Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.03.2019 01
Ran by gladieu1 (14-03-2019 10:44:07)
Running from C:\Users\gladieu1\Desktop
Windows 10 Enterprise Version 1709 16299.967 (X64) (2018-09-18 12:17:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

AdaptivaClient (S-1-5-21-646072935-1900369350-1159159100-1000 - Limited - Enabled)
Cryptex (S-1-5-21-646072935-1900369350-1159159100-1001 - Administrator - Enabled)
DefaultAccount (S-1-5-21-646072935-1900369350-1159159100-503 - Limited - Disabled)
HPAdmin (S-1-5-21-646072935-1900369350-1159159100-500 - Administrator - Disabled)
tina (S-1-5-21-646072935-1900369350-1159159100-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-646072935-1900369350-1159159100-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Symantec Endpoint Protection (Enabled - Up to date) {30744133-1E94-7B35-F4A3-82A5AEF1CBAA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Symantec Endpoint Protection (Enabled) {084FC016-54FB-7A6D-DFFC-2B9050228CD1}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{13DA9C7C-EBFB-40D0-94A1-55B42883DF21}) (Version: 21.2.1 - HP Inc.) Hidden
7-Zip 18.01 (x64) (HKLM\...\{23170F69-40C1-2702-1801-000001000000}) (Version: 18.01 - Igor Pavlov)
Adaptiva Client 5.5 Build 677 (HKLM-x32\...\AdaptivaClient) (Version: 5.5.677.1 - Adaptive Protocols Inc) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.010.20069 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\{24A6034A-8B8B-431C-B498-C9D36AAE333D}) (Version: 32.0.0.142 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.3 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.3.4.204 - Adobe Systems, Inc.)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM-x32\...\{90160000-001F-041A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
BMC Remedy Action Request System 7.6.04 Install 1 (HKLM-x32\...\ARSystem 1) (Version: 7.6.4.0 - BMC Software)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.6.03049 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{FE1A7259-E2E9-49D3-A36F-475CFB924C59}) (Version: 4.6.03049 - Cisco Systems, Inc.) Hidden
Cisco Jabber (HKLM-x32\...\{36250601-FD28-4953-B6BB-8CEA4FA4EEE1}) (Version: 12.0.1.63173 - Cisco Systems, Inc)
Cisco WebEx Meeting Center (HKLM-x32\...\{5408B9C5-23BA-48CE-A105-AB5E8F12FF08}) (Version: 32.15.20.112 - Cisco WebEx LLC)
Cisco WebEx Meetings (HKU\S-1-5-21-1593251271-2640304127-1825641215-2135140\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Configuration Manager Client (HKLM\...\{0203DB7A-DB5B-42A2-808C-66B980297314}) (Version: 5.00.8692.1000 - Microsoft Corporation) Hidden
Cryhod (HKLM\...\{00001586-3000-4DA8-8868-36F59DEFD14D}) (Version: 3.0.1586 - Prim'X)
Crystal11_Redistributables (HKLM-x32\...\{154A9EEB-05FC-45E6-B7BD-75D27ED02276}) (Version: 1.00.0000 - BMC Software Inc.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F994125B-7BF5-4A38-A569-82833CEB24DC}) (Version: 0.8.4.83 - Dolby Laboratories, Inc.) Hidden
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM-x32\...\{90160000-001F-0816-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\{8F9E2121-C504-3408-B89C-0124DCF974AC}) (Version: 72.0.3626.121 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HP AMI Scanner (HKLM-x32\...\{6C78D3AC-120D-4D2B-8EA3-E53C0CB0D043}) (Version: 1.09.0000 - Hewlett-Packard Company)
HP Print Client (HKLM-x32\...\{BABA8C74-8C33-451B-94D9-93422C45CA4D}) (Version: 2.0 - HP)
Instrumente de verificare Microsoft Office 2016 - Română (HKLM-x32\...\{90160000-001F-0418-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1043 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4905 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{2b32b7d0-4f9f-47c8-adb7-807e6cb2fb75}) (Version: 1.47.715.0 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{5A1B39A8-DFFA-49E4-80C3-DFCD7CE8A8B3}) (Version: 17.1.1524.1353 - Intel Corporation)
Java 8 Update 152 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180152F0}) (Version: 8.0.1520.16 - Oracle Corporation)
Kollective SD ECDN Agent (HKLM-x32\...\{C6F72524-F712-4D25-BF09-28D458807093}) (Version: 10.3.169.4 - Kollective)
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM-x32\...\{90160000-001F-0406-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM-x32\...\{90160000-001F-0414-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
MDOP MBAM (HKLM\...\{AEC5BCA3-A2C5-46D7-9873-7698E6D3CAA4}) (Version: 2.5.1100.0 - Microsoft Corporation)
Microsoft Access database engine 2016 (English) (HKLM-x32\...\{90160000-00D1-0409-0000-0000000FF1CE}) (Version: 16.0.4519.1000 - Microsoft Corporation)
Microsoft Azure Information Protection (HKLM-x32\...\{EC66B856-946E-4B66-ACF9-CAF472A16E1A}) (Version: 1.41.51.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20280 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1593251271-2640304127-1825641215-2135140\...\OneDriveSetup.exe) (Version: 19.012.0121.0011 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visio Viewer 2016 (HKLM-x32\...\{95160000-0052-0409-0000-0000000FF1CE}) (Version: 16.0.4339.1001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 52.0.1 ESR (x86 en-US) (HKLM-x32\...\{C7BCD5EC-8F73-4280-AB5E-2F457961E37F}) (Version: 52.0.1 - Mozilla)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM-x32\...\{90160000-001F-0415-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM-x32\...\{90160000-001F-0405-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM-x32\...\{90160000-001F-041B-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nokia Fonts 1.0 English (HKLM\...\{A0995E0A-4F78-4094-8A70-C65C4A99D4F6}) (Version: 1.0.0.0 - Nokia)
Nokia Office Templates 4.2 English (HKLM\...\{D07323DB-E678-46E5-8559-802E312E6F7F}) (Version: 4.2 - Nokia)
Nuance Safecom Print Client EMEA PRN009 server (HKLM\...\{17946F99-0E57-419F-8691-1B636694C5B4}) (Version: 10.52.4.1 - Nuance Communications, Inc)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20280 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20280 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20280 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20280 - Microsoft Corporation) Hidden
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM-x32\...\{90160000-001F-0424-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
pre-Cryhod (HKLM-x32\...\{351ECE1B-615F-4DF1-B633-0397D0A381F3}) (Version: 1.0.0.0 - ALU)
PuTTY release 0.69 (HKLM-x32\...\{E688B503-623E-4EF5-AA11-854DF1AE97BF}) (Version: 0.69.0.0 - Simon Tatham)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM-x32\...\{90160000-001F-0416-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
RSA SecurID Software Token with Automation (HKLM-x32\...\{ED2F6A1A-8D31-4369-A72F-0B1212227025}) (Version: 5.0.1.392 - EMC Corporation)
Splunk Enterprise (HKLM\...\{D9B41F78-181E-4F29-A463-E8438C400CA3}) (Version: 7.2.4.0 - Splunk, Inc.)
Steelray Project Viewer (HKLM-x32\...\{440E87E7-1735-4E94-BE9B-DEDAAA6F2321}) (Version: 5.2.45.57 - Steelray Software)
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM-x32\...\{90160000-001F-0410-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{E327F586-9CB8-4E97-8F61-8D119C3C78F5}) (Version: 14.0.3876.1100 - Symantec Corporation)
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM-x32\...\{90160000-001F-0413-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
UDM (HKLM-x32\...\{7537CAED-F61D-4E56-8C78-2D6C923B0D08}) (Version: 0.4.1 - DXC)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
WebEx Productivity Tools (HKLM-x32\...\{177EEE28-8E98-4A2C-A74E-5075FF3BF18F}) (Version: 31.8.2.37 - Cisco WebEx LLC)
ZoneCentral (HKLM\...\{00002240-6010-4CA8-8868-36F59DEFD14D}) (Version: 6.1.2240 - Prim'X)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM-x32\...\{90160000-001F-0408-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM-x32\...\{90160000-001F-0419-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM-x32\...\{90160000-001F-040D-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1593251271-2640304127-1825641215-2135140_Classes\CLSID\{04271989-C4D2-132E-45CF-779203F210E6} -> [OneDrive - Nokia] => C:\Users\gladieu1\OneDrive - Nokia [2018-08-28 08:56]
ShellIconOverlayIdentifiers: [ -{00000067-8804-4CA8-8868-36F59DEFD14D}] -> {00000067-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers: [ -{00000069-8804-4CA8-8868-36F59DEFD14D}] -> {00000069-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers: [ -{00000070-8804-4CA8-8868-36F59DEFD14D}] -> {00000070-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers: [{00000068-8804-4CA8-8868-36F59DEFD14D}] -> {00000068-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers: [{0000006A-8804-4CA8-8868-36F59DEFD14D}] -> {0000006A-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers: [{0000006B-8804-4CA8-8868-36F59DEFD14D}] -> {0000006B-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers: [{00000071-8804-4CA8-8868-36F59DEFD14D}] -> {00000071-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers: [{00000072-8804-4CA8-8868-36F59DEFD14D}] -> {00000072-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers-x32: [ -{00000067-8804-4CA8-8868-36F59DEFD14D}] -> {00000067-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers-x32: [ -{00000069-8804-4CA8-8868-36F59DEFD14D}] -> {00000069-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers-x32: [ -{00000070-8804-4CA8-8868-36F59DEFD14D}] -> {00000070-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers-x32: [{00000068-8804-4CA8-8868-36F59DEFD14D}] -> {00000068-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers-x32: [{0000006A-8804-4CA8-8868-36F59DEFD14D}] -> {0000006A-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers-x32: [{0000006B-8804-4CA8-8868-36F59DEFD14D}] -> {0000006B-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers-x32: [{00000071-8804-4CA8-8868-36F59DEFD14D}] -> {00000071-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ShellIconOverlayIdentifiers-x32: [{00000072-8804-4CA8-8868-36F59DEFD14D}] -> {00000072-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin64\vpshell2.dll [2017-12-21] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin64\vpshell2.dll [2017-12-21] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a00e34a139761b2b\igfxDTCM.dll [2018-02-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin64\vpshell2.dll [2017-12-21] (Symantec Corporation -> Symantec Corporation)
ContextMenuHandlers6: [{00000113-8804-4CA8-8868-36F59DEFD14D}] -> {00000113-8804-4CA8-8868-36F59DEFD14D} => C:\RDIP\ZoneCentral\zcush.dll [2018-12-21] (Prim'X Technologies -> Prim'X Technologies)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C0A1A52-68DA-4805-9AFC-43A2CC2747DC} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Idle Detection
Task: {1763DF8A-6919-4DFF-BEDE-E62A469403FA} - System32\Tasks\NOK714_Cisco_Jabber_12.0.1_X86_Win7_EN_01 => Runonce [Argument = /AlternateShellStartup]
Task: {19F7CE08-804D-4C76-B27A-DF128D51458D} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {1C9BDE8D-54B1-4395-B3B0-A455DFC9972C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {26927345-5ECD-4D01-9443-62934F432E67} - System32\Tasks\HPE PowerWidget (gladieu1) => C:\WINDOWS\System32\wscript.exe /b /nologo "C:\Program Files\Hewlett Packard Enterprise\HP Workstation Tools\PowerWidget\PowerWidget.vbs"
Task: {32EF756B-3035-4A39-BBE2-945D9F4BE645} - System32\Tasks\HPE OnConnect => C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy ByPass -File "C:\Program Files\Hewlett Packard Enterprise\HP Workstation Tools\OnConnect.ps1"
Task: {3C0300FD-0886-4D84-9B4E-097DEF084F7B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {50AE2048-23C1-4763-958C-30843556BDA0} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Autofix => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {59C49171-CD6D-4CEC-B303-85492C5E2735} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {5A9471DF-900B-4358-A091-3B0CE7DEADA8} - System32\Tasks\SourceAnchor_Enablement => C:\Program Files\Hewlett Packard Enterprise\HP Workstation Tools\Nokia-FMOUserSwitch.vbs () [File not signed]
Task: {67ACB0F7-EBC9-4912-8CE0-1BFD2527AE30} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
Task: {69A7D4C6-E86B-43A1-8430-E766C09B54D7} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {70B07C1D-C9DE-43EF-B6CB-270DDB266CA0} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {773E1CB3-B24E-4E49-8E85-395BBC6013BC} - System32\Tasks\HPE Cryptex => C:\WINDOWS\System32\wscript.exe "\\nsn-intra.net\NETLOGON\ClientManagement\Cryptex.vbe" /p:16,ULNS,OLIoli01%22%27%5B%5D%60%7B%7C%7D /k:12,uln,OLIoli01 /c:"IMPORTANT NOTICE: Use of Nokia Intranet may be Monitored" /a:carLicense /u:Cryptex /t:"\\nsn-intra.net\NETLOGON\ClientManagement\LegalNotice.txt" <==== ATTENTION
Task: {79822554-0F80-477F-9B28-45ADA09EE30C} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {84E3AB81-7267-4485-B22A-7F0B85829164} - System32\Tasks\NOK685_Google_ChromeEnterprise_65.0.3325.181_X86_Win7_EN_01 => Runonce [Argument = /AlternateShellStartup] <==== ATTENTION
Task: {87C0AA25-D5EB-4A63-B8E5-D7A1D5911A2A} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {8EE420A2-EFAF-4D6C-9822-020B1797A6E0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202}" was unlocked. <==== ATTENTION
Task: {97A5ADF0-FEF2-4655-9E01-5220AE7D741E} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {9B36C077-3409-4012-9B8C-3DEAF199C556} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Passport for Work Certificate Enrollment Task => C:\WINDOWS\system32\wbem\wmic.exe /NAMESPACE:\\root\ccm\dcm path SMS_DesiredConfiguration CALL EvaluatePassportCertProfiles /NOINTERACTIVE
Task: {9B690A40-87BD-4A53-B0EB-620D4F2475D2} - System32\Tasks\HPE Cleanup temporary content (User) => C:\WINDOWS\System32\wscript.exe /b "C:\Program Files\ClientManagement\delete_temp_user_hidden.vbs"
Task: {9F831B02-2B5A-4205-BA51-34CD3AB6CD0A} - System32\Tasks\PCInfo => C:\Program Files\Hewlett Packard Enterprise\HP Workstation Tools\PCInfo.vbs [Argument = /s /p:comment]
Task: {A288E20A-B504-4604-80EA-5909A9C06A53} - System32\Tasks\NOK372_Microsoft_Silverlight_5.1.50709.0_X64_Win7_MUL_01 => Runonce [Argument = /AlternateShellStartup]
Task: {A697EB34-96DC-4D5D-9597-310545CC0B31} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {AECCD113-C11B-40C7-AA67-D504678AA0C9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B763B0BD-CA24-4089-A341-4B96FF9D7850} - System32\Tasks\NOK598_MicrosoftOffice2016ProPlus365EN => Runonce [Argument = /AlternateShellStartup]
Task: {BC2C487E-1D22-4EF6-A70A-6E039651CD8A} - System32\Tasks\Skype => C:\Users\gladieu1\AppData\Roaming\Mondial-Relay-Suivi-Colis.vbs
Task: {C52C28B3-9531-4806-B15D-793D11A5080A} - System32\Tasks\Microsoft_AzureInformationProtectionClient_1.41.51.0_v1.0 => Runonce [Argument = /AlternateShellStartup]
Task: {C92E3369-C8A8-440F-AF98-09487CF8F609} - System32\Tasks\Intel-IMSS => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
Task: {CCD27584-B378-49B3-94F9-EB55FE150DA7} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Processor => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin\SymErr.exe (Symantec Corporation -> Symantec Corporation)
Task: {CE4088BA-B8BB-4A35-BBFF-F517831AA29D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {CE8837BA-260B-4DA0-A630-90CEB678F24A} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_142_Plugin.exe (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {D2BB7AFE-31EA-47FB-AD1D-CA4B082579F2} - System32\Tasks\Microsoft\Configuration Manager\Configuration Manager Health Evaluation => C:\WINDOWS\CCM\ccmeval.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D33C864D-13A6-42C1-9314-30591182E8EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {EE64A49E-213D-4B00-8EEA-617567074F19} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {EEC41D5A-C7A7-4305-B244-19ADA9A0E7EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {F0700707-84A6-43D8-AEC8-464A62A441B7} - System32\Tasks\HPE Cleanup temporary content (System) => C:\WINDOWS\System32\cmd.exe /c C:\Program Files\ClientManagement\delete_temp_system.cmd
Task: {F1305DAC-EAB2-47AA-88C4-E59DA6FCC323} - System32\Tasks\WebExCallMeDefault7Digit => wscript.exe /B \\nsn-intra.net\netlogon\ClientManagement\WebExMCdefault7dgt_v2.vbs
Task: {F61AFD3B-CA0B-4BEE-9DBE-F662A71C0660} - System32\Tasks\NOK727_Adobe_ShockwavePlayer_12.3.4.204_X86_Win7_MUL_01 => Runonce [Argument = /AlternateShellStartup]
Task: {F6FF486B-BAE1-41D6-B013-A0D6AB2333E8} - System32\Tasks\RTFTrack => C:\WINDOWS\RTFTrack.exe (Realtek Semiconductor Corp. -> Realtek semiconductor)
Task: {FB74405D-4B68-45FA-A7B8-DC364E16C521} - System32\Tasks\Symantec Endpoint Protection\Symantec Endpoint Protection Error Analyzer => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin\SymErr.exe (Symantec Corporation -> Symantec Corporation)
"C:\Windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}" was unlocked. <==== ATTENTION
Task: {FF4CCD88-9ABE-4B97-9D72-0E019BF84660} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe (Microsoft Windows -> Microsoft Corporation)
Task: {FFE9FC8E-7240-4FD9-8D7C-FEF2BFEE9B7B} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-03-13 15:32 - 2015-03-13 15:32 - 003821056 _____ (SafeCom a/s) [File not signed] C:\WINDOWS\System32\scPullPM2k64.dll
2015-03-13 15:29 - 2015-03-13 15:29 - 002384896 _____ () [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scSEHex64.dll
2015-03-13 15:30 - 2015-03-13 15:30 - 000242176 _____ (SafeCom a/s) [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scParser64.dll
2015-03-13 15:32 - 2015-03-13 15:32 - 004030976 _____ (SafeCom a/s) [File not signed] C:\WINDOWS\System32\scPushPM2k64.dll
2015-03-13 15:32 - 2015-03-13 15:32 - 000098816 _____ (SafeCom a/s) [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scRuleExecuter64.dll
2015-03-13 15:29 - 2015-03-13 15:29 - 000077824 _____ (SafeCom a/s) [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scUtillib64.dll
2015-03-13 15:27 - 2015-03-13 15:27 - 000535040 _____ (SafeCom a/s) [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scPrintClient.exe
2016-06-15 03:36 - 2016-06-15 03:36 - 000050688 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzinw12.dll
2016-06-15 03:36 - 2016-06-15 03:36 - 000066048 _____ (HP Inc.) [File not signed] c:\windows\system32\hpzipm12.dll
2018-01-28 19:00 - 2018-01-28 19:00 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2018-01-03 17:47 - 2018-01-03 17:47 - 000195072 _____ (DXC) [File not signed] C:\Program Files (x86)\DXC\UDM\UDM.exe
2017-05-31 16:14 - 2017-05-31 16:14 - 000591360 _____ (NLog) [File not signed] C:\Program Files (x86)\DXC\UDM\NLog.dll
2018-08-27 16:42 - 2018-09-25 22:50 - 000315392 _____ (Adaptiva) [File not signed] C:\Program Files (x86)\Adaptiva\AdaptivaClient\bin\jvmhook.dll
2018-08-27 16:42 - 2018-09-25 22:50 - 000974848 _____ (Adaptiva) [File not signed] C:\Program Files (x86)\Adaptiva\AdaptivaClient\bin\AdaptivaNativeUtils.dll
2015-03-13 15:24 - 2015-03-13 15:24 - 000242688 _____ (SafeCom a/s) [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scSecureLib.dll
2015-03-13 15:26 - 2015-03-13 15:26 - 000056832 _____ (SafeCom a/s) [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scGenericServerLib.dll
2015-03-13 15:23 - 2015-03-13 15:23 - 000060928 _____ (SafeCom a/s) [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scUtillib.dll
2015-03-13 15:25 - 2015-03-13 15:25 - 003423744 _____ (SafeCom a/s) [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scIntrfLib.dll
2015-03-13 15:23 - 2015-03-13 15:23 - 002332160 _____ () [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scSEHex.dll
2015-03-13 15:27 - 2015-03-13 15:27 - 000078336 _____ (SafeCom a/s) [File not signed] C:\Program Files (x86)\SafeCom\SafeComPrintClient\scRuleExecuter.dll
2017-12-07 06:09 - 2017-12-07 06:09 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\AppVIsvSubsystems32.dll
2017-12-07 06:09 - 2017-12-07 06:09 - 000000000 ____LMicrosoft Corporation C:\Program Files (x86)\Microsoft Office\root\Office16\c2r32.dll
2019-03-09 13:11 - 2019-03-09 13:11 - 005007360 _____ (Add-in Express Ltd) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\AddinExpres86658eef#\e3ca5a9958cfed2047b0bc4691268f43\AddinExpress.MSO.2005.ni.dll
2019-03-09 13:11 - 2019-03-09 13:11 - 002942976 _____ (Add-in Express Ltd) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\AddinExpress.OL.2005\7fec970eb36d1841529a7ec5bc5a3ee6\AddinExpress.OL.2005.ni.dll
2019-03-09 13:11 - 2019-03-09 13:11 - 002118656 _____ (NLog) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSIP.NLog\e44374639ce33b96b970b08ec6ce9081\MSIP.NLog.ni.dll
2019-03-09 13:11 - 2019-03-09 13:11 - 002876928 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\a1dbf0aadd78000f156a35ef99d19aeb\Newtonsoft.Json.ni.dll
2019-03-09 13:11 - 2019-03-09 13:11 - 000194048 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\EcsClient\8f7a90e62d4c985d5204fe8e2e439f30\EcsClient.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path: C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\RSA SecurID Token Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\WebEx\Productivity Tools;C:\Program Files (x86)\SafeCom\SafeComPrintClient;C:\Program Files (x86)\Sennheiser\SoftphoneSDK\;C:\Program Files (x86)\PuTTY\
HKU\S-1-5-21-1593251271-2640304127-1825641215-2135140\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 139.54.40.8 - 135.239.25.53
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKU\S-1-5-21-1593251271-2640304127-1825641215-2135140\...\StartupApproved\StartupFolder: => "heDghqlNJV.vbs"
HKU\S-1-5-21-1593251271-2640304127-1825641215-2135140\...\StartupApproved\StartupFolder: => "Mondial-Relay-Suivi-Colis.vbs"
HKU\S-1-5-21-1593251271-2640304127-1825641215-2135140\...\StartupApproved\StartupFolder: => "heDghqlNJV.wsh"
HKU\S-1-5-21-1593251271-2640304127-1825641215-2135140\...\StartupApproved\Run: => "heDghqlNJV"
HKU\S-1-5-21-1593251271-2640304127-1825641215-2135140\...\StartupApproved\Run: => "HLXNX5KRMT"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{551460DB-42D0-4D77-9F3A-BBC375846269}] => (Allow) C:\Program Files (x86)\Kollective\KService.exe (Kollective Technology, Inc -> Kollective Inc.)
FirewallRules: [{52696217-4E15-4391-A503-AD6C1A4CBFD0}] => (Allow) C:\Program Files (x86)\Kollective\KService.exe (Kollective Technology, Inc -> Kollective Inc.)
FirewallRules: [{51C1B6C1-954E-47A4-B481-A2ECE605E59C}] => (Allow) LPort=34345
FirewallRules: [{70BB8F56-5936-4DAA-A866-0A4865C66C46}] => (Allow) LPort=34343
FirewallRules: [{B8C54863-3A78-425B-89EB-1D5FA87B8ADA}] => (Allow) LPort=34337
FirewallRules: [{571ECD01-9E7A-44EE-A569-105560C852BE}] => (Allow) LPort=34335
FirewallRules: [{AD812909-E515-4C91-9FA8-761946E9E08F}] => (Allow) LPort=34546
FirewallRules: [{15021C58-0787-42C2-80A6-82A364111A53}] => (Allow) LPort=34750
FirewallRules: [{52F83760-3CD3-4C8D-BFED-8CBF58043606}] => (Allow) LPort=34760
FirewallRules: [{1E270453-EEA4-4DD1-A4BF-A1E6D61D6419}] => (Allow) C:\Program Files (x86)\Adaptiva\AdaptivaClient\bin\AdaptivaClientService.exe (Adaptive Protocols, Inc. -> Adaptiva)
FirewallRules: [{A57EE49A-EFDE-4F6A-871E-08460B016CF5}] => (Allow) C:\Program Files (x86)\Adaptiva\AdaptivaClient\bin\AdaptivaClientService.exe (Adaptive Protocols, Inc. -> Adaptiva)
FirewallRules: [{B15FBB49-D140-4D4B-8E92-74ECA4EB3314}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{5D09B783-C452-41C8-81DE-BBD7DAC7E696}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin64\snac64.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{ED5080C7-7E7D-42D5-9651-5F231B5A3966}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{2941433A-2535-4D9B-B86E-789D30CB34DF}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3876.1100.105\Bin\ccSvcHst.exe (Symantec Corporation -> Symantec Corporation)
FirewallRules: [{09970EF8-2D3F-4C58-8122-E48B11DDDD6F}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe No File
FirewallRules: [{9BADB99B-C355-4DFA-BF0F-8F89F59AE869}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe No File
FirewallRules: [{3A7D6C64-7F93-4EFA-BA13-191954C43CF8}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe No File
FirewallRules: [{5F345414-3E23-4572-A20A-A345F25584CE}] => (Allow) C:\Program Files (x86)\Kontiki\KService.exe No File
FirewallRules: [{57B52836-8406-456F-B8EB-0844A96661A0}] => (Allow) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\CiscoJabber.exe (Cisco Systems Inc. -> Cisco Systems, Inc)
FirewallRules: [{9B5A7407-CD22-4A9F-897B-02DFD3D23D80}] => (Allow) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\wbxcOIEx.exe (Cisco WebEx LLC -> WebEx)
FirewallRules: [{5FECB51E-21F5-4901-818B-959E0EC92286}] => (Allow) C:\Program Files (x86)\Cisco Systems\Cisco Jabber\x64\wbxcOIEx64.exe (Cisco WebEx LLC -> WebEx)
FirewallRules: [{0DE13A44-F360-4097-9432-CD409D8E6BCB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AE434316-404B-4C22-9C10-8910E558F80D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google Inc.)
FirewallRules: [{29437CF0-4371-4E2F-9494-590C7AE090A3}] => (Allow) C:\WINDOWS\CCM\RemCtrl\CmRcService.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Synaptics WBDI(SGX disabled)
Description: Synaptics WBDI
Class Guid: {53d29ef7-377c-4d14-864b-eb3a85769359}
Manufacturer: Synaptics Incorporated
Service: WUDFRd
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2019 10:42:02 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! WS.Reputation.1 in File: c:\Users\gladieu1\Desktop\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (03/14/2019 10:37:57 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found! WS.Reputation.1 in File: c:\Users\gladieu1\Desktop\FRST64.exe by: Auto-Protect scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.

Error: (03/14/2019 10:15:30 AM) (Source: Group Policy Files) (EventID: 8192) (User: NT AUTHORITY)
Description: The user 'OneDrive for Business 2013.lnk' preference item in the 'G_Users_U_Office2k13_V01 {5CF37813-00C6-44A9-8799-774B13EBCF78}' Group Policy Object did not apply because it failed with error code '0x80070003 The system cannot find the path specified.'%user00790275

Error: (03/14/2019 10:14:02 AM) (Source: WSH) (EventID: 1) (User: )
Description: 424 (1A8h)
Description: Object required
Source: Microsoft VBScript runtime error

Error: (03/14/2019 10:13:51 AM) (Source: WSH) (EventID: 1) (User: )
Description: 424 (1A8h)
Description: Object required
Source: Microsoft VBScript runtime error

Error: (03/14/2019 10:13:49 AM) (Source: WSH) (EventID: 1) (User: )
Description: 424 (1A8h)
Description: Object required
Source: Microsoft VBScript runtime error

Error: (03/14/2019 10:13:29 AM) (Source: WSH) (EventID: 1) (User: )
Description: -2147023541 (8007054Bh)
Description: The specified domain either does not exist or could not be contacted.

Error: (03/14/2019 10:11:34 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


System errors:
=============
Error: (03/14/2019 10:38:53 AM) (Source: DCOM) (EventID: 10016) (User: NSN-INTRA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NSN-INTRA\gladieu1 SID (S-1-5-21-1593251271-2640304127-1825641215-2135140) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/14/2019 10:30:32 AM) (Source: Netwtw06) (EventID: 5010) (User: )
Description: Intel(R) Dual Band Wireless-AC 8265 : The network adapter has returned an invalid value to the driver.
5010 - Driver DBG_ASSERT - instead of BSOD

Error: (03/14/2019 10:28:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/14/2019 10:18:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (03/14/2019 10:15:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (03/14/2019 10:15:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/14/2019 10:14:41 AM) (Source: DCOM) (EventID: 10016) (User: NSN-INTRA)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
and APPID
{9BA05972-F6A8-11CF-A442-00A0C90A8F39}
to the user NSN-INTRA\gladieu1 SID (S-1-5-21-1593251271-2640304127-1825641215-2135140) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/14/2019 10:14:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================

Date: 2019-02-26 10:15:53.878
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\d9ab1e6548beef406172b50c8404cbcf\inst\wow64_microsoft-windows-t..-remoteapplications_31bf3856ad364e35_10.0.16299.696_none_59bc98f03bb218fa\rdpinit.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-26 10:15:53.875
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\d9ab1e6548beef406172b50c8404cbcf\inst\wow64_microsoft-windows-t..-remoteapplications_31bf3856ad364e35_10.0.16299.696_none_59bc98f03bb218fa\rdpinit.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-26 10:15:52.219
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\d9ab1e6548beef406172b50c8404cbcf\inst\amd64_microsoft-windows-shell-ppishell_31bf3856ad364e35_10.0.16299.637_none_0f4dc6c05d4008d6\ppishell.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-26 10:15:52.215
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\d9ab1e6548beef406172b50c8404cbcf\inst\amd64_microsoft-windows-shell-ppishell_31bf3856ad364e35_10.0.16299.637_none_0f4dc6c05d4008d6\ppishell.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-26 10:15:41.188
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\d9ab1e6548beef406172b50c8404cbcf\inst\amd64_microsoft-windows-holoshell.appxmain_31bf3856ad364e35_10.0.16299.967_none_31139421eb1474d0\holoshellapp.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-26 10:15:41.186
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SoftwareDistribution\Download\d9ab1e6548beef406172b50c8404cbcf\inst\amd64_microsoft-windows-holoshell.appxmain_31bf3856ad364e35_10.0.16299.967_none_31139421eb1474d0\holoshellapp.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-02-13 10:26:42.893
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Adaptiva\AdaptivaClient\bin\XUtils3.DLL that did not meet the Microsoft signing level requirements.

Date: 2019-02-13 10:26:42.886
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Adaptiva\AdaptivaClient\bin\XUtils3.DLL that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-7300U CPU @ 2.60GHz
Percentage of memory in use: 45%
Total physical RAM: 8030.85 MB
Available physical RAM: 4357.5 MB
Total Virtual: 12382.85 MB
Available Virtual: 7014.29 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:475.46 GB) (Free:407.69 GB) NTFS
Drive s: (OS) (Network) (Total:75 GB) (Free:27.08 GB) NTFS

\\?\Volume{acc13be1-048a-4c52-9c1f-c9bce18d85a2}\ () (Fixed) (Total:0.5 GB) (Free:0.46 GB) FAT32
\\?\Volume{cb4d3427-7309-4887-af87-ca7e8fb8e394}\ () (Fixed) (Total:0.85 GB) (Free:0.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: C22409B4)

Partition: GPT.

==================== End of Addition.txt ============================