Page 4 of 5 First 12345 Last
  1. #61
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    7,399
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1709 x64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    Step#1 - Windows Module Installer
    Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.





    1. Click your start button and type services.msc in the search box. Click on the services.msc program that shows up.
    2. Scroll down until you see Windows Modules Installer
    3. Right click it and click properties
    4. Change startup type to Automatic
    5. Reboot the computer and try Windows Update again





    Only do Step#2 below if Step#1 doesn't work.

    Step#2 - FRST Fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
    2. Download attached file and save it to the Desktop.
    Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
    3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
    4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
    Attached Files Attached Files


    • Ad Bot

      advertising
      Beep.

        
       

  2. #62

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    I did step 1 but it didn't resolve so I went on to step 2 with output below.

    I took a snapshot after the reboot to be able to revert and then performed the check-for-updates and install-updates actions which presented the three updates again.

    I can restore to the snapshot (or others as appropriate) if that was not the correct next action.


    ====

    Fix result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
    Ran by jim (09-09-2017 10:47:34) Run:5
    Running from C:\Users\jim\Desktop
    Loaded Profiles: jim & cyg_server (Available Profiles: jim & cyg_server)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    cmd: sc config trustedinstaller start=auto
    cmd: net start trustedinstaller
    cmd: fsutil resource setautoreset true %SystemDrive%\
    cmd: attrib -r -s -h %SystemRoot%\System32\Config\TxR\*
    cmd: echo y | del %SystemRoot%\System32\Config\TxR\*
    cmd: attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\*
    cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm*
    cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf
    cmd: echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms
    EmptyTemp:
    *****************




    ========= sc config trustedinstaller start=auto =========


    [SC] ChangeServiceConfig SUCCESS


    ========= End of CMD: =========




    ========= net start trustedinstaller =========


    The requested service has already been started.


    More help is available by typing NET HELPMSG 2182.




    ========= End of CMD: =========




    ========= fsutil resource setautoreset true %SystemDrive%\ =========


    The operation completed successfully.


    ========= End of CMD: =========




    ========= attrib -r -s -h %SystemRoot%\System32\Config\TxR\* =========




    ========= End of CMD: =========




    ========= echo y | del %SystemRoot%\System32\Config\TxR\* =========


    C:\Windows\System32\Config\TxR\*, Are you sure (Y/N)? y
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.0.regtrans-ms
    The process cannot access the file because it is being used by another process.
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.1.regtrans-ms
    The process cannot access the file because it is being used by another process.
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.2.regtrans-ms
    The process cannot access the file because it is being used by another process.
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.blf
    The process cannot access the file because it is being used by another process.
    C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TM.blf
    The process cannot access the file because it is being used by another process.
    C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
    The process cannot access the file because it is being used by another process.
    C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
    The process cannot access the file because it is being used by another process.


    ========= End of CMD: =========




    ========= attrib -r -s -h %SystemRoot%\System32\SMI\Store\Machine\* =========




    ========= End of CMD: =========




    ========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.tm* =========




    ========= End of CMD: =========




    ========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.blf =========


    Could Not Find C:\Windows\System32\SMI\Store\Machine\*.blf


    ========= End of CMD: =========




    ========= echo y | del %SystemRoot%\System32\SMI\Store\Machine\*.regtrans-ms =========


    Could Not Find C:\Windows\System32\SMI\Store\Machine\*.regtrans-ms


    ========= End of CMD: =========




    =========== EmptyTemp: ==========


    BITS transfer queue => 8388608 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14252557 B
    Java, Flash, Steam htmlcache => 783 B
    Windows/system/drivers => 12141331268 B
    Edge => 0 B
    Chrome => 29167240 B
    Firefox => 0 B
    Opera => 0 B


    Temp, IE cache, history, cookies, recent:
    Default => 0 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 128 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 288560 B
    jim => 14226593 B
    cyg_server => 0 B


    RecycleBin => 0 B
    EmptyTemp: => 11.4 GB temporary data Removed.


    ================================




    The system needed a reboot.


    ==== End of Fixlog 10:47:44 ====

  3. #63
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    7,399
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1709 x64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    FRST Fix
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
    2. Download attached file and save it to the Desktop.
    Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
    3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
    4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.
    Attached Files Attached Files

  4. #64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    Here is the output:

    ====

    Fix result of Farbar Recovery Scan Tool (x64) Version: 08-09-2017
    Ran by jim (10-09-2017 08:53:34) Run:8
    Running from C:\Users\jim\Desktop
    Loaded Profiles: jim & cyg_server (Available Profiles: jim & cyg_server)
    Boot Mode: Normal
    ==============================================


    fixlist content:
    *****************
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.0.regtrans-ms
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.1.regtrans-ms
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.2.regtrans-ms
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.blf
    C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TM.blf
    C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
    C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
    *****************


    Could not move "C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.0.regtrans-ms" => Scheduled to move on reboot.
    Could not move "C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.1.regtrans-ms" => Scheduled to move on reboot.
    Could not move "C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.2.regtrans-ms" => Scheduled to move on reboot.
    Could not move "C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.blf" => Scheduled to move on reboot.
    Could not move "C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TM.blf" => Scheduled to move on reboot.
    Could not move "C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms" => Scheduled to move on reboot.
    Could not move "C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms" => Scheduled to move on reboot.


    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-09-2017 08:54:23)


    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.0.regtrans-ms => Is moved successfully
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.1.regtrans-ms => Is moved successfully
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.2.regtrans-ms => Is moved successfully
    C:\Windows\System32\Config\TxR\{52080327-8f89-11e7-837d-806e6f6e6963}.TxR.blf => Is moved successfully
    "C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TM.blf" => Could not move
    "C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms" => Could not move
    "C:\Windows\System32\Config\TxR\{52080328-8f89-11e7-837d-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms" => Could not move


    ==== End of Fixlog 08:54:23 ====

  5. #65
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    7,399
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1709 x64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    Please reboot and check if all three updates are still shown.

  6. #66

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    Yes.

  7. #67

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    I then did a "check-for-updates" which listed all three (plus defender). I then continued the installs which said "Failed 3 updates. Failed with error code 80246013".
    I then did the install again which claimed to succeed for the three. I then did a "check-for-updates" which still listed all three plus a defender.

    Remember, I can revert to previous states if that wasn't desirable including the "just after the last FRST64 run".

  8. #68
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    7,399
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1709 x64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    Hello again,
    do you use OneDrive? If not, could you please uninstall it?

  9. #69

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    When I search applications it doesn't show OneDrive.

    If you are referring to restoring to a snapshot it refers to using the feature of VMware fusion to restore the virtual disk for the virtual machine.

  10. #70
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    7,399
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1709 x64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    FRST Scan
    1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
    2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
    3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
    4. Press Scan button.
    5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
    6. Please copy and paste log back here.
    7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

  11. #71

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    ==================== Begin of FRST.txt ============================
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
    Ran by jim (administrator) on JIMWIN81 (11-09-2017 07:08:22)
    Running from C:\Users\jim\Desktop
    Loaded Profiles: jim & cyg_server (Available Profiles: jim & cyg_server)
    Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
    () C:\cygwin64\bin\cygrunsrv.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe
    () C:\cygwin64\usr\sbin\sshd.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
    () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (ThinPrint GmbH) C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
    (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\cygwin64\home\jim\dotfiles\bin\procexp.exe
    (ThinPrint GmbH) C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
    (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\Users\jim\AppData\Local\Temp\PROCEXP64.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


    ==================== Registry (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [82920 2017-03-17] (VMware, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
    IFEO\taskmgr.exe: [Debugger] "C:\CYGWIN64\HOME\JIM\DOTFILES\BIN\PROCEXP.EXE"


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Tcpip\Parameters: [DhcpNameServer] 172.16.247.2
    Tcpip\..\Interfaces\{E0C50694-CF39-42E6-8B7A-1D78F3B50F76}: [DhcpNameServer] 172.16.247.2


    Internet Explorer:
    ==================
    HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    URLSearchHook: [S-1-5-21-4156085387-2423536872-2889286598-1003] ATTENTION => Default URLSearchHook is missing
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-13] (Oracle Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-13] (Oracle Corporation)


    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-13] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-13] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
    FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [2012-01-28] (VMware, Inc.)
    FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)


    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR DefaultSearchKeyword: Default -> t
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
    CHR Extension: (Google Translate) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-14]
    CHR Extension: (Restlet Client - REST API Testing) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2017-09-05]
    CHR Extension: (Google Docs) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
    CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-16]
    CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
    CHR Extension: (Google Cast) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-04-02]
    CHR Extension: (Adblock Plus) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-05]
    CHR Extension: (JSONView) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2017-01-14]
    CHR Extension: (REST Console) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2014-02-09]
    CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-16]
    CHR Extension: (Vimium) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepggeogbaibhgnhhndojpepiihcmeb [2017-09-05]
    CHR Extension: (Netflix) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2016-04-16]
    CHR Extension: (Google Tasks (by Google)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2017-09-05]
    CHR Extension: (Chromebleed) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-12-13]
    CHR Extension: (Postman - REST Client) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2016-04-24]
    CHR Extension: (EditThisCookie) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-10-29]
    CHR Extension: (FoxyProxy Standard) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-02-06]
    CHR Extension: (Google Docs Offline) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-14]
    CHR Extension: (TweetDeck by Twitter) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-01-14]
    CHR Extension: (Advanced REST client) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2017-03-22]
    CHR Extension: (Tabs to the front!) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2014-02-09]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-06-01]
    CHR Extension: (AngularJS Batarang) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk [2017-09-05]
    CHR Extension: (Subnet Mask Calculator) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgifbmejejpcgfiocalppfbifcaanaan [2014-02-09]
    CHR Extension: (Flashcontrol) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-03-22]
    CHR Extension: (Google Play Books) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-01-14]
    CHR Extension: (Google Hangouts) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-09-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-05]
    CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-16]
    CHR Extension: (Chrome Media Router) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-05]


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S3 ALG; C:\Windows\System32\alg.exe [96768 2014-10-28] (Microsoft Corporation)
    S3 Fax; C:\Windows\system32\fxssvc.exe [658944 2014-10-28] (Microsoft Corporation)
    S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-10-30] (Microsoft Corporation)
    R3 MSDTC; C:\Windows\System32\msdtc.exe [144384 2014-10-28] (Microsoft Corporation)
    S3 msiserver; C:\Windows\System32\msiexec.exe [65024 2016-05-05] (Microsoft Corporation)
    S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [59904 2016-05-05] (Microsoft Corporation)
    S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2014-10-28] (Microsoft Corporation)
    R2 SamSs; C:\Windows\system32\lsass.exe [47024 2014-10-28] (Microsoft Corporation)
    S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2014-10-28] (Microsoft Corporation)
    R2 Spooler; C:\Windows\System32\spoolsv.exe [827392 2014-11-03] (Microsoft Corporation)
    R2 sppsvc; C:\Windows\system32\sppsvc.exe [6521800 2016-06-10] (Microsoft Corporation)
    R2 sshd; C:\cygwin64\bin\cygrunsrv.exe [185875 2013-10-30] () [File not signed]
    S3 TPVCGateway; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2498744 2017-03-17] (Cortado AG)
    S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [41984 2014-10-28] (Microsoft Corporation)
    S3 vds; C:\Windows\System32\vds.exe [1313792 2014-10-28] (Microsoft Corporation)
    R2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [163840 2017-03-17] (VMware, Inc.) [File not signed]
    R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [540136 2017-03-17] (VMware, Inc.)
    S3 VMwareCAFCommAmqpListener; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe [67584 2017-03-17] () [File not signed]
    R2 VMwareCAFManagementAgentHost; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe [60928 2017-03-17] () [File not signed]
    R3 VSS; C:\Windows\system32\vssvc.exe [1455104 2016-02-05] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    R2 WSearch; C:\Windows\system32\SearchIndexer.exe [903168 2015-03-31] (Microsoft Corporation)
    R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [710144 2015-03-31] (Microsoft Corporation)


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 VMMemCtl; C:\Windows\system32\DRIVERS\vmmemctl.sys [51768 2017-02-11] (VMware, Inc.)
    R1 VMRawDsk; C:\Windows\system32\DRIVERS\vmrawdsk.sys [74304 2017-02-11] (VMware, Inc.)
    R3 vmusbmouse; C:\Windows\System32\drivers\vmusbmouse.sys [35904 2017-02-11] (VMware, Inc.)
    R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-02-11] (VMware, Inc.)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-09-11 07:08 - 2017-09-11 07:08 - 000014008 _____ C:\Users\jim\Desktop\FRST.txt
    2017-09-11 07:07 - 2017-09-11 07:07 - 000000000 ____D C:\Users\jim\Desktop\FRST-OlderVersion
    2017-09-11 07:06 - 2017-09-11 07:06 - 000001390 _____ C:\Users\Public\Desktop\VMware Shared Folders.lnk
    2017-09-11 07:03 - 2017-09-11 07:03 - 000000000 ____D C:\Users\jim\Desktop\xx
    2017-09-09 09:58 - 2017-09-11 07:07 - 000000000 ____D C:\Users\jim\AppData\Roaming\Skype
    2017-09-09 09:58 - 2017-09-09 10:44 - 000000000 ____D C:\ProgramData\Skype
    2017-09-09 09:58 - 2017-09-09 09:58 - 000002713 _____ C:\Users\Public\Desktop\Skype.lnk
    2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ___RD C:\Program Files (x86)\Skype
    2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ____D C:\Users\jim\AppData\Local\Skype
    2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-09-09 09:31 - 2017-09-09 09:31 - 000000457 _____ C:\Users\jim\Desktop\Shared Folders (vmware-host) (Z) - Shortcut.lnk
    2017-09-05 11:04 - 2017-09-05 11:04 - 000000000 ____D C:\Users\jim\AppData\Local\Apps\2.0
    2017-09-01 19:49 - 2017-09-01 19:49 - 000287520 _____ C:\Windows\Minidump\090117-7765-01.dmp
    2017-09-01 19:46 - 2017-09-01 19:46 - 000287520 _____ C:\Windows\Minidump\090117-22093-01.dmp
    2017-09-01 19:46 - 2017-09-01 19:46 - 000000000 ____D C:\Windows\Minidump
    2017-09-01 11:09 - 2017-09-11 07:08 - 000000000 ____D C:\FRST
    2017-09-01 11:07 - 2017-09-11 07:07 - 002396672 _____ (Farbar) C:\Users\jim\Desktop\FRST64.exe
    2017-08-13 09:17 - 2017-08-13 09:17 - 002884096 _____ (niemiro) C:\Users\jim\Desktop\SFCFix.exe


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-09-11 07:06 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Registration
    2017-09-11 07:06 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-11 07:03 - 2014-02-09 13:30 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-09-11 07:03 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
    2017-09-09 10:11 - 2014-02-09 13:31 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4156085387-2423536872-2889286598-1001
    2017-09-05 18:36 - 2017-07-16 16:55 - 000000000 ____D C:\SFCFix
    2017-09-05 18:36 - 2017-07-16 16:20 - 000000000 ____D C:\Users\jim\AppData\Local\niemiro
    2017-09-05 13:24 - 2014-05-09 12:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2017-09-05 10:07 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
    2017-09-05 07:38 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\BBI
    2017-09-05 07:36 - 2014-03-17 22:26 - 000000000 ____D C:\Users\jim\Desktop\save
    2017-09-01 19:49 - 2014-03-17 13:54 - 000000000 ____D C:\Users\cyg_server
    2017-09-01 19:49 - 2014-02-09 13:20 - 000000000 ____D C:\Users\jim
    2017-08-28 22:26 - 2014-02-09 13:35 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-22 19:30 - 2017-04-02 15:19 - 010716210 _____ C:\Users\jim\Desktop\Windows8.1-KB2919442-x64.msu
    2017-08-17 09:35 - 2014-02-09 17:41 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2017-08-13 09:48 - 2014-02-09 17:42 - 000000000 ____D C:\Windows\system32\MRT
    2017-08-13 09:46 - 2014-02-09 17:42 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-08-13 09:24 - 2015-02-06 19:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-08-13 09:23 - 2015-11-28 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-08-13 09:23 - 2014-03-17 12:44 - 000000000 ____D C:\ProgramData\Oracle
    2017-08-13 09:23 - 2014-03-17 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    2017-08-13 09:23 - 2014-03-17 12:43 - 000000000 ____D C:\Program Files\Java
    2017-08-13 09:22 - 2015-11-28 20:02 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll


    Some files in TEMP:
    ====================
    2017-09-09 11:32 - 2017-09-11 07:07 - 001620992 _____ (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\Users\jim\AppData\Local\Temp\PROCEXP64.exe


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2017-09-09 09:43


    ==================== End of FRST.txt ============================


    ==================== Begin of Addition.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
    Ran by jim (11-09-2017 07:08:59)
    Running from C:\Users\jim\Desktop
    Windows 8.1 Pro (Update) (X64) (2014-02-09 20:20:29)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-4156085387-2423536872-2889286598-500 - Administrator - Disabled)
    cyg_server (S-1-5-21-4156085387-2423536872-2889286598-1003 - Administrator - Enabled) => C:\Users\cyg_server
    Guest (S-1-5-21-4156085387-2423536872-2889286598-501 - Limited - Disabled)
    jim (S-1-5-21-4156085387-2423536872-2889286598-1001 - Administrator - Enabled) => C:\Users\jim
    sshd (S-1-5-21-4156085387-2423536872-2889286598-1002 - Limited - Disabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
    Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
    Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.10.9 - Intuit)
    Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.2.7 - Quicken)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
    VMware Tools (HKLM\...\{D2236796-832D-4E8C-A337-0C6EEB8ACB27}) (Version: 10.1.6.5214329 - VMware, Inc.)
    VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.29542 - VMware, Inc.)
    VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {2C4403FF-C76C-4B84-8235-DF5F1926BD22} - System32\Tasks\{F8CAD4C1-19CB-4036-AF34-E0854A183087} => C:\Windows\system32\pcalua.exe -a "C:\Users\jim\Downloads\VMware-viclient-all-5.0.0-623373 (1).exe" -d C:\Users\jim\Downloads
    Task: {328C4D63-77D7-4E0B-9069-1791B4824B3B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
    Task: {34F6E3B4-F13D-495F-8DE0-8B350595050A} - System32\Tasks\Process Explorer-JIMWIN81-jim => C:\CYGWIN64\HOME\JIM\DOTFILES\BIN\PROCEXP.EXE [2014-03-17] (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs)
    Task: {796311BE-0AE5-4E3A-B762-FA200D4379D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {7BE7674A-0A35-4007-8CB6-37599535DE0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
    Task: {83922393-9B46-4CE5-AC3C-A4CED05A60A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {C62730DF-A919-41E7-9787-43D7C3C95AAD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D9A11151-AFE5-458A-9B6F-20948476F1FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
    Task: {EB430ABB-9BC9-4312-A521-A66F93B3A700} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {ED07D572-1061-438A-B699-E9D5C5646179} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




    ==================== Shortcuts & WMI ========================


    (The entries could be listed to be restored or removed.)




    ==================== Loaded Modules (Whitelisted) ==============


    2014-02-15 13:19 - 2013-10-30 13:39 - 000185875 _____ () C:\cygwin64\bin\cygrunsrv.exe
    2017-03-17 07:36 - 2017-03-17 07:36 - 000268288 _____ () C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll
    2014-02-15 13:19 - 2014-01-30 05:00 - 000673299 _____ () C:\cygwin64\usr\sbin\sshd.exe
    2014-02-15 12:40 - 2014-01-29 02:26 - 000068115 _____ () C:\cygwin64\bin\cyggcc_s-seh-1.dll
    2014-02-15 13:19 - 2014-01-29 02:27 - 000010771 _____ () C:\cygwin64\bin\cygssp-0.dll
    2014-02-15 13:19 - 2013-03-07 02:29 - 000009235 _____ () C:\cygwin64\bin\cygcrypt-0.dll
    2014-02-15 13:19 - 2013-06-22 22:43 - 002300485 _____ () C:\cygwin64\bin\cyggssapi-3.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000163264 _____ () C:\cygwin64\bin\cygkafs-0.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 003365979 _____ () C:\cygwin64\bin\cygkrb5-26.dll
    2014-02-15 13:19 - 2013-11-15 12:58 - 000030227 _____ () C:\cygwin64\bin\cygwrap-0.dll
    2014-02-15 12:40 - 2013-05-09 14:21 - 000080915 _____ () C:\cygwin64\bin\cygz.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000137857 _____ () C:\cygwin64\bin\cygheimntlm-0.dll
    2014-02-15 13:19 - 2013-03-10 22:21 - 000012307 _____ () C:\cygwin64\bin\cygcom_err-2.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000103241 _____ () C:\cygwin64\bin\cygheimbase-1.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 002629600 _____ () C:\cygwin64\bin\cygasn1-8.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000434020 _____ () C:\cygwin64\bin\cygroken-18.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000281302 _____ () C:\cygwin64\bin\cygwind-0.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 001445805 _____ () C:\cygwin64\bin\cyghx509-5.dll
    2014-02-15 13:19 - 2014-03-11 13:06 - 000737811 _____ () C:\cygwin64\bin\cygsqlite3-0.dll
    2017-03-17 07:56 - 2017-03-17 07:56 - 000284136 _____ () C:\Program Files\VMware\VMware Tools\pcre.dll
    2017-03-17 07:25 - 2017-03-17 07:25 - 000060928 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe
    2017-03-17 07:36 - 2017-03-17 07:36 - 002539008 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\Framework.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000268288 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\pcre.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000731648 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\MaIntegrationSubsys.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000111616 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CafIntegrationSubsys.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000471040 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\IntegrationSubsys.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000097792 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\VgAuthIntegrationSubsys.dll
    2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)




    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts




    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 172.16.247.2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==




    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [{875D1C1B-1096-4C23-A44F-14B22806028C}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
    FirewallRules: [{7C049BF3-D827-4B59-BE5E-752CF9E23F67}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
    FirewallRules: [{55864CD2-25AC-4580-92ED-A9E95A7AAF4A}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
    FirewallRules: [{E0C64453-B0D3-4C07-B72A-720810B9C15D}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
    FirewallRules: [TCP Query User{D2004B2F-84E7-4D8D-8FB4-E4BDBD44F5D5}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
    FirewallRules: [UDP Query User{1E31FFCB-C6F5-4127-B895-48F2F08F3B96}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
    FirewallRules: [{29F5CE55-9E21-4602-A4AC-959B9EB50520}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{6BDFB4A8-7041-41C4-8FB2-28448139B1B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{0CBB445D-D843-4C93-9827-B89FB73431DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [{6BB3ED68-D75B-4B09-BECF-FFB0ADC28126}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [TCP Query User{E0AFC178-3575-47B0-B03E-9F1E2B6E0773}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
    FirewallRules: [UDP Query User{26D2C6C8-77B6-422D-8083-01968D74E330}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
    FirewallRules: [TCP Query User{71E9CAD3-451D-4000-8840-1D5F9344696F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
    FirewallRules: [UDP Query User{F9B406D5-438B-4961-8030-5B0E237F575F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
    FirewallRules: [TCP Query User{2808C497-8D6A-4F08-86D8-777DF233F237}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
    FirewallRules: [UDP Query User{3CFF1664-B781-4DF5-B8E2-07E002AB08B2}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
    FirewallRules: [TCP Query User{912D2D64-8947-4A35-9E47-12213F14F90F}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
    FirewallRules: [UDP Query User{1D1BCBAC-44E5-470E-BDE8-4E4F46BF8E67}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
    FirewallRules: [TCP Query User{6ED95EC6-D0AA-466E-AADF-E8C9EDB5E943}C:\programdata\oracle\java\javapath_target_581421\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_581421\javaw.exe
    FirewallRules: [UDP Query User{F492AEBB-A548-4180-8B67-1D6707FC3C9C}C:\programdata\oracle\java\javapath_target_581421\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_581421\javaw.exe
    FirewallRules: [{2A516657-BC0B-46CE-BFF0-25F2D88F3078}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{B7C3F9A0-1456-4B4E-AC84-08A3E442AD96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe


    ==================== Restore Points =========================


    28-08-2017 22:43:00 Windows Update
    01-09-2017 07:56:26 Windows Update
    01-09-2017 19:45:15 Restore Point Created by FRST
    01-09-2017 19:47:59 Restore Point Created by FRST
    01-09-2017 19:55:59 Restore Point Created by FRST
    04-09-2017 08:11:24 Restore Point Created by FRST
    09-09-2017 09:39:12 Windows Update
    09-09-2017 10:05:00 Removed Skype™ 7.3
    09-09-2017 10:44:18 Removed Skype™ 7.3


    ==================== Faulty Device Manager Devices =============




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (09/11/2017 07:07:03 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/11/2017 07:01:49 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/11/2017 07:01:38 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/10/2017 08:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: gvim.exe, version: 0.0.0.0, time stamp: 0x5304da99
    Faulting module name: cyggdk-x11-2.0-0.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
    Exception code: 0xc0000135
    Fault offset: 0x00000000000ecdd0
    Faulting process id: 0xfc4
    Faulting application start time: 0x01d32a4d58a65fbb
    Faulting application path: C:\cygwin64\bin\gvim.exe
    Faulting module path: cyggdk-x11-2.0-0.dll
    Report Id: 9767cc46-9640-11e7-8399-000c2916e29d
    Faulting package full name:
    Faulting package-relative application ID:


    Error: (09/10/2017 08:52:07 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/09/2017 11:19:45 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/09/2017 11:09:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: gvim.exe, version: 0.0.0.0, time stamp: 0x5304da99
    Faulting module name: cyggdk-x11-2.0-0.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
    Exception code: 0xc0000135
    Fault offset: 0x00000000000ecdd0
    Faulting process id: 0xb14
    Faulting application start time: 0x01d32996bbfca75c
    Faulting application path: C:\cygwin64\bin\gvim.exe
    Faulting module path: cyggdk-x11-2.0-0.dll
    Report Id: fabefa33-9589-11e7-8395-000c2916e29d
    Faulting package full name:
    Faulting package-relative application ID:


    Error: (09/09/2017 10:44:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
    Description: Product: Skype™ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,


    Error: (09/09/2017 10:44:27 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
    Description: Product: Skype™ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,


    Error: (09/09/2017 10:05:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
    Description: Product: Skype™ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,




    System errors:
    =============
    Error: (09/10/2017 08:50:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    The service has not been started.


    Error: (09/10/2017 04:45:51 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


    Error: (09/10/2017 04:45:20 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


    Error: (09/09/2017 11:27:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    Error: (09/09/2017 11:11:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    Error: (09/09/2017 10:47:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    Error: (09/09/2017 10:47:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The VMware Snapshot Provider service terminated unexpectedly. It has done this 1 time(s).


    Error: (09/09/2017 09:44:42 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


    Error: (09/09/2017 09:44:12 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


    Error: (09/06/2017 06:29:49 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.




    CodeIntegrity:
    ===================================
    Date: 2017-09-10 04:45:22.385
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-09 09:44:46.514
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-06 06:29:21.455
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-05 10:08:59.102
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-05 07:49:55.491
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-04 08:34:16.765
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-01 07:48:24.893
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-08-31 13:47:03.155
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-08-28 22:53:09.168
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-08-22 21:04:39.634
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
    Percentage of memory in use: 28%
    Total physical RAM: 4239.49 MB
    Available physical RAM: 3024.1 MB
    Total Virtual: 8591.49 MB
    Available Virtual: 7580.61 MB


    ==================== Drives ================================


    Drive c: () (Fixed) (Total:90 GB) (Free:26.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (IRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.63 GB) (Free:0 GB) UDF


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 90 GB) (Disk ID: DA6E7EB8)
    Partition 1: (Active) - (Size=90 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================

  12. #72

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    ==================== Begin of FRST.txt ============================
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
    Ran by jim (administrator) on JIMWIN81 (11-09-2017 07:08:22)
    Running from C:\Users\jim\Desktop
    Loaded Profiles: jim & cyg_server (Available Profiles: jim & cyg_server)
    Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials


    ==================== Processes (Whitelisted) =================


    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


    (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmacthlp.exe
    () C:\cygwin64\bin\cygrunsrv.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe
    () C:\cygwin64\usr\sbin\sshd.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
    () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (ThinPrint GmbH) C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
    (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\cygwin64\home\jim\dotfiles\bin\procexp.exe
    (ThinPrint GmbH) C:\Program Files\VMware\VMware Tools\TPAutoConnect.exe
    (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\Users\jim\AppData\Local\Temp\PROCEXP64.exe
    (VMware, Inc.) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


    ==================== Registry (Whitelisted) ====================


    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


    HKLM\...\Run: [VMware User Process] => C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [82920 2017-03-17] (VMware, Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
    HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
    IFEO\taskmgr.exe: [Debugger] "C:\CYGWIN64\HOME\JIM\DOTFILES\BIN\PROCEXP.EXE"


    ==================== Internet (Whitelisted) ====================


    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


    Tcpip\Parameters: [DhcpNameServer] 172.16.247.2
    Tcpip\..\Interfaces\{E0C50694-CF39-42E6-8B7A-1D78F3B50F76}: [DhcpNameServer] 172.16.247.2


    Internet Explorer:
    ==================
    HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    URLSearchHook: [S-1-5-21-4156085387-2423536872-2889286598-1003] ATTENTION => Default URLSearchHook is missing
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-07-11] (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-08-13] (Oracle Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-08-13] (Oracle Corporation)


    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-08-13] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-08-13] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-15] (Google Inc.)
    FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll [2012-01-28] (VMware, Inc.)
    FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 -> C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll [2013-08-17] (VMware, Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)


    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR DefaultSearchKeyword: Default -> t
    CHR Session Restore: Default -> is enabled.
    CHR Profile: C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default [2017-09-09]
    CHR Extension: (Google Translate) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2017-01-14]
    CHR Extension: (Restlet Client - REST API Testing) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejoelaoggembcahagimdiliamlcdmfm [2017-09-05]
    CHR Extension: (Google Docs) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
    CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-16]
    CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-14]
    CHR Extension: (Google Cast) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-04-02]
    CHR Extension: (Adblock Plus) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-05]
    CHR Extension: (JSONView) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\chklaanhfefbnpoihckbnefhakgolnmc [2017-01-14]
    CHR Extension: (REST Console) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\cokgbflfommojglbmbpenpphppikmonn [2014-02-09]
    CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-16]
    CHR Extension: (Vimium) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbepggeogbaibhgnhhndojpepiihcmeb [2017-09-05]
    CHR Extension: (Netflix) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2016-04-16]
    CHR Extension: (Google Tasks (by Google)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd [2017-09-05]
    CHR Extension: (Chromebleed) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eeoekjnjgppnaegdjbcafdggilajhpic [2014-12-13]
    CHR Extension: (Postman - REST Client) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2016-04-24]
    CHR Extension: (EditThisCookie) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\fngmhnnpilhplaeedifhccceomclgfbg [2014-10-29]
    CHR Extension: (FoxyProxy Standard) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2015-02-06]
    CHR Extension: (Google Docs Offline) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-14]
    CHR Extension: (TweetDeck by Twitter) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-01-14]
    CHR Extension: (Advanced REST client) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmloofddffdnphfgcellkdfbfbjeloo [2017-03-22]
    CHR Extension: (Tabs to the front!) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2014-02-09]
    CHR Extension: (Kindle Cloud Reader) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-06-01]
    CHR Extension: (AngularJS Batarang) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ighdmehidhipcmcojjgiloacoafjmpfk [2017-09-05]
    CHR Extension: (Subnet Mask Calculator) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgifbmejejpcgfiocalppfbifcaanaan [2014-02-09]
    CHR Extension: (Flashcontrol) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2017-03-22]
    CHR Extension: (Google Play Books) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2017-01-14]
    CHR Extension: (Google Hangouts) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2017-09-05]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-05]
    CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-16]
    CHR Extension: (Chrome Media Router) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-05]


    ==================== Services (Whitelisted) ====================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    S3 ALG; C:\Windows\System32\alg.exe [96768 2014-10-28] (Microsoft Corporation)
    S3 Fax; C:\Windows\system32\fxssvc.exe [658944 2014-10-28] (Microsoft Corporation)
    S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2014-10-30] (Microsoft Corporation)
    R3 MSDTC; C:\Windows\System32\msdtc.exe [144384 2014-10-28] (Microsoft Corporation)
    S3 msiserver; C:\Windows\System32\msiexec.exe [65024 2016-05-05] (Microsoft Corporation)
    S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [59904 2016-05-05] (Microsoft Corporation)
    S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2014-10-28] (Microsoft Corporation)
    R2 SamSs; C:\Windows\system32\lsass.exe [47024 2014-10-28] (Microsoft Corporation)
    S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14848 2014-10-28] (Microsoft Corporation)
    R2 Spooler; C:\Windows\System32\spoolsv.exe [827392 2014-11-03] (Microsoft Corporation)
    R2 sppsvc; C:\Windows\system32\sppsvc.exe [6521800 2016-06-10] (Microsoft Corporation)
    R2 sshd; C:\cygwin64\bin\cygrunsrv.exe [185875 2013-10-30] () [File not signed]
    S3 TPVCGateway; C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2498744 2017-03-17] (Cortado AG)
    S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [41984 2014-10-28] (Microsoft Corporation)
    S3 vds; C:\Windows\System32\vds.exe [1313792 2014-10-28] (Microsoft Corporation)
    R2 VGAuthService; C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe [163840 2017-03-17] (VMware, Inc.) [File not signed]
    R2 VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [540136 2017-03-17] (VMware, Inc.)
    S3 VMwareCAFCommAmqpListener; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe [67584 2017-03-17] () [File not signed]
    R2 VMwareCAFManagementAgentHost; C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe [60928 2017-03-17] () [File not signed]
    R3 VSS; C:\Windows\system32\vssvc.exe [1455104 2016-02-05] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
    R2 WSearch; C:\Windows\system32\SearchIndexer.exe [903168 2015-03-31] (Microsoft Corporation)
    R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [710144 2015-03-31] (Microsoft Corporation)


    ===================== Drivers (Whitelisted) ======================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    R2 VMMemCtl; C:\Windows\system32\DRIVERS\vmmemctl.sys [51768 2017-02-11] (VMware, Inc.)
    R1 VMRawDsk; C:\Windows\system32\DRIVERS\vmrawdsk.sys [74304 2017-02-11] (VMware, Inc.)
    R3 vmusbmouse; C:\Windows\System32\drivers\vmusbmouse.sys [35904 2017-02-11] (VMware, Inc.)
    R0 vsock; C:\Windows\system32\DRIVERS\vsock.sys [91712 2017-02-11] (VMware, Inc.)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)


    ==================== NetSvcs (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== One Month Created files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-09-11 07:08 - 2017-09-11 07:08 - 000014008 _____ C:\Users\jim\Desktop\FRST.txt
    2017-09-11 07:07 - 2017-09-11 07:07 - 000000000 ____D C:\Users\jim\Desktop\FRST-OlderVersion
    2017-09-11 07:06 - 2017-09-11 07:06 - 000001390 _____ C:\Users\Public\Desktop\VMware Shared Folders.lnk
    2017-09-11 07:03 - 2017-09-11 07:03 - 000000000 ____D C:\Users\jim\Desktop\xx
    2017-09-09 09:58 - 2017-09-11 07:07 - 000000000 ____D C:\Users\jim\AppData\Roaming\Skype
    2017-09-09 09:58 - 2017-09-09 10:44 - 000000000 ____D C:\ProgramData\Skype
    2017-09-09 09:58 - 2017-09-09 09:58 - 000002713 _____ C:\Users\Public\Desktop\Skype.lnk
    2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ___RD C:\Program Files (x86)\Skype
    2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ____D C:\Users\jim\AppData\Local\Skype
    2017-09-09 09:58 - 2017-09-09 09:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2017-09-09 09:31 - 2017-09-09 09:31 - 000000457 _____ C:\Users\jim\Desktop\Shared Folders (vmware-host) (Z) - Shortcut.lnk
    2017-09-05 11:04 - 2017-09-05 11:04 - 000000000 ____D C:\Users\jim\AppData\Local\Apps\2.0
    2017-09-01 19:49 - 2017-09-01 19:49 - 000287520 _____ C:\Windows\Minidump\090117-7765-01.dmp
    2017-09-01 19:46 - 2017-09-01 19:46 - 000287520 _____ C:\Windows\Minidump\090117-22093-01.dmp
    2017-09-01 19:46 - 2017-09-01 19:46 - 000000000 ____D C:\Windows\Minidump
    2017-09-01 11:09 - 2017-09-11 07:08 - 000000000 ____D C:\FRST
    2017-09-01 11:07 - 2017-09-11 07:07 - 002396672 _____ (Farbar) C:\Users\jim\Desktop\FRST64.exe
    2017-08-13 09:17 - 2017-08-13 09:17 - 002884096 _____ (niemiro) C:\Users\jim\Desktop\SFCFix.exe


    ==================== One Month Modified files and folders ========


    (If an entry is included in the fixlist, the file/folder will be moved.)


    2017-09-11 07:06 - 2013-08-22 08:36 - 000000000 ____D C:\Windows\Registration
    2017-09-11 07:06 - 2013-08-22 07:45 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2017-09-11 07:03 - 2014-02-09 13:30 - 000863592 _____ C:\Windows\system32\PerfStringBackup.INI
    2017-09-11 07:03 - 2013-08-22 06:36 - 000000000 ____D C:\Windows\Inf
    2017-09-09 10:11 - 2014-02-09 13:31 - 000003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4156085387-2423536872-2889286598-1001
    2017-09-05 18:36 - 2017-07-16 16:55 - 000000000 ____D C:\SFCFix
    2017-09-05 18:36 - 2017-07-16 16:20 - 000000000 ____D C:\Users\jim\AppData\Local\niemiro
    2017-09-05 13:24 - 2014-05-09 12:16 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2017-09-05 10:07 - 2013-08-22 08:20 - 000000000 ____D C:\Windows\CbsTemp
    2017-09-05 07:38 - 2013-08-22 06:25 - 000262144 ___SH C:\Windows\system32\config\BBI
    2017-09-05 07:36 - 2014-03-17 22:26 - 000000000 ____D C:\Users\jim\Desktop\save
    2017-09-01 19:49 - 2014-03-17 13:54 - 000000000 ____D C:\Users\cyg_server
    2017-09-01 19:49 - 2014-02-09 13:20 - 000000000 ____D C:\Users\jim
    2017-08-28 22:26 - 2014-02-09 13:35 - 000002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2017-08-22 19:30 - 2017-04-02 15:19 - 010716210 _____ C:\Users\jim\Desktop\Windows8.1-KB2919442-x64.msu
    2017-08-17 09:35 - 2014-02-09 17:41 - 000544424 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2017-08-13 09:48 - 2014-02-09 17:42 - 000000000 ____D C:\Windows\system32\MRT
    2017-08-13 09:46 - 2014-02-09 17:42 - 140394280 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2017-08-13 09:24 - 2015-02-06 19:50 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-08-13 09:23 - 2015-11-28 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2017-08-13 09:23 - 2014-03-17 12:44 - 000000000 ____D C:\ProgramData\Oracle
    2017-08-13 09:23 - 2014-03-17 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
    2017-08-13 09:23 - 2014-03-17 12:43 - 000000000 ____D C:\Program Files\Java
    2017-08-13 09:22 - 2015-11-28 20:02 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll


    Some files in TEMP:
    ====================
    2017-09-09 11:32 - 2017-09-11 07:07 - 001620992 _____ (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs) C:\Users\jim\AppData\Local\Temp\PROCEXP64.exe


    ==================== Bamital & volsnap ======================


    (There is no automatic fix for files that do not pass verification.)


    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2017-09-09 09:43


    ==================== End of FRST.txt ============================


    ==================== Begin of Addition.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-09-2017
    Ran by jim (11-09-2017 07:08:59)
    Running from C:\Users\jim\Desktop
    Windows 8.1 Pro (Update) (X64) (2014-02-09 20:20:29)
    Boot Mode: Normal
    ==========================================================




    ==================== Accounts: =============================


    Administrator (S-1-5-21-4156085387-2423536872-2889286598-500 - Administrator - Disabled)
    cyg_server (S-1-5-21-4156085387-2423536872-2889286598-1003 - Administrator - Enabled) => C:\Users\cyg_server
    Guest (S-1-5-21-4156085387-2423536872-2889286598-501 - Limited - Disabled)
    jim (S-1-5-21-4156085387-2423536872-2889286598-1001 - Administrator - Enabled) => C:\Users\jim
    sshd (S-1-5-21-4156085387-2423536872-2889286598-1002 - Limited - Disabled)


    ==================== Security Center ========================


    (If an entry is included in the fixlist, it will be removed.)


    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    ==================== Installed Programs ======================


    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
    Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
    Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
    Java SE Development Kit 7 Update 51 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170510}) (Version: 1.7.0.510 - Oracle)
    Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
    Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version: - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.10.9 - Intuit)
    Quicken 2017 (HKLM-x32\...\{E5AE4F66-CDA1-432A-A69E-C685D454ABDA}) (Version: 26.1.2.7 - Quicken)
    Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
    Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB4011046) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4948A05E-E21F-4A6F-BF2A-7D106E339C9B}) (Version: - Microsoft)
    VMware Tools (HKLM\...\{D2236796-832D-4E8C-A337-0C6EEB8ACB27}) (Version: 10.1.6.5214329 - VMware, Inc.)
    VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.29542 - VMware, Inc.)
    VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)


    ==================== Custom CLSID (Whitelisted): ==========================


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




    ==================== Scheduled Tasks (Whitelisted) =============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    Task: {2C4403FF-C76C-4B84-8235-DF5F1926BD22} - System32\Tasks\{F8CAD4C1-19CB-4036-AF34-E0854A183087} => C:\Windows\system32\pcalua.exe -a "C:\Users\jim\Downloads\VMware-viclient-all-5.0.0-623373 (1).exe" -d C:\Users\jim\Downloads
    Task: {328C4D63-77D7-4E0B-9069-1791B4824B3B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
    Task: {34F6E3B4-F13D-495F-8DE0-8B350595050A} - System32\Tasks\Process Explorer-JIMWIN81-jim => C:\CYGWIN64\HOME\JIM\DOTFILES\BIN\PROCEXP.EXE [2014-03-17] (Sysinternals - Windows Sysinternals - Windows Sysinternals | Microsoft Docs)
    Task: {796311BE-0AE5-4E3A-B762-FA200D4379D0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
    Task: {7BE7674A-0A35-4007-8CB6-37599535DE0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
    Task: {83922393-9B46-4CE5-AC3C-A4CED05A60A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {C62730DF-A919-41E7-9787-43D7C3C95AAD} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D9A11151-AFE5-458A-9B6F-20948476F1FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
    Task: {EB430ABB-9BC9-4312-A521-A66F93B3A700} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {ED07D572-1061-438A-B699-E9D5C5646179} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION


    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)




    ==================== Shortcuts & WMI ========================


    (The entries could be listed to be restored or removed.)




    ==================== Loaded Modules (Whitelisted) ==============


    2014-02-15 13:19 - 2013-10-30 13:39 - 000185875 _____ () C:\cygwin64\bin\cygrunsrv.exe
    2017-03-17 07:36 - 2017-03-17 07:36 - 000268288 _____ () C:\Program Files\VMware\VMware Tools\VMware VGAuth\pcre.dll
    2014-02-15 13:19 - 2014-01-30 05:00 - 000673299 _____ () C:\cygwin64\usr\sbin\sshd.exe
    2014-02-15 12:40 - 2014-01-29 02:26 - 000068115 _____ () C:\cygwin64\bin\cyggcc_s-seh-1.dll
    2014-02-15 13:19 - 2014-01-29 02:27 - 000010771 _____ () C:\cygwin64\bin\cygssp-0.dll
    2014-02-15 13:19 - 2013-03-07 02:29 - 000009235 _____ () C:\cygwin64\bin\cygcrypt-0.dll
    2014-02-15 13:19 - 2013-06-22 22:43 - 002300485 _____ () C:\cygwin64\bin\cyggssapi-3.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000163264 _____ () C:\cygwin64\bin\cygkafs-0.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 003365979 _____ () C:\cygwin64\bin\cygkrb5-26.dll
    2014-02-15 13:19 - 2013-11-15 12:58 - 000030227 _____ () C:\cygwin64\bin\cygwrap-0.dll
    2014-02-15 12:40 - 2013-05-09 14:21 - 000080915 _____ () C:\cygwin64\bin\cygz.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000137857 _____ () C:\cygwin64\bin\cygheimntlm-0.dll
    2014-02-15 13:19 - 2013-03-10 22:21 - 000012307 _____ () C:\cygwin64\bin\cygcom_err-2.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000103241 _____ () C:\cygwin64\bin\cygheimbase-1.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 002629600 _____ () C:\cygwin64\bin\cygasn1-8.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000434020 _____ () C:\cygwin64\bin\cygroken-18.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 000281302 _____ () C:\cygwin64\bin\cygwind-0.dll
    2014-02-15 13:19 - 2013-06-22 22:42 - 001445805 _____ () C:\cygwin64\bin\cyghx509-5.dll
    2014-02-15 13:19 - 2014-03-11 13:06 - 000737811 _____ () C:\cygwin64\bin\cygsqlite3-0.dll
    2017-03-17 07:56 - 2017-03-17 07:56 - 000284136 _____ () C:\Program Files\VMware\VMware Tools\pcre.dll
    2017-03-17 07:25 - 2017-03-17 07:25 - 000060928 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe
    2017-03-17 07:36 - 2017-03-17 07:36 - 002539008 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\Framework.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000268288 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\pcre.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000731648 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\MaIntegrationSubsys.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000111616 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CafIntegrationSubsys.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000471040 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\IntegrationSubsys.dll
    2017-03-17 07:36 - 2017-03-17 07:36 - 000097792 _____ () C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\VgAuthIntegrationSubsys.dll
    2017-02-23 08:29 - 2017-02-23 08:29 - 008909512 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll


    ==================== Alternate Data Streams (Whitelisted) =========


    (If an entry is included in the fixlist, only the ADS will be removed.)




    ==================== Safe Mode (Whitelisted) ===================


    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




    ==================== Association (Whitelisted) ===============


    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)




    ==================== Internet Explorer trusted/restricted ===============


    (If an entry is included in the fixlist, it will be removed from the registry.)




    ==================== Hosts content: ===============================


    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)


    2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts




    ==================== Other Areas ============================


    (Currently there is no automatic fix for this section.)


    HKU\S-1-5-21-4156085387-2423536872-2889286598-1001\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 172.16.247.2
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.


    ==================== MSCONFIG/TASK MANAGER disabled items ==




    ==================== FirewallRules (Whitelisted) ===============


    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    FirewallRules: [{875D1C1B-1096-4C23-A44F-14B22806028C}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
    FirewallRules: [{7C049BF3-D827-4B59-BE5E-752CF9E23F67}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
    FirewallRules: [{55864CD2-25AC-4580-92ED-A9E95A7AAF4A}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
    FirewallRules: [{E0C64453-B0D3-4C07-B72A-720810B9C15D}] => (Allow) C:\cygwin64\usr\sbin\sshd.exe
    FirewallRules: [TCP Query User{D2004B2F-84E7-4D8D-8FB4-E4BDBD44F5D5}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
    FirewallRules: [UDP Query User{1E31FFCB-C6F5-4127-B895-48F2F08F3B96}C:\windows\system32\javaw.exe] => (Allow) C:\windows\system32\javaw.exe
    FirewallRules: [{29F5CE55-9E21-4602-A4AC-959B9EB50520}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{6BDFB4A8-7041-41C4-8FB2-28448139B1B3}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{0CBB445D-D843-4C93-9827-B89FB73431DB}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [{6BB3ED68-D75B-4B09-BECF-FFB0ADC28126}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
    FirewallRules: [TCP Query User{E0AFC178-3575-47B0-B03E-9F1E2B6E0773}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
    FirewallRules: [UDP Query User{26D2C6C8-77B6-422D-8083-01968D74E330}C:\program files\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_66\bin\javaw.exe
    FirewallRules: [TCP Query User{71E9CAD3-451D-4000-8840-1D5F9344696F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
    FirewallRules: [UDP Query User{F9B406D5-438B-4961-8030-5B0E237F575F}C:\program files\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_91\bin\javaw.exe
    FirewallRules: [TCP Query User{2808C497-8D6A-4F08-86D8-777DF233F237}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
    FirewallRules: [UDP Query User{3CFF1664-B781-4DF5-B8E2-07E002AB08B2}C:\program files\java\jre1.8.0_101\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_101\bin\javaw.exe
    FirewallRules: [TCP Query User{912D2D64-8947-4A35-9E47-12213F14F90F}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
    FirewallRules: [UDP Query User{1D1BCBAC-44E5-470E-BDE8-4E4F46BF8E67}C:\program files\java\jre1.8.0_111\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_111\bin\javaw.exe
    FirewallRules: [TCP Query User{6ED95EC6-D0AA-466E-AADF-E8C9EDB5E943}C:\programdata\oracle\java\javapath_target_581421\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_581421\javaw.exe
    FirewallRules: [UDP Query User{F492AEBB-A548-4180-8B67-1D6707FC3C9C}C:\programdata\oracle\java\javapath_target_581421\javaw.exe] => (Allow) C:\programdata\oracle\java\javapath_target_581421\javaw.exe
    FirewallRules: [{2A516657-BC0B-46CE-BFF0-25F2D88F3078}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{B7C3F9A0-1456-4B4E-AC84-08A3E442AD96}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe


    ==================== Restore Points =========================


    28-08-2017 22:43:00 Windows Update
    01-09-2017 07:56:26 Windows Update
    01-09-2017 19:45:15 Restore Point Created by FRST
    01-09-2017 19:47:59 Restore Point Created by FRST
    01-09-2017 19:55:59 Restore Point Created by FRST
    04-09-2017 08:11:24 Restore Point Created by FRST
    09-09-2017 09:39:12 Windows Update
    09-09-2017 10:05:00 Removed Skype™ 7.3
    09-09-2017 10:44:18 Removed Skype™ 7.3


    ==================== Faulty Device Manager Devices =============




    ==================== Event log errors: =========================


    Application errors:
    ==================
    Error: (09/11/2017 07:07:03 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/11/2017 07:01:49 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/11/2017 07:01:38 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/10/2017 08:56:23 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: gvim.exe, version: 0.0.0.0, time stamp: 0x5304da99
    Faulting module name: cyggdk-x11-2.0-0.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
    Exception code: 0xc0000135
    Fault offset: 0x00000000000ecdd0
    Faulting process id: 0xfc4
    Faulting application start time: 0x01d32a4d58a65fbb
    Faulting application path: C:\cygwin64\bin\gvim.exe
    Faulting module path: cyggdk-x11-2.0-0.dll
    Report Id: 9767cc46-9640-11e7-8399-000c2916e29d
    Faulting package full name:
    Faulting package-relative application ID:


    Error: (09/10/2017 08:52:07 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/09/2017 11:19:45 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.


    Error: (09/09/2017 11:09:11 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: gvim.exe, version: 0.0.0.0, time stamp: 0x5304da99
    Faulting module name: cyggdk-x11-2.0-0.dll, version: 6.3.9600.18233, time stamp: 0x56bb4ebb
    Exception code: 0xc0000135
    Fault offset: 0x00000000000ecdd0
    Faulting process id: 0xb14
    Faulting application start time: 0x01d32996bbfca75c
    Faulting application path: C:\cygwin64\bin\gvim.exe
    Faulting module path: cyggdk-x11-2.0-0.dll
    Report Id: fabefa33-9589-11e7-8395-000c2916e29d
    Faulting package full name:
    Faulting package-relative application ID:


    Error: (09/09/2017 10:44:28 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
    Description: Product: Skype™ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,


    Error: (09/09/2017 10:44:27 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
    Description: Product: Skype™ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,


    Error: (09/09/2017 10:05:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: JIMWIN81)
    Description: Product: Skype™ 7.3 -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,




    System errors:
    =============
    Error: (09/10/2017 08:50:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
    Description: The Superfetch service terminated with the following error:
    The service has not been started.


    Error: (09/10/2017 04:45:51 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


    Error: (09/10/2017 04:45:20 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


    Error: (09/09/2017 11:27:14 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    Error: (09/09/2017 11:11:18 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    Error: (09/09/2017 10:47:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    Error: (09/09/2017 10:47:35 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The VMware Snapshot Provider service terminated unexpectedly. It has done this 1 time(s).


    Error: (09/09/2017 09:44:42 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} did not register with DCOM within the required timeout.


    Error: (09/09/2017 09:44:12 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.


    Error: (09/06/2017 06:29:49 AM) (Source: DCOM) (EventID: 10010) (User: JIMWIN81)
    Description: The server {1B1F472E-3221-4826-97DB-2C2324D389AE} did not register with DCOM within the required timeout.




    CodeIntegrity:
    ===================================
    Date: 2017-09-10 04:45:22.385
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-09 09:44:46.514
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-06 06:29:21.455
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-05 10:08:59.102
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-05 07:49:55.491
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-04 08:34:16.765
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-09-01 07:48:24.893
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-08-31 13:47:03.155
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-08-28 22:53:09.168
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


    Date: 2017-08-22 21:04:39.634
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.




    ==================== Memory info ===========================


    Processor: Intel(R) Core(TM) i7-4850HQ CPU @ 2.30GHz
    Percentage of memory in use: 28%
    Total physical RAM: 4239.49 MB
    Available physical RAM: 3024.1 MB
    Total Virtual: 8591.49 MB
    Available Virtual: 7580.61 MB


    ==================== Drives ================================


    Drive c: () (Fixed) (Total:90 GB) (Free:26.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (IRM_CCSA_X64FRE_EN-US_DV5) (CDROM) (Total:3.63 GB) (Free:0 GB) UDF


    ==================== MBR & Partition Table ==================


    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 90 GB) (Disk ID: DA6E7EB8)
    Partition 1: (Active) - (Size=90 GB) - (Type=07 NTFS)


    ==================== End of Addition.txt ============================

  13. #73
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    7,399
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1709 x64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    FRST Registry Search
    1. Click your Start button and choose Control Panel.
    2. In the upper right corner ensure the View by: is set to Category.
    3. Select the Programs group.
    4. Click the Turn Windows features on or off link. This will bring up the Windows Features dialog. Wait until this dialog populates with information.
    Note: This loads your components hive which is what we want. Please keep this dialog open while you perform the remaining steps.
    5. Please download Farbar Recovery Scan Tool and save it to your Desktop. You can use the one you already downloaded.
    Note: You need to run the 64-bit Version so please ensure you download that one.
    6. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
    7. Copy and paste SkyDrive;OneDrive
    into the Search box and click the Search Registry button.
    8. When the scan is complete a notepad window will open with the results. Please copy and paste the contents in your next reply. If for some reason notepad doesn't open the file should be
    saved on your desktop named Search.txt.
    9. You may close any remaining open windows now.

  14. #74

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    The text was too long to paste.

    Here is an attachment:

    ===
    Attached Files Attached Files

  15. #75
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    7,399
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1709 x64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    Do you use OneDrive?

  16. #76

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    Not intentionally, no. I have never observed it or tried to use it.

  17. #77
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    7,399
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1709 x64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    1. Go to Add/Remove programs and select Microsoft Office Professional Plus 2013
    2. Choose Change/Modify
    3. Choose Add or Remove Features
    4. Select the Microsoft OneDrive for Business drop-down box and select Not Available
    5. Click the Continue button to remove it.

  18. #78

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    The "OneDrive for Business" was already with a red X and Not Available.

    I did see "Microsoft SharePoint Foundation Support" which I don't need to turned that off. But it may be unrelated.

  19. #79
    Moderator
    BSOD Kernel Dump Analyst
    Windows Update Senior Analyst
    softwaremaniac's Avatar
    Join Date
    Oct 2014
    Location
    Croatia
    Age
    22
    Posts
    7,399
    • specs System Specs
      • Motherboard:
        ASUS MAXIMUS ROG HERO X
      • CPU:
        Intel Core i7-8700K 3.7GHz
      • Memory:
        Crucial 2x8GB DDR4 2666 MHz
      • Graphics:
        Gigabyte GTX 1080 G1 Gaming 8 GB
      • Sound Card:
        Asus Xonar DSX
      • Hard Drives:
        WD Caviar Black 1TB SATA III 7200rpm, WD Caviar Black 6TB SATA III 7200rpm
      • Disk Drives:
        Samsung 960 Evo 256GB NVME PCIe
      • Power Supply:
        Corsair HX 750W 80+ Platinum
      • Case:
        Fractal Design Define R6
      • Cooling:
        Noctua NH-D14
      • Display:
        Philips Brilliance BDM4065UC 4K 3840x2160
      • Operating System:
        Windows 10 Pro 1709 x64

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    Please temporarily install OneDrive. We will remove it later.

  20. #80

    Re: [Win8.1 x64] Update repeatedly offers KB2919355, KB2990967, and KB3063843

    Ok, done.

Page 4 of 5 First 12345 Last

Similar Threads

  1. [Win8.1 x64] cannot install KB2919355 update and dism error
    By MuhdShafiq in forum Windows Update
    Replies: 3
    Last Post: 07-18-2017, 08:24 PM
  2. Replies: 1
    Last Post: 06-14-2017, 05:49 PM
  3. Win 8.1 won't install KB2919355 and KB2990967
    By HappyTSW in forum Windows Update
    Replies: 8
    Last Post: 05-03-2015, 12:52 AM
  4. Replies: 5
    Last Post: 04-19-2015, 08:53 AM
  5. Replies: 61
    Last Post: 09-28-2014, 03:57 PM

Log in

Log in