Publicité
Publicité
Format du document : text/plain
Prévisualisation
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13.02.2019
Ran by Administrator (13-02-2019 21:38:52)
Running from C:\Users\Administrator\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-07-11 09:17:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2313049547-215359784-2509074838-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2313049547-215359784-2509074838-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Apple Application Support (64 bits) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
K-Lite Codec Pack 12.3.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20264 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2313049547-215359784-2509074838-500\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 64.0.2 (x64 fr)) (Version: 64.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
VMware Client Integration Plug-in 5.5.0 (HKLM-x32\...\{922AD691-8713-4148-BA32-02CB638F27F7}) (Version: 5.5.0.1896808 - VMware, Inc.)
VMware Horizon Client (HKLM\...\{6369A6AF-90B0-49A4-9B2C-A2E9286064ED}) (Version: 4.10.0.4272 - VMware, Inc.) Hidden
VMware Horizon Client (HKLM-x32\...\{5b5fa66a-d62c-4b2e-900a-a7305dfdae1b}) (Version: 4.10.0.4272 - VMware, Inc.)
VMware Horizon HTML5 Multimedia Redirection Client (HKLM\...\{EBC8EA76-6B07-4506-B0ED-5281A6B78F0A}) (Version: 7.7.0 - VMware, Inc.) Hidden
VMware Horizon Media Engine 7.0.0.552 (64-bit) (HKLM\...\{E9C05C23-87E7-43E8-8DED-EF17EE7BCA70}) (Version: 7.0.0.552 - VMware, Inc.) Hidden
VMware Tools (HKLM\...\{5841B7F6-7208-4751-A133-BC8A78A2FC2D}) (Version: 9.4.0.1280544 - VMware, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2313049547-215359784-2509074838-500_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] (Notepad++ -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1424C9A5-2212-4E83-8C58-C699F7CC9CC1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3B31EFF4-CE54-4BFB-A52B-0798BC303AEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {3B46B63A-966A-498B-829A-A2101B5E9808} - System32\Tasks\{1B3661B9-89D6-42F2-AC68-70E6BF6E5E0F} => C:\Windows\system32\pcalua.exe -a C:\Users\Administrator\Downloads\VMware-ClientIntegrationPlugin-5.5.0(1).exe -d C:\Users\Administrator\Downloads
Task: {512025D5-2168-4651-A8B2-C06E1FF221F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {55D4DB8C-3274-4B19-8316-289488C60D09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {73EB32E9-650A-4545-AE0F-1C8CFF5E7B71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8CAFF307-9F31-403F-9AED-DB858DAA4E5E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B0CCF5F8-B350-470E-9F5B-EF1E5C7A3609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B582C6F4-A7ED-472B-96CE-5E1B0FC5316A} - System32\Tasks\FortniteTracker Update => "C:\Users\Administrator\Desktop\Fortnite tracker.cmd"
Task: {BCFEC585-09C1-411C-B52D-BACD05BF8426} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D134E4EE-B874-4861-BAFC-13C43D8FA1CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D3B30898-D91A-48B5-8820-B9C3A9A66B1E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
2010-06-06 15:20 - 2010-06-06 15:20 - 000065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-11-09 12:55 - 2018-11-09 12:55 - 000299632 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2018-11-09 18:13 - 2018-11-09 18:13 - 004308592 _____ () C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe
2018-11-09 12:55 - 2018-11-09 12:55 - 000415856 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2016-05-17 23:42 - 2016-05-17 23:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-08-17 10:52 - 2013-08-17 10:52 - 000780880 _____ () C:\Program Files\VMware\VMware Tools\glibmm-2.4.dll
2018-12-18 04:39 - 2018-12-12 06:12 - 002682336 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\swiftshader\libglesv2.dll
2018-12-18 04:39 - 2018-12-12 06:12 - 000156640 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\swiftshader\libegl.dll
2018-11-11 17:33 - 2018-11-11 17:33 - 000166992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2018-11-11 17:34 - 2018-11-11 17:35 - 001475680 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll
2018-11-11 17:32 - 2018-11-11 17:33 - 001075168 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2313049547-215359784-2509074838-500\...\sharepoint.com -> hxxps://assistecbe-files.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2019-01-02 11:07 - 000000906 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 view-localhost # view localhost server
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2313049547-215359784-2509074838-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1B15D2C7-910B-4B6A-BD79-F663E7C6C64C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{81F3B873-EA64-4374-A780-1C7983DB3602}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9D2DDD92-E958-4FF2-A8B4-4294312BEFBD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{041E0074-CDD3-4F04-8DF6-E06F4E1AAB1E}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{00477627-EF70-455F-8E48-FABAD684847B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{371C6DCE-CD24-4AAF-A0AB-84B9EA114C49}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{50A983E9-CF69-4713-A3C3-183FE428206B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{232240A4-B01D-4256-90B9-2C2102A3573D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{89C5E33B-EDEC-4B55-AD3F-33947A28F0A5}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C7E4E7EE-EA11-4B74-AF3C-44D19A573F77}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{10B6414B-4A59-41E4-92A5-6596E244FBCB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2929AA5-4652-4F06-93F3-D6DFAE33FD5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B9950851-8860-4102-AC7D-6F610004F3F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA6BA143-EBC9-4EBF-954C-0981093A250E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{00F1A072-CAFA-4164-9B4B-DA9A61DA874E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{15FC208B-A6E0-4856-AAD4-3452D0742056}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5F3F80C-6D3B-4838-B3C5-93095B69736E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12018A15-9502-4154-A0BC-B13D969A0943}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E0D3C5A0-B6F6-41F4-B55F-5084D20CB25B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A7F147FC-D790-49A5-8278-3C68B7666223}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6550E4A6-F197-4C1C-9290-57ED14CCF8F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{05B9B23B-6D5E-4A5D-B075-2DCC1575A7F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{10E88375-2B86-42B7-9A1A-C81A96C4810F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{26455AC4-C769-4E96-B0E7-E138E5E8FFFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{CD83749E-DCE7-457A-90F7-2A2720FA84FA}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{C9F0A1B7-63A0-484E-97F4-DD19E9DA6E82}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{20FEC37C-5973-425B-B3EC-9BB89DCA763A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{81AD6D49-3016-4B5D-BF17-8362D72AF500}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
==================== Restore Points =========================
14-01-2019 13:31:39 Windows Update
13-02-2019 21:28:48 Windows Update
==================== Faulty Device Manager Devices =============
Name: Intel(R) PRO/1000 MT Network Connection #2
Description: Intel(R) PRO/1000 MT Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: E1G60
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/13/2019 09:25:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/15/2019 06:04:09 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/14/2019 06:04:11 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/13/2019 06:04:09 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/13/2019 09:10:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/12/2019 06:04:09 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/11/2019 06:04:09 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/11/2019 01:36:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vmware-view.exe version 4.10.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 81c
Start Time: 01d4a9a6a3bacd79
Termination Time: 5
Application Path: C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
Report Id: 773b6831-159d-11e9-af5e-000c2927dc08
System errors:
=============
Error: (02/13/2019 09:36:50 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/13/2019 09:36:46 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/13/2019 09:36:45 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HP Officejet 6700 Class Driver required for printer HP Officejet 6700 is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/13/2019 09:27:04 PM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 192.168.1.115.
Error: (02/13/2019 09:23:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:40:43 on 16/01/2019 was unexpected.
Error: (01/15/2019 06:56:21 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
Error: (01/15/2019 06:56:19 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.
Error: (01/15/2019 06:56:17 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HP Officejet 6700 Class Driver required for printer HP29EAFB (HP Officejet 6700) is unknown. Contact the administrator to install the driver before you log in again.
CodeIntegrity:
===================================
Date: 2019-02-13 21:30:41.124
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-02-13 21:23:53.217
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-16 10:06:49.507
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-15 18:56:52.159
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-15 09:59:16.945
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-14 16:57:12.719
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-07 21:41:04.577
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-07 21:31:27.371
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
Percentage of memory in use: 80%
Total physical RAM: 4095.55 MB
Available physical RAM: 787.95 MB
Total Virtual: 8189.25 MB
Available Virtual: 4973.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:59.9 GB) (Free:23.91 GB) NTFS
Drive o: (Share_VVV) (Network) (Total:2952.79 GB) (Free:349.55 GB) NTFS
\\?\Volume{c03f41c4-4747-11e6-adbe-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 80 GB) (Disk ID: A2B2C31A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Ran by Administrator (13-02-2019 21:38:52)
Running from C:\Users\Administrator\Downloads
Windows 7 Professional Service Pack 1 (X64) (2016-07-11 09:17:11)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2313049547-215359784-2509074838-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2313049547-215359784-2509074838-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
7-Zip 16.02 (x64) (HKLM\...\7-Zip) (Version: 16.02 - Igor Pavlov)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.170 - Adobe Systems Incorporated)
Apple Application Support (64 bits) (HKLM\...\{7EAC8A42-9FAC-4F6B-AABF-C08C9F2E0F13}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 71.0.3578.98 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
K-Lite Codec Pack 12.3.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
Microsoft .NET Framework 4.7.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.03062 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10730.20264 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6219.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2313049547-215359784-2509074838-500\...\OneDriveSetup.exe) (Version: 18.222.1104.0007 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.15.26706 (HKLM-x32\...\{95ac1cfa-f4fb-4d1b-8912-7f9d5fbb140d}) (Version: 14.15.26706.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.15.26706 (HKLM-x32\...\{7e9fae12-5bbf-47fb-b944-09c49e75c061}) (Version: 14.15.26706.0 - Microsoft Corporation)
Mozilla Firefox 64.0.2 (x64 fr) (HKLM\...\Mozilla Firefox 64.0.2 (x64 fr)) (Version: 64.0.2 - Mozilla)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10730.20264 - Microsoft Corporation) Hidden
PDF reDirect (remove only) (HKLM-x32\...\PDF reDirect) (Version: v2.5.2 - EXP Systems LLC)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.132598 - TeamViewer)
VMware Client Integration Plug-in 5.5.0 (HKLM-x32\...\{922AD691-8713-4148-BA32-02CB638F27F7}) (Version: 5.5.0.1896808 - VMware, Inc.)
VMware Horizon Client (HKLM\...\{6369A6AF-90B0-49A4-9B2C-A2E9286064ED}) (Version: 4.10.0.4272 - VMware, Inc.) Hidden
VMware Horizon Client (HKLM-x32\...\{5b5fa66a-d62c-4b2e-900a-a7305dfdae1b}) (Version: 4.10.0.4272 - VMware, Inc.)
VMware Horizon HTML5 Multimedia Redirection Client (HKLM\...\{EBC8EA76-6B07-4506-B0ED-5281A6B78F0A}) (Version: 7.7.0 - VMware, Inc.) Hidden
VMware Horizon Media Engine 7.0.0.552 (64-bit) (HKLM\...\{E9C05C23-87E7-43E8-8DED-EF17EE7BCA70}) (Version: 7.0.0.552 - VMware, Inc.) Hidden
VMware Tools (HKLM\...\{5841B7F6-7208-4751-A133-BC8A78A2FC2D}) (Version: 9.4.0.1280544 - VMware, Inc.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2313049547-215359784-2509074838-500_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] (Notepad++ -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-05-21] (Igor Pavlov)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1424C9A5-2212-4E83-8C58-C699F7CC9CC1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {3B31EFF4-CE54-4BFB-A52B-0798BC303AEA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {3B46B63A-966A-498B-829A-A2101B5E9808} - System32\Tasks\{1B3661B9-89D6-42F2-AC68-70E6BF6E5E0F} => C:\Windows\system32\pcalua.exe -a C:\Users\Administrator\Downloads\VMware-ClientIntegrationPlugin-5.5.0(1).exe -d C:\Users\Administrator\Downloads
Task: {512025D5-2168-4651-A8B2-C06E1FF221F5} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {55D4DB8C-3274-4B19-8316-289488C60D09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {73EB32E9-650A-4545-AE0F-1C8CFF5E7B71} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {8CAFF307-9F31-403F-9AED-DB858DAA4E5E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B0CCF5F8-B350-470E-9F5B-EF1E5C7A3609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {B582C6F4-A7ED-472B-96CE-5E1B0FC5316A} - System32\Tasks\FortniteTracker Update => "C:\Users\Administrator\Desktop\Fortnite tracker.cmd"
Task: {BCFEC585-09C1-411C-B52D-BACD05BF8426} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe (Microsoft Corporation -> Microsoft Corporation)
Task: {D134E4EE-B874-4861-BAFC-13C43D8FA1CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc -> Google Inc.)
Task: {D3B30898-D91A-48B5-8820-B9C3A9A66B1E} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]
==================== Loaded Modules (Whitelisted) ==============
2010-06-06 15:20 - 2010-06-06 15:20 - 000065344 _____ () C:\Windows\System32\PDFreDirectMon64.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 000092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 001353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-11-09 12:55 - 2018-11-09 12:55 - 000299632 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe
2018-11-09 18:13 - 2018-11-09 18:13 - 004308592 _____ () C:\Program Files\Common Files\VMware\ScannerRedirection\ftscanmgrhv.exe
2018-11-09 12:55 - 2018-11-09 12:55 - 000415856 _____ () C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlapi.dll
2016-05-17 23:42 - 2016-05-17 23:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-08-17 10:52 - 2013-08-17 10:52 - 000780880 _____ () C:\Program Files\VMware\VMware Tools\glibmm-2.4.dll
2018-12-18 04:39 - 2018-12-12 06:12 - 002682336 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\swiftshader\libglesv2.dll
2018-12-18 04:39 - 2018-12-12 06:12 - 000156640 _____ () C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\swiftshader\libegl.dll
2018-11-11 17:33 - 2018-11-11 17:33 - 000166992 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll
2018-11-11 17:34 - 2018-11-11 17:35 - 001475680 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\ClientTelemetry.dll
2018-11-11 17:32 - 2018-11-11 17:33 - 001075168 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-2313049547-215359784-2509074838-500\...\sharepoint.com -> hxxps://assistecbe-files.sharepoint.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2019-01-02 11:07 - 000000906 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1 view-localhost # view localhost server
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2313049547-215359784-2509074838-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{1B15D2C7-910B-4B6A-BD79-F663E7C6C64C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{81F3B873-EA64-4374-A780-1C7983DB3602}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9D2DDD92-E958-4FF2-A8B4-4294312BEFBD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{041E0074-CDD3-4F04-8DF6-E06F4E1AAB1E}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent, Inc.)
FirewallRules: [{00477627-EF70-455F-8E48-FABAD684847B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{371C6DCE-CD24-4AAF-A0AB-84B9EA114C49}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{50A983E9-CF69-4713-A3C3-183FE428206B}] => (Allow) C:\Program Files\HP\HP Officejet 6700\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{232240A4-B01D-4256-90B9-2C2102A3573D}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{89C5E33B-EDEC-4B55-AD3F-33947A28F0A5}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{C7E4E7EE-EA11-4B74-AF3C-44D19A573F77}] => (Allow) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{10B6414B-4A59-41E4-92A5-6596E244FBCB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D2929AA5-4652-4F06-93F3-D6DFAE33FD5C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B9950851-8860-4102-AC7D-6F610004F3F9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA6BA143-EBC9-4EBF-954C-0981093A250E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{00F1A072-CAFA-4164-9B4B-DA9A61DA874E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{15FC208B-A6E0-4856-AAD4-3452D0742056}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5F3F80C-6D3B-4838-B3C5-93095B69736E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12018A15-9502-4154-A0BC-B13D969A0943}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E0D3C5A0-B6F6-41F4-B55F-5084D20CB25B}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A7F147FC-D790-49A5-8278-3C68B7666223}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{6550E4A6-F197-4C1C-9290-57ED14CCF8F2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{05B9B23B-6D5E-4A5D-B075-2DCC1575A7F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{10E88375-2B86-42B7-9A1A-C81A96C4810F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{26455AC4-C769-4E96-B0E7-E138E5E8FFFC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc -> Google Inc.)
FirewallRules: [{CD83749E-DCE7-457A-90F7-2A2720FA84FA}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{C9F0A1B7-63A0-484E-97F4-DD19E9DA6E82}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{20FEC37C-5973-425B-B3EC-9BB89DCA763A}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
FirewallRules: [{81AD6D49-3016-4B5D-BF17-8362D72AF500}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\x64\vmware-remotemks.exe (VMware, Inc. -> VMware, Inc.)
==================== Restore Points =========================
14-01-2019 13:31:39 Windows Update
13-02-2019 21:28:48 Windows Update
==================== Faulty Device Manager Devices =============
Name: Intel(R) PRO/1000 MT Network Connection #2
Description: Intel(R) PRO/1000 MT Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: E1G60
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/13/2019 09:25:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/15/2019 06:04:09 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/14/2019 06:04:11 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/13/2019 06:04:09 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/13/2019 09:10:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Error: (01/12/2019 06:04:09 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/11/2019 06:04:09 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
Error: (01/11/2019 01:36:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program vmware-view.exe version 4.10.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 81c
Start Time: 01d4a9a6a3bacd79
Termination Time: 5
Application Path: C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
Report Id: 773b6831-159d-11e9-af5e-000c2927dc08
System errors:
=============
Error: (02/13/2019 09:36:50 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/13/2019 09:36:46 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/13/2019 09:36:45 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HP Officejet 6700 Class Driver required for printer HP Officejet 6700 is unknown. Contact the administrator to install the driver before you log in again.
Error: (02/13/2019 09:27:04 PM) (Source: TermDD) (EventID: 56) (User: )
Description: The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Client IP: 192.168.1.115.
Error: (02/13/2019 09:23:19 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 13:40:43 on 16/01/2019 was unexpected.
Error: (01/15/2019 06:56:21 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft XPS Document Writer v4 required for printer Microsoft XPS Document Writer is unknown. Contact the administrator to install the driver before you log in again.
Error: (01/15/2019 06:56:19 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver Microsoft Print To PDF required for printer Microsoft Print to PDF is unknown. Contact the administrator to install the driver before you log in again.
Error: (01/15/2019 06:56:17 PM) (Source: UmrdpService) (EventID: 1111) (User: )
Description: Driver HP Officejet 6700 Class Driver required for printer HP29EAFB (HP Officejet 6700) is unknown. Contact the administrator to install the driver before you log in again.
CodeIntegrity:
===================================
Date: 2019-02-13 21:30:41.124
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-02-13 21:23:53.217
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-16 10:06:49.507
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-15 18:56:52.159
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-15 09:59:16.945
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-14 16:57:12.719
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-07 21:41:04.577
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2019-01-07 21:31:27.371
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
Percentage of memory in use: 80%
Total physical RAM: 4095.55 MB
Available physical RAM: 787.95 MB
Total Virtual: 8189.25 MB
Available Virtual: 4973.43 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:59.9 GB) (Free:23.91 GB) NTFS
Drive o: (Share_VVV) (Network) (Total:2952.79 GB) (Free:349.55 GB) NTFS
\\?\Volume{c03f41c4-4747-11e6-adbe-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 80 GB) (Disk ID: A2B2C31A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================