43EE-9E7D-C8A8682334DC} => C:\Program Files (x86)\VMware\VMware Workstation\x64\vmdkShellExt64.dll [2018-01-08] (VMware, Inc.) ContextMenuHandlers3: [EAContextMenu] -> {859DBD27-C2FD-4AA3-ADE3-09207B8F8143} => C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EAContextMenu.dll [2018-01-25] (Malwarebytes) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-10-10] (NVIDIA Corporation) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.) ContextMenuHandlers6: [EAContextMenu] -> {859DBD27-C2FD-4AA3-ADE3-09207B8F8143} => C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EAContextMenu.dll [2018-01-25] (Malwarebytes) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2018-09-06] (VS Revo Group) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-15] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-15] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {000C1A1D-FDDF-48F7-8CB4-4341EB4470B9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-15] (Microsoft Corporation) Task: {015E5364-6FD5-4DD1-9D5A-80139995FB2E} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\SYSTEM32\gpupdate.exe [2018-09-28] (Microsoft Corporation) Task: {032D702C-F7B1-4F15-9EB1-45688DAD25A0} - System32\Tasks\ASUS\AsRogAuraGpuDllServer => C:\Program Files (x86)\LightingService\1.00.39\AsRogAuraGpuDllServer.exe [2018-03-23] () Task: {0724F1DF-B0A2-4C93-B160-AA2F21671B09} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-10-17] (Microsoft Corporation) Task: {07F4EFAA-E0FA-4FD8-84DB-7C63F12C83C7} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation) Task: {0D1662D8-FE21-43E5-839D-D27AD4CF0B44} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\Schedule created by enrollment client for renewal of certificate warning => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {0E1931F1-790F-4DE8-8EF0-5D0FA14D7A54} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation) Task: {10D48696-7B3B-4462-9133-3E11DE1CF60E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-17] (Microsoft Corporation) Task: {11A77DB6-9205-4A46-A2DC-3FFE06DAD9A6} - System32\Tasks\Microsoft\Windows\Flighting\OneSettings\RefreshCache Task: {19352BEE-8846-4D9F-B2E6-DB85D01B5B9C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-10-09] (Microsoft Corporation) Task: {19545D05-57DD-45C1-8379-BA9DAAC6C2A2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [2017-10-11] (Intel(R) Corporation) Task: {1E0E67C4-CA87-49A0-A50E-853ACFA2295A} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\Passport for Work alert created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {25B9A819-DE42-44BB-BDDD-CC6A75173F1D} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-17] (Microsoft Corporation) Task: {262ACD51-ABF0-44E8-B8CC-88AB96213F89} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-09-12] (NVIDIA Corporation) Task: {26388F85-5A74-4E9F-924F-42FA4DCD2113} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\OS Edition Upgrade event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {2B0DFDA0-3A42-415C-A72A-A1B84D72249C} - System32\Tasks\SS3svc32Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3svc32.exe [2017-10-18] (ASUSTeK COMPUTER INC.) Task: {2BFD59BF-FE37-4255-99E6-F3F1B291BC09} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\Schedule #1 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {309E2C15-E121-40CD-8ADE-B52EC112ACA5} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\Schedule to run OMADMClient by server => C:\WINDOWS\system32\omadmclient.exe [2018-09-28] (Microsoft Corporation) Task: {3262C443-CEC7-42F0-86D1-EE009D3BE092} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation) Task: {3372A85E-6B33-42D7-BD6F-9F405ABDB140} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\Win10 S Mode event listener created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {3702CB47-A503-488C-8978-25AFCEB17D60} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.) Task: {42727482-3B18-408B-95A5-4E1F3B1B1224} - System32\Tasks\G2MUpdateTask-S-1-5-21-4195487528-1405154400-3010511488-2101 => C:\Users\jfillmore\AppData\Local\GoToMeeting\10831\g2mupdate.exe [2018-10-15] (LogMeIn, Inc.) Task: {473712DD-0D62-4C0E-8E43-9E0863696371} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\Provisioning initiated session => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {4D92E527-F818-4999-8068-751673620960} - System32\Tasks\ASUS\ASUSUpdateTaskMachineCore => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [2018-10-03] (ASUSTeK Computer Inc.) <==== ATTENTION Task: {4E34C1A3-4730-4F96-898F-FD11DE45B957} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\PushLaunch => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {4F2E92BE-F395-4857-AB55-0D7B79723C1D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation) Task: {55B05770-70C7-441D-AF44-0445EB864EDD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-10-09] (Microsoft Corporation) Task: {57CC326C-765C-42CB-AD72-76A4A72D36A5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-10-17] (Microsoft Corporation) Task: {61EC4D93-B6A2-4481-A94C-A3CF31248D90} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation) Task: {625EA5F8-3EEF-4FF7-A22C-18B80B989FE0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-08-14] (Adobe Systems Incorporated) Task: {664A6642-C8A8-4D0B-A448-7B9ADB8936B7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-10-17] (Microsoft Corporation) Task: {718F828D-9C50-47B7-A6FF-089596D624F2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-15] (Microsoft Corporation) Task: {758A35A8-7A37-49E9-A81E-C4A87AF2C668} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-09-12] (NVIDIA Corporation) Task: {75E6CE8A-D8D4-407F-87A1-3DC8A1F5C0F3} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\PushRenewal => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {792EDE3D-EC55-4DAA-8F0D-E12D1C869AE8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.) Task: {7D86CCAB-E93A-4CE3-8473-8AA38FD3F0F3} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-09-28] () Task: {7E382C3D-8208-4D70-BBAD-EAA2E26C5D30} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\Schedule #3 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {7F868DB0-06D6-44E1-B64A-24FC760A9654} - System32\Tasks\Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives Task: {8C399CEE-9F6E-474A-ABAF-41E0BAA20009} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-09-12] (NVIDIA Corporation) Task: {8F4C7216-D0D2-48DB-9CEF-D60FFD7118F6} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation) Task: {94288B76-1897-4B5C-9075-F54CCDDA0A9E} - System32\Tasks\AdobeGCInvoker-1.0-ALMONDBOAR-jfillmore => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-09-10] (Adobe Systems, Incorporated) Task: {951135DB-D466-4FFA-9CDD-7606F51DCE1E} - System32\Tasks\G2MUploadTask-S-1-5-21-4195487528-1405154400-3010511488-2101 => C:\Users\jfillmore\AppData\Local\GoToMeeting\10831\g2mupload.exe [2018-10-15] (LogMeIn, Inc.) Task: {9969DAC6-BA90-46AB-8DD8-5B149884A6BB} - System32\Tasks\SS3svc64Run => C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3svc64.exe [2017-10-18] (ASUSTeK COMPUTER INC.) Task: {A3642409-A10D-490E-B50A-7B0B7A23509F} - System32\Tasks\Microsoft\Windows\WlanSvc\CDSSync Task: {B126BC30-6746-4642-AD52-09C448AF9EFE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-15] (Microsoft Corporation) Task: {B6107212-E2BC-44FA-AD05-EB0762918427} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-20] (Google Inc.) Task: {BB1657B8-40B1-4446-94E8-865D88CF4D61} - System32\Tasks\ASUS\ASUSUpdateTaskMachineUA => C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe [2018-10-03] (ASUSTeK Computer Inc.) <==== ATTENTION Task: {BC7D7D44-88CA-4673-8593-CB7EF4536B8B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-10-17] (Microsoft Corporation) Task: {C5AC7BAE-74D7-4705-ACF7-F3A7FD25169F} - System32\Tasks\Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner => C:\WINDOWS\system32\mitigationscanner.exe [2018-09-28] (Microsoft Corporation) Task: {CF2E3307-7C94-4531-A127-AD0C7FD1A770} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-09-12] (NVIDIA Corporation) Task: {D49B631E-2493-46CC-AD16-510ED5F58082} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-09-12] (NVIDIA Corporation) Task: {D8326534-6013-4036-BB2A-C5676BB5CCD0} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\PushUpgrade => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {DC068919-E72D-4068-8051-2B194AC4718A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-09-12] (NVIDIA Corporation) Task: {DEA2D3F8-FF22-4AD0-8AFB-E01A7A934976} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-10-15] (Microsoft Corporation) Task: {E81F7BD8-DD43-4C35-8222-47C4E37365F9} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\Schedule #2 created by enrollment client => C:\WINDOWS\system32\deviceenroller.exe [2018-09-28] (Microsoft Corporation) Task: {F02D32C6-CBC8-4CAD-B020-C135F6AEF911} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-10-17] (Microsoft Corporation) Task: {FD772D8F-EA14-4178-B28E-A158A4A74CA6} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\SYSTEM32\gpupdate.exe [2018-09-28] (Microsoft Corporation) Task: {FEEF77D0-F254-42EC-B75A-2483B697BF91} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\DA6C379B-23B8-46E9-83BC-9D92A00D8523\Schedule to run OMADMClient by client => C:\WINDOWS\system32\omadmclient.exe [2018-09-28] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4195487528-1405154400-3010511488-2101.job => C:\Users\jfillmore\AppData\Local\GoToMeeting\10831\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4195487528-1405154400-3010511488-2101.job => C:\Users\jfillmore\AppData\Local\GoToMeeting\10831\g2mupload.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2017-12-08 02:48 - 2017-12-08 02:48 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2018-08-22 22:18 - 2018-08-22 22:18 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2018-01-22 16:33 - 2018-01-22 16:33 - 001898472 _____ () C:\Program Files (x86)\VMware\Plug-in Service\vmware-cip-msg-proxy.exe 2018-05-10 07:36 - 2018-08-24 19:23 - 002681424 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll 2018-05-10 07:36 - 2018-08-24 19:23 - 002769768 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll 2018-09-10 14:40 - 2018-09-12 04:45 - 001315024 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-05-03 12:04 - 2018-05-03 12:04 - 000089368 _____ () C:\Program Files (x86)\ScreenConnect Client (1c2f2cb99efd3fe5)\ScreenConnect.ClientService.exe 2017-03-16 14:22 - 2017-03-16 14:22 - 000307848 _____ () C:\Program Files\Synergy\synergyd.exe 2018-01-08 02:15 - 2018-01-08 02:15 - 014347240 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe 2018-04-17 08:15 - 2018-03-23 16:10 - 000280536 _____ () C:\Program Files (x86)\LightingService\1.00.39\AsRogAuraGpuDllServer.exe 2018-09-28 22:59 - 2018-09-28 22:59 - 000867208 _____ () C:\Windows\System32\InputHost.dll 2018-09-28 22:58 - 2018-09-28 22:58 - 000494592 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-09-28 22:59 - 2018-09-28 22:59 - 002821632 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2017-10-18 11:01 - 2017-10-18 11:01 - 000485560 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll 2018-09-28 22:59 - 2018-09-28 22:59 - 001723392 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2018-10-12 12:46 - 2018-10-12 12:46 - 035118592 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe 2018-10-12 12:46 - 2018-10-12 12:46 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\SharedUI.dll 2018-10-12 12:46 - 2018-10-12 12:46 - 005987328 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntCommon.dll 2017-12-20 10:58 - 2017-12-20 10:58 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-10-12 12:46 - 2018-10-12 12:46 - 009064448 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\EntPlat.dll 2018-09-10 14:40 - 2018-09-12 04:45 - 101252304 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2018-09-10 14:40 - 2018-09-12 04:45 - 004619984 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libglesv2.dll 2018-09-10 14:40 - 2018-09-12 04:45 - 000108752 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libegl.dll 2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2017-08-18 02:01 - 2017-08-18 02:01 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2017-08-18 02:01 - 2017-08-18 02:01 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2017-08-18 01:41 - 2017-08-18 01:41 - 000077824 _____ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll 2017-08-18 01:41 - 2017-08-18 01:41 - 000144896 _____ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll 2018-10-03 12:01 - 2018-10-03 12:00 - 000105304 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll 2017-10-18 11:17 - 2017-10-18 11:17 - 000175288 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\x64\SonicStudio3SystrayDaemon.dll 2017-10-18 11:11 - 2017-10-18 11:11 - 001697976 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\x64\SonicRadar3SystrayDaemon.dll 2017-10-18 11:01 - 2017-10-18 11:01 - 000285880 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3OSD.dll 2018-09-28 22:59 - 2018-09-28 22:59 - 000402840 _____ () C:\WINDOWS\SYSTEM32\WINBIOPLUGINS\FACEBOOTSTRAPADAPTER.DLL 2018-09-14 15:42 - 2018-09-14 15:42 - 002210480 _____ () C:\Program Files\Microsoft Office\root\Office16\tmpod.dll 2018-10-17 07:53 - 2018-10-17 07:53 - 003953664 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.12841.0_x64__8wekyb3d8bbwe\YourPhone.exe 2018-10-17 07:53 - 2018-10-17 07:53 - 001860096 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.12841.0_x64__8wekyb3d8bbwe\YourPhone.AppCore.dll 2018-10-17 07:53 - 2018-10-17 07:53 - 002529280 _____ () C:\Program Files\WindowsApps\Microsoft.YourPhone_1.0.12841.0_x64__8wekyb3d8bbwe\PhoneCommunicationAppService.dll 2018-10-18 08:13 - 2018-10-18 08:13 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2018-10-18 08:13 - 2018-10-18 08:13 - 066039296 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2018-08-20 12:03 - 2018-08-20 12:03 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2018-10-08 07:58 - 2018-10-08 07:58 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-10-08 07:58 - 2018-10-08 07:58 - 003715072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2018-10-08 07:58 - 2018-10-08 07:58 - 000036352 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2018-08-20 12:03 - 2018-08-20 12:03 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll 2018-08-20 12:03 - 2018-08-20 12:03 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\opencv_core320.dll 2018-08-20 12:03 - 2018-08-20 12:03 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2018-10-18 08:13 - 2018-10-18 08:13 - 014094848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-10-08 07:58 - 2018-10-08 07:58 - 003569152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2018-10-18 08:13 - 2018-10-18 08:13 - 002863104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-09-04 09:23 - 2018-09-04 09:23 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-08-04 01:17 - 2018-08-04 01:17 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-10-18 08:13 - 2018-10-18 08:13 - 000145920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.14620.0_x64__8wekyb3d8bbwe\SKU.dll 2018-09-14 15:42 - 2018-10-17 07:51 - 001437784 _____ () C:\Program Files\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll 2018-09-14 15:42 - 2018-09-14 15:42 - 000186528 _____ () C:\Program Files\Microsoft Office\Root\Office16\OUTLCTL.DLL 2018-02-15 11:13 - 2018-02-15 11:12 - 002630864 _____ () C:\Users\jfillmore\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.17234.2\x64\Microsoft.Applications.Telemetry.Windows.dll 2018-09-18 14:36 - 2018-09-15 01:26 - 005110616 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libglesv2.dll 2018-09-18 14:36 - 2018-09-15 01:26 - 000116056 _____ () C:\Program Files (x86)\Google\Chrome\Application\69.0.3497.100\libegl.dll 2018-10-03 12:00 - 2018-10-01 09:04 - 000081368 _____ () C:\Program Files (x86)\ASUS\AXSP\4.00.08\ATKEX.dll 2018-10-03 12:00 - 2018-10-01 09:04 - 000229848 _____ () C:\Program Files (x86)\ASUS\AXSP\4.00.08\ASUS_WMI.dll 2018-10-03 12:00 - 2018-10-18 12:20 - 000044328 _____ () C:\Program Files (x86)\ASUS\AXSP\4.00.08\PEbiosinterface32.dll 2018-05-10 18:20 - 2018-05-10 18:20 - 000047576 _____ () C:\Program Files (x86)\LightingService\AuraHueWrapper.dll 2018-08-08 14:50 - 2018-08-08 14:50 - 000849408 _____ () C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.dll 2018-05-16 10:54 - 2018-05-16 10:54 - 000156672 _____ () C:\Program Files\Patriot\Aac_Patriot Viper RGB\AacHal_x86.dll 2018-07-18 16:18 - 2018-07-18 16:18 - 001775616 _____ () C:\Program Files\ASUS\AacVGAHal\Vender.dll 2018-08-03 16:02 - 2018-08-03 16:02 - 000223232 _____ () C:\Program Files\ASUS\AacOdd\AacOddHal_x86.dll 2018-07-19 16:59 - 2018-07-19 16:59 - 000260056 _____ () C:\Program Files\ASUS\Aac_Mouse\AacMouseHal_x86.dll 2018-07-27 17:59 - 2018-07-27 17:59 - 000242136 _____ () C:\Program Files\ASUS\AacDisplayHal\AacDisplayHal_x86.dll 2018-08-06 19:25 - 2018-08-06 19:25 - 000359872 _____ () C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll 2018-07-02 19:24 - 2018-07-02 19:24 - 000233984 _____ () C:\Program Files\ASUS\CORSAIR_Aac_DRAM\AacCosairDramHal_x86.dll 2018-07-02 19:28 - 2018-07-02 19:28 - 000241664 _____ () C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.dll 2018-08-06 11:00 - 2018-08-06 11:00 - 000202752 _____ () C:\Program Files\ASUS\AacTerminalHal\AacStripBusHal_x86.dll 2018-08-14 11:02 - 2018-08-14 11:02 - 000402368 _____ () C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.dll 2018-04-18 15:11 - 2018-04-18 15:11 - 000053248 _____ () C:\Program Files (x86)\LightingService\cpuutil.dll 2018-01-08 02:05 - 2018-01-08 02:05 - 000087016 _____ () C:\Program Files (x86)\VMware\VMware Workstation\zlib1.dll 2018-01-08 02:15 - 2018-01-08 02:15 - 000126952 _____ () C:\Program Files (x86)\VMware\VMware Workstation\expat.dll 2017-10-18 10:57 - 2017-10-18 10:57 - 000407224 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3DevProps.dll 2018-04-17 08:16 - 2018-03-23 16:11 - 001777664 _____ () C:\Program Files (x86)\LightingService\1.00.39\Vender.dll 2018-04-25 10:51 - 2018-09-12 04:45 - 001032912 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-10-18 10:55 - 2017-10-18 10:55 - 000171704 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\CheckAPODaemon.dll 2017-10-18 10:57 - 2017-10-18 10:57 - 000367616 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\NSConfiguratorDaemonModule.dll 2017-10-18 11:13 - 2017-10-18 11:13 - 000329912 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\DeviceRoutingDaemon.dll 2017-10-18 11:14 - 2017-10-18 11:14 - 000230400 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\ProfileSwitcherDaemonModule.dll 2017-10-18 11:14 - 2017-10-18 11:14 - 000321720 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Studio 3\SonicStudio3SystrayDaemon.dll 2017-10-18 11:07 - 2017-10-18 11:07 - 001152696 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicCursor3DDaemonModule.dll 2017-10-18 11:07 - 2017-10-18 11:07 - 001198776 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicEnhancerDaemonModule.dll 2017-10-18 11:07 - 2017-10-18 11:07 - 001303736 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicRadarDaemonModule.dll 2017-10-18 11:05 - 2017-10-18 11:05 - 000489656 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicEnhancerAutomationDaemon.dll 2017-10-18 11:05 - 2017-10-18 11:05 - 000647352 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicSMProfileDaemonModule.dll 2017-10-18 11:06 - 2017-10-18 11:06 - 000619704 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\DynamicSMShortcutsDaemonModule.dll 2017-10-18 11:07 - 2017-10-18 11:07 - 001856184 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Sonic Radar 3\SonicRadar3SystrayDaemon.dll 2017-10-18 10:57 - 2017-10-18 10:57 - 000246456 _____ () C:\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\SS3OSD.dll 2017-12-12 11:07 - 2017-12-12 11:07 - 063799296 _____ () C:\Program Files (x86)\Plantronics\Spokes3G\libcef.dll 2017-11-09 00:44 - 2017-11-09 00:44 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-10-21 06:23 - 2018-02-01 11:33 - 000000880 _____ C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 vmware-plugin ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10182018122056237\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10182018122056252\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-3534181592-3248098377-1547968892-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10182018122056268\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\Control Panel\Desktop\\Wallpaper -> C:\Users\jfillmore\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\lazar-baruk-tie-silencer.jpg DNS Servers: 192.168.10.253 - 192.168.10.245 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0" HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0" HKU\S-1-5-21-4195487528-1405154400-3010511488-2101\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [Microsoft-Windows-DeviceManagement-CertificateInstall-TCP-Out] => (Allow) %SystemRoot%\system32\dmcertinst.exe FirewallRules: [Microsoft-Windows-DeviceManagement-OmaDmClient-TCP-Out] => (Allow) %SystemRoot%\system32\omadmclient.exe FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe FirewallRules: [{3D893411-466C-4809-ADCA-D61FB3B2A0EA}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{6CB1C47C-61AD-4470-B9A0-7D5028D470C7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{5E9A00C8-A9E3-4165-9192-2AFD5F43DBE5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{0B3B0D22-963F-4133-B26F-61C2596358F0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe FirewallRules: [{8D5970DF-7350-4295-A28F-A38F30913CA4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe FirewallRules: [{18507431-0EE0-4BE9-ACEC-AD62B4D43D4F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe FirewallRules: [{39AFFBDE-7786-4D57-9D5D-507161B17186}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{410DB3FB-B8A5-41D1-A98A-317CCE306837}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{B7B6DEA3-8DC0-4951-8B11-0C8EEC873F84}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{4965FF0A-636A-4AA9-A0BC-801F77792DEF}] => (Allow) %systemroot%\system32\alg.exe FirewallRules: [{D24E1CD8-A8B4-4414-B066-EAB59F64CFB9}] => (Allow) C:\Program Files\Synergy\synergys.exe FirewallRules: [{69D8043E-CDE8-40B9-A7B3-05670FD4AEB1}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Client for STB\wbs-agent\projects\viewit\wbs_agent.exe FirewallRules: [{C3D42BB7-2E3E-4B7C-9BAC-20E8784BC76E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\3DMarkLauncher.exe FirewallRules: [{6EEE4307-4CCF-42ED-8B73-39C017B9B76C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\3DMarkLauncher.exe FirewallRules: [UDP Query User{9450FA63-5931-4E70-90F8-D57A89AEEB14}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [TCP Query User{2D3CE62E-B46D-4180-88C0-164438437598}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [{4B8910BA-B53C-4908-BD57-0480ACBB6598}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{D7F2D517-FCAE-461F-BE6E-FFCDC61C7432}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A67B0BD3-85AE-441F-B917-1105A0FBE164}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{2C86C1B0-8F70-4A32-B51E-7AC9CFB82852}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{073892E8-D611-48FB-8221-CA9B83F6D89F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe FirewallRules: [{38BE2B31-BF2A-4BA0-8E04-54E5626E7BED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{636EEEB8-CF3B-4980-9C0E-93E62C562EBF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A02B16A9-B87A-4E01-A444-923BE6C1618D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1EC970A2-485A-4FED-8F52-09129650FE08}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{CBEEBA24-78D9-48E6-94E5-B58754895F12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe FirewallRules: [{C5C30B00-5BB1-483B-B376-46913E5D0594}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe FirewallRules: [{466C887D-9D35-4D2C-9D69-F6BDCAC34E51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{E5F9E566-6D63-4CE7-A30C-5AACAA36E51D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ShadowOfMordor\x64\ShadowOfMordor.exe FirewallRules: [{3F29B806-00AB-43F6-B657-4F458FA7384A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{0524B6A6-215B-4D5F-980F-A1FF53A8B1F3}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{F433BD50-53BC-4E9E-85FA-BA24F6CA3CC8}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{97CA05B3-62F3-4293-89CB-26BDD40AD3D5}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe FirewallRules: [{63678BB8-5639-4A5A-9D78-0FACF71F4AD0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe FirewallRules: [{DAE67FE6-86AF-4770-A611-947733FF2488}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe FirewallRules: [{EA846BD7-6373-48E3-9675-D8DFD62C2143}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe FirewallRules: [{0883601D-6995-47ED-B472-473FD406892B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe FirewallRules: [{6CBE3D77-26BD-49E0-AED4-BEAF4C44BE8F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{AAECA899-9224-4518-BC7A-DD065BB8833F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{77C69B29-93B2-4654-9DA0-B637E9D365D8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{DB3EAC90-3ABF-4C16-A46D-5C4BDDEBFB10}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{2966DF03-6750-4F9B-8C1F-3A8EE0C1ECF3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{D4D38C46-FC29-4157-AA42-77E6BF501C09}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{4F12FBDA-99F6-412E-9EA7-8188541620A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{BFC31F35-83CB-49F3-98D9-3CD7E38A80F4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{4B464B3A-E442-4013-BF19-1B8A30872515}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{BF90E53C-D5F8-4F48-944B-D65AF17B0B7C}] => (Allow) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRManager.exe FirewallRules: [{07975AA3-08D9-4C80-95E9-1BD860774833}] => (Allow) LPort=42004 FirewallRules: [{2B045753-2CDE-46AA-B38C-E4EDB5EB932C}] => (Allow) LPort=4999 FirewallRules: [{48A128C4-ACEE-4A8E-9A94-438E1D1D449A}] => (Allow) C:\WINDOWS\LTSvc\LTSVC.exe FirewallRules: [{E2F65D88-EBF7-4B60-B546-9BCF89BC5556}] => (Allow) C:\WINDOWS\LTSvc\LTSVC.exe FirewallRules: [{BD2310BA-6E95-4A6F-B24F-67A1A2A1B651}] => (Allow) C:\WINDOWS\LTSvc\LTSVCmon.exe FirewallRules: [{EF046770-AFE0-4346-AD3F-07BB165D7407}] => (Allow) C:\WINDOWS\LTSvc\LTSVCmon.exe FirewallRules: [{1A121E13-14A4-4496-8CA6-B3B5C5BDEDC4}] => (Allow) C:\WINDOWS\LTSvc\LTTray.exe FirewallRules: [{5D021FE9-B953-4F12-AA0D-581519F3DE92}] => (Allow) C:\WINDOWS\LTSvc\LTTray.exe ==================== Restore Points ========================= 09-10-2018 09:49:47 Windows Modules Installer 10-10-2018 10:28:49 Windows Modules Installer 11-10-2018 10:44:32 Windows Modules Installer 12-10-2018 12:46:17 Windows Modules Installer 13-10-2018 14:46:35 Windows Modules Installer 14-10-2018 16:44:37 Windows Modules Installer 17-10-2018 07:44:52 Windows Modules Installer 18-10-2018 08:22:35 Windows Modules Installer ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/18/2018 12:20:55 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AgentShellService.exe, version: 0.3.17.0, time stamp: 0x59d5abdc Faulting module name: KERNELBASE.dll, version: 10.0.18252.1000, time stamp: 0xeee08c7f Exception code: 0xe0434352 Fault offset: 0x0011c6f2 Faulting process id: 0x1240 Faulting application start time: 0x01d46717aebd6cf4 Faulting application path: C:\Program Files (x86)\Spiceworks Agent Shell\AgentShellService.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 9c663b22-dcd9-4e66-8f12-767932b89a18 Faulting package full name: Faulting package-relative application ID: Error: (10/18/2018 12:20:55 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: AgentShellService.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.ComponentModel.Win32Exception at System.Diagnostics.Process.StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo) at System.Diagnostics.Process.Start() at System.Diagnostics.Process.Start(System.Diagnostics.ProcessStartInfo) at Spiceworks.Utilities.ProcessUtilities.RunProcessAsync(System.String, System.String, System.Action`1, Boolean, Int32) at Spiceworks.AgentShellService.AgentShellService.b__27_0(System.Object) at System.Threading.ThreadHelper.ThreadStart_Context(System.Object) at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object) at System.Threading.ThreadHelper.ThreadStart(System.Object) Error: (10/18/2018 12:20:52 PM) (Source: SceCli) (EventID: 1001) (User: ) Description: Security policy cannot be propagated. Cannot access the template. Error code = -536870656. \\almondboard.domain\sysvol\almondboard.domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. Error: (10/18/2018 11:47:53 AM) (Source: SceCli) (EventID: 1001) (User: ) Description: Security policy cannot be propagated. Cannot access the template. Error code = -536870656. \\almondboard.domain\sysvol\almondboard.domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. Error: (10/18/2018 09:56:51 AM) (Source: SceCli) (EventID: 1001) (User: ) Description: Security policy cannot be propagated. Cannot access the template. Error code = -536870656. \\almondboard.domain\sysvol\almondboard.domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. Error: (10/18/2018 09:51:19 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: ) Description: Event-ID 0 Error: (10/18/2018 08:05:48 AM) (Source: SceCli) (EventID: 1001) (User: ) Description: Security policy cannot be propagated. Cannot access the template. Error code = -536870656. \\almondboard.domain\sysvol\almondboard.domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Machine\Microsoft\Windows NT\SecEdit\GptTmpl.inf. Error: (10/18/2018 08:05:47 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AgentShellService.exe, version: 0.3.17.0, time stamp: 0x59d5abdc Faulting module name: KERNELBASE.dll, version: 10.0.18252.1000, time stamp: 0xeee08c7f Exception code: 0xe0434352 Fault offset: 0x0011c6f2 Faulting process id: 0x13c4 Faulting application start time: 0x01d466f40c26119f Faulting application path: C:\Program Files (x86)\Spiceworks Agent Shell\AgentShellService.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: a6ded8c7-2645-4d6d-9438-878c3ca8e17d Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (10/18/2018 01:21:44 PM) (Source: DCOM) (EventID: 10016) (User: ALMONDBOAR) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user ALMONDBOAR\jfillmore SID (S-1-5-21-4195487528-1405154400-3010511488-2101) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18252.1000_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Error: (10/18/2018 01:12:36 PM) (Source: DCOM) (EventID: 10016) (User: ALMONDBOAR) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user ALMONDBOAR\jfillmore SID (S-1-5-21-4195487528-1405154400-3010511488-2101) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/18/2018 01:12:10 PM) (Source: DCOM) (EventID: 10016) (User: ALMONDBOAR) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ALMONDBOAR\jfillmore SID (S-1-5-21-4195487528-1405154400-3010511488-2101) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/18/2018 01:11:53 PM) (Source: DCOM) (EventID: 10016) (User: ALMONDBOAR) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ALMONDBOAR\jfillmore SID (S-1-5-21-4195487528-1405154400-3010511488-2101) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/18/2018 12:31:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The tvnserver service terminated unexpectedly. It has done this 1 time(s). Error: (10/18/2018 12:24:57 PM) (Source: DCOM) (EventID: 10016) (User: ALMONDBOAR) Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {C2F03A33-21F5-47FA-B4BB-156362A2F239} and APPID {316CDED5-E4AE-4B15-9113-7055D84DCC97} to the user ALMONDBOAR\jfillmore SID (S-1-5-21-4195487528-1405154400-3010511488-2101) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ShellExperienceHost_10.0.18252.1000_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708). This security permission can be modified using the Component Services administrative tool. Error: (10/18/2018 12:22:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscDataProtection and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (10/18/2018 12:22:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID Windows.SecurityCenter.WscBrokerManager and APPID Unavailable to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-10-18 12:21:02.570 Description: Windows Defender Antivirus has detected a suspicious behavior. Name: Informational:Behavior/ModifiedKernel ID: 1535277881 Severity: Low Category: Suspicious Behavior Path Found: process:_0 Detection Origin: Unknown Detection Type: Suspicious Detection Source: Real-Time Protection Status: Executing Process Name: Unknown Signature ID: 717259538435 Signature Version: AV: 1.279.32.0, AS: 1.279.32.0 Engine Version: 1.1.15400.4 Fidelity Label: Low Target File Name: Date: 2018-10-18 08:05:59.896 Description: Windows Defender Antivirus has detected a suspicious behavior. Name: Informational:Behavior/ModifiedKernel ID: 3034220949 Severity: Low Category: Suspicious Behavior Path Found: process:_0 Detection Origin: Unknown Detection Type: Suspicious Detection Source: Real-Time Protection Status: Executing Process Name: Unknown Signature ID: 717259538435 Signature Version: AV: 1.277.1228.0, AS: 1.277.1228.0 Engine Version: 1.1.15400.4 Fidelity Label: Low Target File Name: Date: 2018-10-17 07:44:59.479 Description: Windows Defender Antivirus has detected a suspicious behavior. Name: Informational:Behavior/ModifiedKernel ID: 2493409526 Severity: Low Category: Suspicious Behavior Path Found: process:_0 Detection Origin: Unknown Detection Type: Suspicious Detection Source: Real-Time Protection Status: Executing Process Name: Unknown Signature ID: 717259538435 Signature Version: AV: 1.277.1102.0, AS: 1.277.1102.0 Engine Version: 1.1.15400.4 Fidelity Label: Medium Target File Name: c:\windows\\system32\drivers\usbccgp.sys Date: 2018-10-15 04:14:42.710 Description: Windows Defender Antivirus has detected a suspicious behavior. Name: Informational:Behavior/ModifiedKernel ID: 436399046 Severity: Low Category: Suspicious Behavior Path Found: process:_0 Detection Origin: Unknown Detection Type: Suspicious Detection Source: Real-Time Protection Status: Executing Process Name: Unknown Signature ID: 717259538435 Signature Version: AV: 1.277.1050.0, AS: 1.277.1050.0 Engine Version: 1.1.15400.4 Fidelity Label: Low Target File Name: CodeIntegrity: =================================== Date: 2018-10-18 12:23:08.811 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-18 12:23:08.261 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements. Date: 2018-10-18 08:09:32.109 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-18 08:09:31.297 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements. Date: 2018-10-17 08:03:10.662 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-17 08:03:10.318 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\ASUSTeKcomputer.Inc\Sonic Suite 3\Foundation\x64\SS3DevProps.dll that did not meet the Store signing level requirements. Date: 2018-10-17 08:02:41.191 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2018-10-17 08:02:04.058 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz Percentage of memory in use: 25% Total physical RAM: 32701.29 MB Available physical RAM: 24423.45 MB Total Virtual: 37565.29 MB Available Virtual: 26250.93 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:476.34 GB) (Free:134.64 GB) NTFS \\?\Volume{49f587ed-56f2-4efa-a5f1-cb2da068eccf}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS \\?\Volume{12037a35-2c3a-417d-aaef-decc9f4d49f5}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 476.9 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================