[SOLVED] [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

Step#1 - Windows Module Installer
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.





  1. Click your start button and type services.msc in the search box. Click on the services.msc program that shows up.
  2. Scroll down until you see Windows Modules Installer
  3. Right click it and click properties
  4. Change startup type to Automatic
  5. Reboot the computer and try Windows Update again




Only do Step#2 below if Step#1 doesn't work.

Step#2 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Attachments

I did step 1 but it didn't resolve so I went on to step 2 with output below.

I took a snapshot after the reboot to be able to revert and then performed the check-for-updates and install-updates actions which presented the three updates again.

I can restore to the snapshot (or others as appropriate) if that was not the correct next action.


====

Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by jim (09-09-2017 10:47:34) Run:5
Running from C:\Users\jim\Desktop
Loaded Profiles: jim & cyg_server (Available Profiles: jim & cyg_server)
Boot Mode: Normal
==============================================


fixlist content:
*****************
cmd: sc config trustedinstaller start=auto
cmd: net start trustedinstaller
cmd: fsutil resource setautoreset true %SystemDrive%\
cmd: attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
cmd: echo y | del %SystemRoot%\System32\Config\TxR\*
cmd: attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf
cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
EmptyTemp:
*****************




========= sc config trustedinstaller start=auto =========


[SC] ChangeServiceConfig SUCCESS


========= End of CMD: =========




========= net start trustedinstaller =========


The requested service has already been started.


More help is available by typing NET HELPMSG 2182.




========= End of CMD: =========




========= fsutil resource setautoreset true %SystemDrive%\ =========


The operation completed successfully.


========= End of CMD: =========




========= attrib -r -s -h %SystemRoot%\System32\Config\TxR\* =========




========= End of CMD: =========




========= echo y | del %SystemRoot%\System32\Config\TxR\* =========


C:\Windows\System32\Config\TxR\*, Are you sure (Y/N)? y
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.0.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.1.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.2.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.blf
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TM.blf
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
The process cannot access the file because it is being used by another process.
C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
The process cannot access the file because it is being used by another process.


========= End of CMD: =========




========= attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\* =========




========= End of CMD: =========




========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm* =========




========= End of CMD: =========




========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf =========


Could Not Find C:\Windows\System32\SMI\Store\Machine\*.blf


========= End of CMD: =========




========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms =========


Could Not Find C:\Windows\System32\SMI\Store\Machine\*.regtrans-ms


========= End of CMD: =========




=========== EmptyTemp: ==========


BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14252557 B
Java, Flash, Steam htmlcache => 783 B
Windows/system/drivers => 12141331268 B
Edge => 0 B
Chrome => 29167240 B
Firefox => 0 B
Opera => 0 B


Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 288560 B
jim => 14226593 B
cyg_server => 0 B


RecycleBin => 0 B
EmptyTemp: => 11.4 GB temporary data Removed.


================================




The system needed a reboot.


==== End of Fixlog 10:47:44 ====
 
FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download attached file and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
 

Attachments

Here is the output:

====

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-09-2017
Ran by jim (10-09-2017 08:53:34) Run:8
Running from C:\Users\jim\Desktop
Loaded Profiles: jim & cyg_server (Available Profiles: jim & cyg_server)
Boot Mode: Normal
==============================================


fixlist content:
*****************
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.0.regtrans-ms
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.1.regtrans-ms
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.2.regtrans-ms
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.blf
C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TM.blf
C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
*****************


Could not move "C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.0.regtrans-ms" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.1.regtrans-ms" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.2.regtrans-ms" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.blf" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TM.blf" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms" => Scheduled to move on reboot.


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-09-2017 08:54:23)


C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.0.regtrans-ms => Is moved successfully
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.1.regtrans-ms => Is moved successfully
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.2.regtrans-ms => Is moved successfully
C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.blf => Is moved successfully
"C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TM.blf" => Could not move
"C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms" => Could not move
"C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms" => Could not move


==== End of Fixlog 08:54:23 ====
 
I then did a "check-for-updates" which listed all three (plus defender). I then continued the installs which said "Failed 3 updates. Failed with error code 80246013".
I then did the install again which claimed to succeed for the three. I then did a "check-for-updates" which still listed all three plus a defender.

Remember, I can revert to previous states if that wasn't desirable including the "just after the last FRST64 run".
 
When I search applications it doesn't show OneDrive.

If you are referring to restoring to a snapshot it refers to using the feature of VMware fusion to restore the virtual disk for the virtual machine.
 
FRST Scan
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.
 
==================== Begin of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
Ran by jim (administrator) on JIMWIN81 (11-09-2017 07:08:22)
Running from C:\Users\jim\Desktop
Loaded Profiles: jim & cyg_server (Available Profiles: jim & cyg_server)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
() C:\cygwin64\bin\cygrunsrv.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe
() C:\cygwin64\usr\sbin\sshd.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
() C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ThinPrint GmbH) C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\cygwin64\home\jim\dotfiles\bin\procexp.exe
(ThinPrint GmbH) C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
(Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\Users\jim\AppData\Local\Temp\PROCEXP64.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [82920 2017-03-17] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
IFEO\taskmgr.exe: [Debugger] "C:\CYGWIN64\HOME\JIM\DOTFILES\BIN\PROCEXP.EXE"


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 172.16.247.2
Tcpip\..\Interfaces\{E0C50694-CF39-42E6-8B7A-1D78F3B50F76}: [DhcpNameServer] 172.16.247.2


Internet Explorer:
==================
HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
URLSearchHook: [S-1-5-21-4156085387-2423536872-2889286598-1003] ATTENTION => Default URLSearchHook is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-13] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-13] (Oracle Corporation)


FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [2012-01-28] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)


Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> t
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
CHR Extension: (Google Translate) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-14]
CHR Extension: (Restlet Client - REST API Testing) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2017-09-05]
CHR Extension: (Google Docs) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-16]
CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
CHR Extension: (Google Cast) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-04-02]
CHR Extension: (Adblock Plus) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-05]
CHR Extension: (JSONView) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2017-01-14]
CHR Extension: (REST Console) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2014-02-09]
CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-16]
CHR Extension: (Vimium) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepggeogbaibhgnhhndojpepiihcmeb [2017-09-05]
CHR Extension: (Netflix) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2016-04-16]
CHR Extension: (Google Tasks (by Google)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2017-09-05]
CHR Extension: (Chromebleed) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-12-13]
CHR Extension: (Postman - REST Client) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2016-04-24]
CHR Extension: (EditThisCookie) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-10-29]
CHR Extension: (FoxyProxy Standard) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-14]
CHR Extension: (TweetDeck by Twitter) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-01-14]
CHR Extension: (Advanced REST client) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2017-03-22]
CHR Extension: (Tabs to the front!) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2014-02-09]
CHR Extension: (Kindle Cloud Reader) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-06-01]
CHR Extension: (AngularJS Batarang) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk [2017-09-05]
CHR Extension: (Subnet Mask Calculator) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgifbmejejpcgfiocalppfbifcaanaan [2014-02-09]
CHR Extension: (Flashcontrol) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-03-22]
CHR Extension: (Google Play Books) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-01-14]
CHR Extension: (Google Hangouts) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-05]
CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-05]


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 ALG; C:\Windows\System32\alg.exe [96768 2014-10-28] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [658944 2014-10-28] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-10-30] (Microsoft Corporation)
R3 MSDTC; C:\Windows\System32\msdtc.exe [144384 2014-10-28] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [65024 2016-05-05] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [59904 2016-05-05] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2014-10-28] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [47024 2014-10-28] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2014-10-28] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [827392 2014-11-03] (Microsoft Corporation)
R2 sppsvc; C:\Windows\system32\sppsvc.exe [6521800 2016-06-10] (Microsoft Corporation)
R2 sshd; C:\cygwin64\bin\cygrunsrv.exe [185875 2013-10-30] () [File not signed]
S3 TPVCGateway; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2498744 2017-03-17] (Cortado AG)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [41984 2014-10-28] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [1313792 2014-10-28] (Microsoft Corporation)
R2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [163840 2017-03-17] (VMware, Inc.) [File not signed]
R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [540136 2017-03-17] (VMware, Inc.)
S3 VMwareCAFCommAmqpListener; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe [67584 2017-03-17] () [File not signed]
R2 VMwareCAFManagementAgentHost; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe [60928 2017-03-17] () [File not signed]
R3 VSS; C:\Windows\system32\vssvc.exe [1455104 2016-02-05] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [903168 2015-03-31] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [710144 2015-03-31] (Microsoft Corporation)


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 VMMemCtl; C:\Windows\system32\DRIVERS\vmmemctl.sys [51768 2017-02-11] (VMware, Inc.)
R1 VMRawDsk; C:\Windows\system32\DRIVERS\vmrawdsk.sys [74304 2017-02-11] (VMware, Inc.)
R3 vmusbmouse; C:\Windows\System32\drivers\vmusbmouse.sys [35904 2017-02-11] (VMware, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-02-11] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-09-11 07:08 - 2017-09-11 07:08 - 000014008 _____ C:\Users\jim\Desktop\FRST.txt
2017-09-11 07:07 - 2017-09-11 07:07 - 000000000 ____D C:\Users\jim\Desktop\FRST-OlderVersion
2017-09-11 07:06 - 2017-09-11 07:06 - 000001390 _____ C:\Users\Public\Desktop\VMware Shared Folders.lnk
2017-09-11 07:03 - 2017-09-11 07:03 - 000000000 ____D C:\Users\jim\Desktop\xx
2017-09-09 09:58 - 2017-09-11 07:07 - 000000000 ____D C:\Users\jim\AppData\Roaming\Skype
2017-09-09 09:58 - 2017-09-09 10:44 - 000000000 ____D C:\ProgramData\Skype
2017-09-09 09:58 - 2017-09-09 09:58 - 000002713 _____ C:\Users\Public\Desktop\Skype.lnk
2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ____D C:\Users\jim\AppData\Local\Skype
2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-09-09 09:31 - 2017-09-09 09:31 - 000000457 _____ C:\Users\jim\Desktop\Shared Folders (vmware-host) (Z) - Shortcut.lnk
2017-09-05 11:04 - 2017-09-05 11:04 - 000000000 ____D C:\Users\jim\AppData\Local\Apps\2.0
2017-09-01 19:49 - 2017-09-01 19:49 - 000287520 _____ C:\Windows\Minidump\090117-7765-01.dmp
2017-09-01 19:46 - 2017-09-01 19:46 - 000287520 _____ C:\Windows\Minidump\090117-22093-01.dmp
2017-09-01 19:46 - 2017-09-01 19:46 - 000000000 ____D C:\Windows\Minidump
2017-09-01 11:09 - 2017-09-11 07:08 - 000000000 ____D C:\FRST
2017-09-01 11:07 - 2017-09-11 07:07 - 002396672 _____ (Farbar) C:\Users\jim\Desktop\FRST64.exe
2017-08-13 09:17 - 2017-08-13 09:17 - 002884096 _____ (niemiro) C:\Users\jim\Desktop\SFCFix.exe


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-09-11 07:06 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Registration
2017-09-11 07:06 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-11 07:03 - 2014-02-09 13:30 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-11 07:03 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
2017-09-09 10:11 - 2014-02-09 13:31 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4156085387-2423536872-2889286598-1001
2017-09-05 18:36 - 2017-07-16 16:55 - 000000000 ____D C:\SFCFix
2017-09-05 18:36 - 2017-07-16 16:20 - 000000000 ____D C:\Users\jim\AppData\Local\niemiro
2017-09-05 13:24 - 2014-05-09 12:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-09-05 10:07 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-05 07:38 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-05 07:36 - 2014-03-17 22:26 - 000000000 ____D C:\Users\jim\Desktop\save
2017-09-01 19:49 - 2014-03-17 13:54 - 000000000 ____D C:\Users\cyg_server
2017-09-01 19:49 - 2014-02-09 13:20 - 000000000 ____D C:\Users\jim
2017-08-28 22:26 - 2014-02-09 13:35 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-22 19:30 - 2017-04-02 15:19 - 010716210 _____ C:\Users\jim\Desktop\Windows8.1-KB2919442-x64.msu
2017-08-17 09:35 - 2014-02-09 17:41 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-08-13 09:48 - 2014-02-09 17:42 - 000000000 ____D C:\Windows\system32\MRT
2017-08-13 09:46 - 2014-02-09 17:42 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-13 09:24 - 2015-02-06 19:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-13 09:23 - 2015-11-28 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-13 09:23 - 2014-03-17 12:44 - 000000000 ____D C:\ProgramData\Oracle
2017-08-13 09:23 - 2014-03-17 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-08-13 09:23 - 2014-03-17 12:43 - 000000000 ____D C:\Program Files\Java
2017-08-13 09:22 - 2015-11-28 20:02 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll


Some files in TEMP:
====================
2017-09-09 11:32 - 2017-09-11 07:07 - 001620992 _____ (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\Users\jim\AppData\Local\Temp\PROCEXP64.exe


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-09-09 09:43


==================== End of FRST.txt ============================


==================== Begin of Addition.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
Ran by jim (11-09-2017 07:08:59)
Running from C:\Users\jim\Desktop
Windows 8.1 Pro (Update) (X64) (2014-02-09 20:20:29)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-4156085387-2423536872-2889286598-500 - Administrator - Disabled)
cyg_server (S-1-5-21-4156085387-2423536872-2889286598-1003 - Administrator - Enabled) => C:\Users\cyg_server
Guest (S-1-5-21-4156085387-2423536872-2889286598-501 - Limited - Disabled)
jim (S-1-5-21-4156085387-2423536872-2889286598-1001 - Administrator - Enabled) => C:\Users\jim
sshd (S-1-5-21-4156085387-2423536872-2889286598-1002 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.10.9 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.2.7 - Quicken)
Skypeâ„¢ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
VMware Tools (HKLM\...\{D2236796-832D-4E8C-A337-0C6EEB8ACB27}) (Version: 10.1.6.5214329 - VMware, Inc.)
VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.29542 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {2C4403FF-C76C-4B84-8235-DF5F1926BD22} - System32\Tasks\{F8CAD4C1-19CB-4036-AF34-E0854A183087} => C:\Windows\system32\pcalua.exe -a "C:\Users\jim\Downloads\VMware-viclient-all-5.0.0-623373 (1).exe" -d C:\Users\jim\Downloads
Task: {328C4D63-77D7-4E0B-9069-1791B4824B3B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {34F6E3B4-F13D-495F-8DE0-8B350595050A} - System32\Tasks\Process Explorer-JIMWIN81-jim => C:\CYGWIN64\HOME\JIM\DOTFILES\BIN\PROCEXP.EXE [2014-03-17] (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs)
Task: {796311BE-0AE5-4E3A-B762-FA200D4379D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7BE7674A-0A35-4007-8CB6-37599535DE0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {83922393-9B46-4CE5-AC3C-A4CED05A60A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C62730DF-A919-41E7-9787-43D7C3C95AAD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D9A11151-AFE5-458A-9B6F-20948476F1FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {EB430ABB-9BC9-4312-A521-A66F93B3A700} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ED07D572-1061-438A-B699-E9D5C5646179} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




==================== Loaded Modules (Whitelisted) ==============


2014-02-15 13:19 - 2013-10-30 13:39 - 000185875 _____ () C:\cygwin64\bin\cygrunsrv.exe
2017-03-17 07:36 - 2017-03-17 07:36 - 000268288 _____ () C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll
2014-02-15 13:19 - 2014-01-30 05:00 - 000673299 _____ () C:\cygwin64\usr\sbin\sshd.exe
2014-02-15 12:40 - 2014-01-29 02:26 - 000068115 _____ () C:\cygwin64\bin\cyggcc_s-seh-1.dll
2014-02-15 13:19 - 2014-01-29 02:27 - 000010771 _____ () C:\cygwin64\bin\cygssp-0.dll
2014-02-15 13:19 - 2013-03-07 02:29 - 000009235 _____ () C:\cygwin64\bin\cygcrypt-0.dll
2014-02-15 13:19 - 2013-06-22 22:43 - 002300485 _____ () C:\cygwin64\bin\cyggssapi-3.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000163264 _____ () C:\cygwin64\bin\cygkafs-0.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 003365979 _____ () C:\cygwin64\bin\cygkrb5-26.dll
2014-02-15 13:19 - 2013-11-15 12:58 - 000030227 _____ () C:\cygwin64\bin\cygwrap-0.dll
2014-02-15 12:40 - 2013-05-09 14:21 - 000080915 _____ () C:\cygwin64\bin\cygz.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000137857 _____ () C:\cygwin64\bin\cygheimntlm-0.dll
2014-02-15 13:19 - 2013-03-10 22:21 - 000012307 _____ () C:\cygwin64\bin\cygcom_err-2.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000103241 _____ () C:\cygwin64\bin\cygheimbase-1.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 002629600 _____ () C:\cygwin64\bin\cygasn1-8.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000434020 _____ () C:\cygwin64\bin\cygroken-18.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000281302 _____ () C:\cygwin64\bin\cygwind-0.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 001445805 _____ () C:\cygwin64\bin\cyghx509-5.dll
2014-02-15 13:19 - 2014-03-11 13:06 - 000737811 _____ () C:\cygwin64\bin\cygsqlite3-0.dll
2017-03-17 07:56 - 2017-03-17 07:56 - 000284136 _____ () C:\Program Files\VMware\VMware Tools\pcre.dll
2017-03-17 07:25 - 2017-03-17 07:25 - 000060928 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe
2017-03-17 07:36 - 2017-03-17 07:36 - 002539008 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\Framework.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000268288 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\pcre.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000731648 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\MaIntegrationSubsys.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000111616 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CafIntegrationSubsys.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000471040 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\IntegrationSubsys.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000097792 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\VgAuthIntegrationSubsys.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.16.247.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==




==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{875D1C1B-1096-4C23-A44F-14B22806028C}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
FirewallRules: [{7C049BF3-D827-4B59-BE5E-752CF9E23F67}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
FirewallRules: [{55864CD2-25AC-4580-92ED-A9E95A7AAF4A}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
FirewallRules: [{E0C64453-B0D3-4C07-B72A-720810B9C15D}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
FirewallRules: [TCP Query User{D2004B2F-84E7-4D8D-8FB4-E4BDBD44F5D5}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{1E31FFCB-C6F5-4127-B895-48F2F08F3B96}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{29F5CE55-9E21-4602-A4AC-959B9EB50520}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6BDFB4A8-7041-41C4-8FB2-28448139B1B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CBB445D-D843-4C93-9827-B89FB73431DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{6BB3ED68-D75B-4B09-BECF-FFB0ADC28126}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [TCP Query User{E0AFC178-3575-47B0-B03E-9F1E2B6E0773}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{26D2C6C8-77B6-422D-8083-01968D74E330}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{71E9CAD3-451D-4000-8840-1D5F9344696F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{F9B406D5-438B-4961-8030-5B0E237F575F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{2808C497-8D6A-4F08-86D8-777DF233F237}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{3CFF1664-B781-4DF5-B8E2-07E002AB08B2}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{912D2D64-8947-4A35-9E47-12213F14F90F}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{1D1BCBAC-44E5-470E-BDE8-4E4F46BF8E67}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{6ED95EC6-D0AA-466E-AADF-E8C9EDB5E943}C:\programdata\oracle\java\javapath_target_581421\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_581421\javaw.exe
FirewallRules: [UDP Query User{F492AEBB-A548-4180-8B67-1D6707FC3C9C}C:\programdata\oracle\java\javapath_target_581421\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_581421\javaw.exe
FirewallRules: [{2A516657-BC0B-46CE-BFF0-25F2D88F3078}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B7C3F9A0-1456-4B4E-AC84-08A3E442AD96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe


==================== Restore Points =========================


28-08-2017 22:43:00 Windows Update
01-09-2017 07:56:26 Windows Update
01-09-2017 19:45:15 Restore Point Created by FRST
01-09-2017 19:47:59 Restore Point Created by FRST
01-09-2017 19:55:59 Restore Point Created by FRST
04-09-2017 08:11:24 Restore Point Created by FRST
09-09-2017 09:39:12 Windows Update
09-09-2017 10:05:00 Removed Skypeâ„¢ 7.3
09-09-2017 10:44:18 Removed Skypeâ„¢ 7.3


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (09/11/2017 07:07:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/11/2017 07:01:49 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/11/2017 07:01:38 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/10/2017 08:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gvim.exe, version: 0.0.0.0, time stamp: 0x5304da99
Faulting module name: cyggdk-x11-2.0-0.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000135
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xfc4
Faulting application start time: 0x01d32a4d58a65fbb
Faulting application path: C:\cygwin64\bin\gvim.exe
Faulting module path: cyggdk-x11-2.0-0.dll
Report Id: 9767cc46-9640-11e7-8399-000c2916e29d
Faulting package full name:
Faulting package-relative application ID:


Error: (09/10/2017 08:52:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/09/2017 11:19:45 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/09/2017 11:09:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gvim.exe, version: 0.0.0.0, time stamp: 0x5304da99
Faulting module name: cyggdk-x11-2.0-0.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000135
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xb14
Faulting application start time: 0x01d32996bbfca75c
Faulting application path: C:\cygwin64\bin\gvim.exe
Faulting module path: cyggdk-x11-2.0-0.dll
Report Id: fabefa33-9589-11e7-8395-000c2916e29d
Faulting package full name:
Faulting package-relative application ID:


Error: (09/09/2017 10:44:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
Description: Product: Skypeâ„¢ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,


Error: (09/09/2017 10:44:27 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
Description: Product: Skypeâ„¢ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,


Error: (09/09/2017 10:05:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
Description: Product: Skypeâ„¢ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,




System errors:
=============
Error: (09/10/2017 08:50:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
The service has not been started.


Error: (09/10/2017 04:45:51 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


Error: (09/10/2017 04:45:20 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


Error: (09/09/2017 11:27:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


Error: (09/09/2017 11:11:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


Error: (09/09/2017 10:47:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


Error: (09/09/2017 10:47:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Snapshot Provider service terminated unexpectedly. It has done this 1 time(s).


Error: (09/09/2017 09:44:42 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


Error: (09/09/2017 09:44:12 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


Error: (09/06/2017 06:29:49 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.




CodeIntegrity:
===================================
Date: 2017-09-10 04:45:22.385
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-09 09:44:46.514
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-06 06:29:21.455
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-05 10:08:59.102
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-05 07:49:55.491
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-04 08:34:16.765
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-01 07:48:24.893
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-08-31 13:47:03.155
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-08-28 22:53:09.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-08-22 21:04:39.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.




==================== Memory info ===========================


Processor: Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
Percentage of memory in use: 28%
Total physical RAM: 4239.49 MB
Available physical RAM: 3024.1 MB
Total Virtual: 8591.49 MB
Available Virtual: 7580.61 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:90 GB) (Free:26.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (IRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.63 GB) (Free:0 GB) UDF


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 90 GB) (Disk ID: DA6E7EB8)
Partition 1: (Active) - (Size=90 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================
 
==================== Begin of FRST.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
Ran by jim (administrator) on JIMWIN81 (11-09-2017 07:08:22)
Running from C:\Users\jim\Desktop
Loaded Profiles: jim & cyg_server (Available Profiles: jim & cyg_server)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
() C:\cygwin64\bin\cygrunsrv.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe
() C:\cygwin64\usr\sbin\sshd.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
() C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ThinPrint GmbH) C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\cygwin64\home\jim\dotfiles\bin\procexp.exe
(ThinPrint GmbH) C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
(Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\Users\jim\AppData\Local\Temp\PROCEXP64.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


==================== Registry (Whitelisted) ====================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [82920 2017-03-17] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
IFEO\taskmgr.exe: [Debugger] "C:\CYGWIN64\HOME\JIM\DOTFILES\BIN\PROCEXP.EXE"


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Tcpip\Parameters: [DhcpNameServer] 172.16.247.2
Tcpip\..\Interfaces\{E0C50694-CF39-42E6-8B7A-1D78F3B50F76}: [DhcpNameServer] 172.16.247.2


Internet Explorer:
==================
HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
URLSearchHook: [S-1-5-21-4156085387-2423536872-2889286598-1003] ATTENTION => Default URLSearchHook is missing
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-13] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-13] (Oracle Corporation)


FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-13] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-13] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [2012-01-28] (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)


Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> t
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
CHR Extension: (Google Translate) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-14]
CHR Extension: (Restlet Client - REST API Testing) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2017-09-05]
CHR Extension: (Google Docs) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-16]
CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
CHR Extension: (Google Cast) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-04-02]
CHR Extension: (Adblock Plus) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-05]
CHR Extension: (JSONView) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2017-01-14]
CHR Extension: (REST Console) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2014-02-09]
CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-16]
CHR Extension: (Vimium) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepggeogbaibhgnhhndojpepiihcmeb [2017-09-05]
CHR Extension: (Netflix) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2016-04-16]
CHR Extension: (Google Tasks (by Google)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2017-09-05]
CHR Extension: (Chromebleed) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-12-13]
CHR Extension: (Postman - REST Client) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2016-04-24]
CHR Extension: (EditThisCookie) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-10-29]
CHR Extension: (FoxyProxy Standard) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-02-06]
CHR Extension: (Google Docs Offline) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-14]
CHR Extension: (TweetDeck by Twitter) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-01-14]
CHR Extension: (Advanced REST client) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2017-03-22]
CHR Extension: (Tabs to the front!) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2014-02-09]
CHR Extension: (Kindle Cloud Reader) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-06-01]
CHR Extension: (AngularJS Batarang) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk [2017-09-05]
CHR Extension: (Subnet Mask Calculator) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgifbmejejpcgfiocalppfbifcaanaan [2014-02-09]
CHR Extension: (Flashcontrol) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-03-22]
CHR Extension: (Google Play Books) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-01-14]
CHR Extension: (Google Hangouts) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-09-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-05]
CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-16]
CHR Extension: (Chrome Media Router) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-05]


==================== Services (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


S3 ALG; C:\Windows\System32\alg.exe [96768 2014-10-28] (Microsoft Corporation)
S3 Fax; C:\Windows\system32\fxssvc.exe [658944 2014-10-28] (Microsoft Corporation)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-10-30] (Microsoft Corporation)
R3 MSDTC; C:\Windows\System32\msdtc.exe [144384 2014-10-28] (Microsoft Corporation)
S3 msiserver; C:\Windows\System32\msiexec.exe [65024 2016-05-05] (Microsoft Corporation)
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [59904 2016-05-05] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2014-10-28] (Microsoft Corporation)
R2 SamSs; C:\Windows\system32\lsass.exe [47024 2014-10-28] (Microsoft Corporation)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2014-10-28] (Microsoft Corporation)
R2 Spooler; C:\Windows\System32\spoolsv.exe [827392 2014-11-03] (Microsoft Corporation)
R2 sppsvc; C:\Windows\system32\sppsvc.exe [6521800 2016-06-10] (Microsoft Corporation)
R2 sshd; C:\cygwin64\bin\cygrunsrv.exe [185875 2013-10-30] () [File not signed]
S3 TPVCGateway; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2498744 2017-03-17] (Cortado AG)
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [41984 2014-10-28] (Microsoft Corporation)
S3 vds; C:\Windows\System32\vds.exe [1313792 2014-10-28] (Microsoft Corporation)
R2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [163840 2017-03-17] (VMware, Inc.) [File not signed]
R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [540136 2017-03-17] (VMware, Inc.)
S3 VMwareCAFCommAmqpListener; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe [67584 2017-03-17] () [File not signed]
R2 VMwareCAFManagementAgentHost; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe [60928 2017-03-17] () [File not signed]
R3 VSS; C:\Windows\system32\vssvc.exe [1455104 2016-02-05] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WSearch; C:\Windows\system32\SearchIndexer.exe [903168 2015-03-31] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [710144 2015-03-31] (Microsoft Corporation)


===================== Drivers (Whitelisted) ======================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 VMMemCtl; C:\Windows\system32\DRIVERS\vmmemctl.sys [51768 2017-02-11] (VMware, Inc.)
R1 VMRawDsk; C:\Windows\system32\DRIVERS\vmrawdsk.sys [74304 2017-02-11] (VMware, Inc.)
R3 vmusbmouse; C:\Windows\System32\drivers\vmusbmouse.sys [35904 2017-02-11] (VMware, Inc.)
R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-02-11] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-09-11 07:08 - 2017-09-11 07:08 - 000014008 _____ C:\Users\jim\Desktop\FRST.txt
2017-09-11 07:07 - 2017-09-11 07:07 - 000000000 ____D C:\Users\jim\Desktop\FRST-OlderVersion
2017-09-11 07:06 - 2017-09-11 07:06 - 000001390 _____ C:\Users\Public\Desktop\VMware Shared Folders.lnk
2017-09-11 07:03 - 2017-09-11 07:03 - 000000000 ____D C:\Users\jim\Desktop\xx
2017-09-09 09:58 - 2017-09-11 07:07 - 000000000 ____D C:\Users\jim\AppData\Roaming\Skype
2017-09-09 09:58 - 2017-09-09 10:44 - 000000000 ____D C:\ProgramData\Skype
2017-09-09 09:58 - 2017-09-09 09:58 - 000002713 _____ C:\Users\Public\Desktop\Skype.lnk
2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ____D C:\Users\jim\AppData\Local\Skype
2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-09-09 09:31 - 2017-09-09 09:31 - 000000457 _____ C:\Users\jim\Desktop\Shared Folders (vmware-host) (Z) - Shortcut.lnk
2017-09-05 11:04 - 2017-09-05 11:04 - 000000000 ____D C:\Users\jim\AppData\Local\Apps\2.0
2017-09-01 19:49 - 2017-09-01 19:49 - 000287520 _____ C:\Windows\Minidump\090117-7765-01.dmp
2017-09-01 19:46 - 2017-09-01 19:46 - 000287520 _____ C:\Windows\Minidump\090117-22093-01.dmp
2017-09-01 19:46 - 2017-09-01 19:46 - 000000000 ____D C:\Windows\Minidump
2017-09-01 11:09 - 2017-09-11 07:08 - 000000000 ____D C:\FRST
2017-09-01 11:07 - 2017-09-11 07:07 - 002396672 _____ (Farbar) C:\Users\jim\Desktop\FRST64.exe
2017-08-13 09:17 - 2017-08-13 09:17 - 002884096 _____ (niemiro) C:\Users\jim\Desktop\SFCFix.exe


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2017-09-11 07:06 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Registration
2017-09-11 07:06 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-11 07:03 - 2014-02-09 13:30 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-11 07:03 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
2017-09-09 10:11 - 2014-02-09 13:31 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4156085387-2423536872-2889286598-1001
2017-09-05 18:36 - 2017-07-16 16:55 - 000000000 ____D C:\SFCFix
2017-09-05 18:36 - 2017-07-16 16:20 - 000000000 ____D C:\Users\jim\AppData\Local\niemiro
2017-09-05 13:24 - 2014-05-09 12:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-09-05 10:07 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
2017-09-05 07:38 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-09-05 07:36 - 2014-03-17 22:26 - 000000000 ____D C:\Users\jim\Desktop\save
2017-09-01 19:49 - 2014-03-17 13:54 - 000000000 ____D C:\Users\cyg_server
2017-09-01 19:49 - 2014-02-09 13:20 - 000000000 ____D C:\Users\jim
2017-08-28 22:26 - 2014-02-09 13:35 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-22 19:30 - 2017-04-02 15:19 - 010716210 _____ C:\Users\jim\Desktop\Windows8.1-KB2919442-x64.msu
2017-08-17 09:35 - 2014-02-09 17:41 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-08-13 09:48 - 2014-02-09 17:42 - 000000000 ____D C:\Windows\system32\MRT
2017-08-13 09:46 - 2014-02-09 17:42 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-08-13 09:24 - 2015-02-06 19:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-08-13 09:23 - 2015-11-28 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-08-13 09:23 - 2014-03-17 12:44 - 000000000 ____D C:\ProgramData\Oracle
2017-08-13 09:23 - 2014-03-17 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-08-13 09:23 - 2014-03-17 12:43 - 000000000 ____D C:\Program Files\Java
2017-08-13 09:22 - 2015-11-28 20:02 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll


Some files in TEMP:
====================
2017-09-09 11:32 - 2017-09-11 07:07 - 001620992 _____ (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\Users\jim\AppData\Local\Temp\PROCEXP64.exe


==================== Bamital & volsnap ======================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2017-09-09 09:43


==================== End of FRST.txt ============================


==================== Begin of Addition.txt ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
Ran by jim (11-09-2017 07:08:59)
Running from C:\Users\jim\Desktop
Windows 8.1 Pro (Update) (X64) (2014-02-09 20:20:29)
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-4156085387-2423536872-2889286598-500 - Administrator - Disabled)
cyg_server (S-1-5-21-4156085387-2423536872-2889286598-1003 - Administrator - Enabled) => C:\Users\cyg_server
Guest (S-1-5-21-4156085387-2423536872-2889286598-501 - Limited - Disabled)
jim (S-1-5-21-4156085387-2423536872-2889286598-1001 - Administrator - Enabled) => C:\Users\jim
sshd (S-1-5-21-4156085387-2423536872-2889286598-1002 - Limited - Disabled)


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.10.9 - Intuit)
Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.2.7 - Quicken)
Skypeâ„¢ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
VMware Tools (HKLM\...\{D2236796-832D-4E8C-A337-0C6EEB8ACB27}) (Version: 10.1.6.5214329 - VMware, Inc.)
VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.29542 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {2C4403FF-C76C-4B84-8235-DF5F1926BD22} - System32\Tasks\{F8CAD4C1-19CB-4036-AF34-E0854A183087} => C:\Windows\system32\pcalua.exe -a "C:\Users\jim\Downloads\VMware-viclient-all-5.0.0-623373 (1).exe" -d C:\Users\jim\Downloads
Task: {328C4D63-77D7-4E0B-9069-1791B4824B3B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {34F6E3B4-F13D-495F-8DE0-8B350595050A} - System32\Tasks\Process Explorer-JIMWIN81-jim => C:\CYGWIN64\HOME\JIM\DOTFILES\BIN\PROCEXP.EXE [2014-03-17] (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs)
Task: {796311BE-0AE5-4E3A-B762-FA200D4379D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {7BE7674A-0A35-4007-8CB6-37599535DE0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {83922393-9B46-4CE5-AC3C-A4CED05A60A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C62730DF-A919-41E7-9787-43D7C3C95AAD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D9A11151-AFE5-458A-9B6F-20948476F1FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {EB430ABB-9BC9-4312-A521-A66F93B3A700} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {ED07D572-1061-438A-B699-E9D5C5646179} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




==================== Shortcuts & WMI ========================


(The entries could be listed to be restored or removed.)




==================== Loaded Modules (Whitelisted) ==============


2014-02-15 13:19 - 2013-10-30 13:39 - 000185875 _____ () C:\cygwin64\bin\cygrunsrv.exe
2017-03-17 07:36 - 2017-03-17 07:36 - 000268288 _____ () C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll
2014-02-15 13:19 - 2014-01-30 05:00 - 000673299 _____ () C:\cygwin64\usr\sbin\sshd.exe
2014-02-15 12:40 - 2014-01-29 02:26 - 000068115 _____ () C:\cygwin64\bin\cyggcc_s-seh-1.dll
2014-02-15 13:19 - 2014-01-29 02:27 - 000010771 _____ () C:\cygwin64\bin\cygssp-0.dll
2014-02-15 13:19 - 2013-03-07 02:29 - 000009235 _____ () C:\cygwin64\bin\cygcrypt-0.dll
2014-02-15 13:19 - 2013-06-22 22:43 - 002300485 _____ () C:\cygwin64\bin\cyggssapi-3.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000163264 _____ () C:\cygwin64\bin\cygkafs-0.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 003365979 _____ () C:\cygwin64\bin\cygkrb5-26.dll
2014-02-15 13:19 - 2013-11-15 12:58 - 000030227 _____ () C:\cygwin64\bin\cygwrap-0.dll
2014-02-15 12:40 - 2013-05-09 14:21 - 000080915 _____ () C:\cygwin64\bin\cygz.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000137857 _____ () C:\cygwin64\bin\cygheimntlm-0.dll
2014-02-15 13:19 - 2013-03-10 22:21 - 000012307 _____ () C:\cygwin64\bin\cygcom_err-2.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000103241 _____ () C:\cygwin64\bin\cygheimbase-1.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 002629600 _____ () C:\cygwin64\bin\cygasn1-8.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000434020 _____ () C:\cygwin64\bin\cygroken-18.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 000281302 _____ () C:\cygwin64\bin\cygwind-0.dll
2014-02-15 13:19 - 2013-06-22 22:42 - 001445805 _____ () C:\cygwin64\bin\cyghx509-5.dll
2014-02-15 13:19 - 2014-03-11 13:06 - 000737811 _____ () C:\cygwin64\bin\cygsqlite3-0.dll
2017-03-17 07:56 - 2017-03-17 07:56 - 000284136 _____ () C:\Program Files\VMware\VMware Tools\pcre.dll
2017-03-17 07:25 - 2017-03-17 07:25 - 000060928 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe
2017-03-17 07:36 - 2017-03-17 07:36 - 002539008 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\Framework.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000268288 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\pcre.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000731648 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\MaIntegrationSubsys.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000111616 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CafIntegrationSubsys.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000471040 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\IntegrationSubsys.dll
2017-03-17 07:36 - 2017-03-17 07:36 - 000097792 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\VgAuthIntegrationSubsys.dll
2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)




==================== Safe Mode (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




==================== Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)




==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts




==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 172.16.247.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.


==================== MSCONFIG/TASK MANAGER disabled items ==




==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [{875D1C1B-1096-4C23-A44F-14B22806028C}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
FirewallRules: [{7C049BF3-D827-4B59-BE5E-752CF9E23F67}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
FirewallRules: [{55864CD2-25AC-4580-92ED-A9E95A7AAF4A}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
FirewallRules: [{E0C64453-B0D3-4C07-B72A-720810B9C15D}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
FirewallRules: [TCP Query User{D2004B2F-84E7-4D8D-8FB4-E4BDBD44F5D5}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{1E31FFCB-C6F5-4127-B895-48F2F08F3B96}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
FirewallRules: [{29F5CE55-9E21-4602-A4AC-959B9EB50520}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{6BDFB4A8-7041-41C4-8FB2-28448139B1B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{0CBB445D-D843-4C93-9827-B89FB73431DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{6BB3ED68-D75B-4B09-BECF-FFB0ADC28126}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [TCP Query User{E0AFC178-3575-47B0-B03E-9F1E2B6E0773}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{26D2C6C8-77B6-422D-8083-01968D74E330}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{71E9CAD3-451D-4000-8840-1D5F9344696F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{F9B406D5-438B-4961-8030-5B0E237F575F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{2808C497-8D6A-4F08-86D8-777DF233F237}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [UDP Query User{3CFF1664-B781-4DF5-B8E2-07E002AB08B2}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
FirewallRules: [TCP Query User{912D2D64-8947-4A35-9E47-12213F14F90F}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [UDP Query User{1D1BCBAC-44E5-470E-BDE8-4E4F46BF8E67}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
FirewallRules: [TCP Query User{6ED95EC6-D0AA-466E-AADF-E8C9EDB5E943}C:\programdata\oracle\java\javapath_target_581421\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_581421\javaw.exe
FirewallRules: [UDP Query User{F492AEBB-A548-4180-8B67-1D6707FC3C9C}C:\programdata\oracle\java\javapath_target_581421\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_581421\javaw.exe
FirewallRules: [{2A516657-BC0B-46CE-BFF0-25F2D88F3078}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B7C3F9A0-1456-4B4E-AC84-08A3E442AD96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe


==================== Restore Points =========================


28-08-2017 22:43:00 Windows Update
01-09-2017 07:56:26 Windows Update
01-09-2017 19:45:15 Restore Point Created by FRST
01-09-2017 19:47:59 Restore Point Created by FRST
01-09-2017 19:55:59 Restore Point Created by FRST
04-09-2017 08:11:24 Restore Point Created by FRST
09-09-2017 09:39:12 Windows Update
09-09-2017 10:05:00 Removed Skypeâ„¢ 7.3
09-09-2017 10:44:18 Removed Skypeâ„¢ 7.3


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (09/11/2017 07:07:03 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/11/2017 07:01:49 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/11/2017 07:01:38 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/10/2017 08:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gvim.exe, version: 0.0.0.0, time stamp: 0x5304da99
Faulting module name: cyggdk-x11-2.0-0.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000135
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xfc4
Faulting application start time: 0x01d32a4d58a65fbb
Faulting application path: C:\cygwin64\bin\gvim.exe
Faulting module path: cyggdk-x11-2.0-0.dll
Report Id: 9767cc46-9640-11e7-8399-000c2916e29d
Faulting package full name:
Faulting package-relative application ID:


Error: (09/10/2017 08:52:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/09/2017 11:19:45 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


Error: (09/09/2017 11:09:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: gvim.exe, version: 0.0.0.0, time stamp: 0x5304da99
Faulting module name: cyggdk-x11-2.0-0.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
Exception code: 0xc0000135
Fault offset: 0x00000000000ecdd0
Faulting process id: 0xb14
Faulting application start time: 0x01d32996bbfca75c
Faulting application path: C:\cygwin64\bin\gvim.exe
Faulting module path: cyggdk-x11-2.0-0.dll
Report Id: fabefa33-9589-11e7-8395-000c2916e29d
Faulting package full name:
Faulting package-relative application ID:


Error: (09/09/2017 10:44:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
Description: Product: Skypeâ„¢ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,


Error: (09/09/2017 10:44:27 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
Description: Product: Skypeâ„¢ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,


Error: (09/09/2017 10:05:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
Description: Product: Skypeâ„¢ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,




System errors:
=============
Error: (09/10/2017 08:50:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error:
The service has not been started.


Error: (09/10/2017 04:45:51 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


Error: (09/10/2017 04:45:20 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


Error: (09/09/2017 11:27:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


Error: (09/09/2017 11:11:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


Error: (09/09/2017 10:47:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


Error: (09/09/2017 10:47:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware Snapshot Provider service terminated unexpectedly. It has done this 1 time(s).


Error: (09/09/2017 09:44:42 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


Error: (09/09/2017 09:44:12 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


Error: (09/06/2017 06:29:49 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.




CodeIntegrity:
===================================
Date: 2017-09-10 04:45:22.385
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-09 09:44:46.514
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-06 06:29:21.455
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-05 10:08:59.102
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-05 07:49:55.491
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-04 08:34:16.765
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-09-01 07:48:24.893
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-08-31 13:47:03.155
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-08-28 22:53:09.168
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


Date: 2017-08-22 21:04:39.634
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.




==================== Memory info ===========================


Processor: Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
Percentage of memory in use: 28%
Total physical RAM: 4239.49 MB
Available physical RAM: 3024.1 MB
Total Virtual: 8591.49 MB
Available Virtual: 7580.61 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:90 GB) (Free:26.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (IRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.63 GB) (Free:0 GB) UDF


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 90 GB) (Disk ID: DA6E7EB8)
Partition 1: (Active) - (Size=90 GB) - (Type=07 NTFS)


==================== End of Addition.txt ============================
 
FRST Registry Search
 1. Click your Start button and choose Control Panel.
2. In the upper right corner ensure the View by: is set to Category.
3. Select the Programs group.
4. Click the Turn Windows features on or off link. This will bring up the Windows Features dialog. Wait until this dialog populates with information.
Note: This loads your components hive which is what we want. Please keep this dialog open while you perform the remaining steps.
5. Please download Farbar Recovery Scan Tool and save it to your Desktop. You can use the one you already downloaded.
Note: You need to run the 64-bit Version so please ensure you download that one.
6. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
7. Copy and paste SkyDrive;OneDrive into the Search box and click the Search Registry button.
8. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
saved on your desktop named Search.txt.
9. You may close any remaining open windows now.
 
1. Go to Add/Remove programs and select Microsoft Office Professional Plus 2013
2. Choose Change/Modify
3. Choose Add or Remove Features
4. Select the Microsoft OneDrive for Business drop-down box and select Not Available
5. Click the Continue button to remove it.
 
The "OneDrive for Business" was already with a red X and Not Available.

I did see "Microsoft SharePoint Foundation Support" which I don't need to turned that off. But it may be unrelated.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top