Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.01.2018 Ran by Owner (14-01-2018 13:07:22) Running from C:\Users\Owner\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2012-10-16 13:37:05) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2544843157-150801207-2719152979-500 - Administrator - Disabled) Guest (S-1-5-21-2544843157-150801207-2719152979-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2544843157-150801207-2719152979-1008 - Limited - Enabled) Owner (S-1-5-21-2544843157-150801207-2719152979-1000 - Administrator - Enabled) => C:\Users\Owner ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1} AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.34 - Adobe Systems Incorporated) Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated) Adobe Reader XI (11.0.22) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.22 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.) ATI Catalyst Install Manager (HKLM\...\{4ACA5AE7-E68C-5A48-F8E6-D67946267506}) (Version: 3.0.829.0 - ATI Technologies, Inc.) Bejeweled 3 (HKLM-x32\...\Bejeweled 3) (Version: - PopCap Games) Bejeweled 3 (HKLM-x32\...\WTA-27fb2d1b-e8d2-46d6-aef8-8bbe2b9a5fb1) (Version: 2.2.0.97 - WildTangent) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.49.50 - Conexant) Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.2) (Version: 5.0.0.2 - Coupons.com Incorporated) D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden ETDWare PS/2-X64 8.0.8.0_R01 (HKLM\...\Elantech) (Version: 8.0.8.0 - ELAN Microelectronic Corp.) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Baseline Security Analyzer 2.3 (HKLM\...\{C058FC5D-565F-4360-A562-0527A3D993DC}) (Version: 2.3.2211 - Microsoft Corporation) Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.13 - NETGEAR Inc.) PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30124 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA) TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION) Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.) TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.10.64 - TOSHIBA Corporation) TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation) TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation) TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.3 - TOSHIBA Corporation) TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation) Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation) TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION) Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION) TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation) TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA) TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.2 - TOSHIBA Corporation) TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation) TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation) TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA) WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation) Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-08-22] (Microsoft Corporation) ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-08-22] (Microsoft Corporation) ContextMenuHandlers2: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => -> No File ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2014-08-22] (Microsoft Corporation) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2011-06-08] (Advanced Micro Devices, Inc.) ContextMenuHandlers6: [Kaspersky Anti-Virus] -> {dd230880-495a-11d1-b064-008048ec2fc5} => -> No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {49BF9F2D-4085-4F39-AB4F-F849706E60FA} - System32\Tasks\{300B0BA4-EE84-41DB-B3C8-C4960EC6BF31} => C:\Users\Owner\Downloads\IE11_US_ATT_Setup_Win7_x64.exe Task: {61226A48-66DC-45AA-85AA-7616EE6594E5} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy Task: {C24D91E8-BFBA-4C7B-BCED-EEAF3C9DB497} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-09-27] (Adobe Systems Incorporated) Task: {CBB391C3-B5A8-4361-8D8D-6A4B58AD3589} - System32\Tasks\{6104BE9F-B077-4EAE-AAF9-DA214016162E} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2010-09-28] (ATI Technologies Inc.) Task: {CC58B010-BF65-4057-816E-71F8626FDDD3} - System32\Tasks\{E405E01A-7C4E-4D75-970C-BA012505AFBB} => C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe Task: {F22D2DF2-405B-4CDF-8459-3DEA47EE2F58} - System32\Tasks\{CB206AFE-7DFE-416A-A85B-53AF20FC2560} => C:\Users\Owner\Downloads\IE11_US_ATT_Setup_Win7_x64.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\chase.com -> hxxp://www.chase.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\citibank.com -> hxxps://online.citibank.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\desncc.com -> hxxps://desncc.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\dish.com -> hxxp://www.dish.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\dishnetwork.com -> hxxps://customersupport.dishnetwork.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\facebook.com -> hxxps://www.facebook.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\financial-net.com -> hxxps://www.financial-net.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\firstcitizens.com -> hxxps://www.firstcitizens.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\kohls.com -> hxxps://credit.kohls.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\nc.gov -> hxxps://des.nc.gov IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\ncesc1.com -> hxxps://www.ncesc1.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\ncfbins.com -> hxxps://www.ncfbins.com IE trusted site: HKU\S-1-5-21-2544843157-150801207-2719152979-1000\...\progress-energy.com -> hxxps://www.progress-energy.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2009-06-10 16:00 - 000000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2544843157-150801207-2719152979-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 10.0.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AMD External Events Utility => 3 MSCONFIG\Services: NETGEARGenieDaemon => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: TMachInfo => 3 MSCONFIG\Services: TODDSrv => 3 MSCONFIG\Services: TosCoSrv => 2 MSCONFIG\Services: TOSHIBA HDD SSD Alert Service => 3 MSCONFIG\Services: YahooAUService => 3 MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" MSCONFIG\startupreg: ETDCtrl => %ProgramFiles%\Elantech\ETDCtrl.exe MSCONFIG\startupreg: NETGEARGenie => "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{D347240B-F028-4737-984A-AFE332BCC8A9}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{D9E1A678-1BF5-4717-AE1F-3FDC8B0A6A26}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [TCP Query User{CF1F6169-C44A-4B29-A583-4CD7C3484154}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe FirewallRules: [UDP Query User{583B52E3-E55D-4AED-97F8-7CF6FD573FEB}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe ==================== Restore Points ========================= 01-10-2017 23:00:00 Scheduled Checkpoint 08-10-2017 23:00:00 Scheduled Checkpoint 15-10-2017 23:00:01 Scheduled Checkpoint 23-10-2017 23:00:00 Scheduled Checkpoint 30-10-2017 23:00:01 Scheduled Checkpoint 08-11-2017 00:20:25 Scheduled Checkpoint 18-11-2017 19:49:11 Scheduled Checkpoint 29-12-2017 15:31:25 Scheduled Checkpoint 04-01-2018 20:08:50 Restore Operation 04-01-2018 20:29:19 Removed Microsoft Baseline Security Analyzer 2.3 04-01-2018 20:42:53 Windows Update 07-01-2018 19:00:08 Windows Backup 08-01-2018 16:40:55 Restore Operation 14-01-2018 03:37:39 Windows Update ==================== Faulty Device Manager Devices ============= Name: Microsoft Virtual WiFi Miniport Adapter Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: MpKsl9f65f4f5 Description: MpKsl9f65f4f5 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: MpKsl9f65f4f5 Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (01/14/2018 10:14:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/14/2018 03:38:43 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary MpKsl44c04301. System Error: The system cannot find the file specified. . Error: (01/12/2018 08:18:49 PM) (Source: TestWorker) (EventID: 1) (User: ) Description: Event-ID 1 Error: (01/10/2018 10:28:39 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1348 Start Time: 01d38a2789660cb0 Termination Time: 93 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (01/10/2018 10:27:33 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1248 Start Time: 01d389cf2443eb83 Termination Time: 78 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (01/09/2018 06:56:34 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 12f4 Start Time: 01d389a25dacdd8d Termination Time: 94 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (01/08/2018 04:51:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/08/2018 04:03:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: KNFB.Reader.exe, version: 2.2.7530.0, time stamp: 0x4de4eec9 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86 Exception code: 0xe0434f4d Fault offset: 0x0000c42d Faulting process id: 0x%9 Faulting application start time: 0xKNFB.Reader.exe0 Faulting application path: KNFB.Reader.exe1 Faulting module path: KNFB.Reader.exe2 Report Id: KNFB.Reader.exe3 Error: (01/04/2018 09:42:43 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (01/04/2018 08:18:12 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (01/14/2018 12:22:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SPP Notification Service service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. Error: (01/14/2018 12:15:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The SPP Notification Service service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. Error: (01/14/2018 12:13:50 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The SPP Notification Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/14/2018 12:13:33 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The TPM Base Services service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/14/2018 12:10:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The Diagnostic Service Host service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/14/2018 12:10:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: The Diagnostic Policy Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (01/14/2018 10:13:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Diagnostic Service Host service terminated with the following error: The requested control is not valid for this service. Error: (01/14/2018 10:13:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Diagnostic System Host service terminated with the following error: The requested control is not valid for this service. Error: (01/14/2018 10:13:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY) Description: WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 126 Error: (01/13/2018 05:10:25 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: ) Description: Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.259.1555.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.14405.2 Error code: 0x80072ee2 Error description: The operation timed out CodeIntegrity: =================================== Date: 2018-01-13 16:00:29.731 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-13 16:00:29.446 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-11 21:52:51.638 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-11 21:52:50.525 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-11 21:52:49.643 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-11 21:52:37.877 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-11 21:52:37.603 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-11 21:34:21.564 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-11 21:34:15.824 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. Date: 2018-01-11 21:34:12.076 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\CX64AP75.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: AMD E-300 APU with Radeon(tm) HD Graphics Percentage of memory in use: 34% Total physical RAM: 3686.87 MB Available physical RAM: 2402.23 MB Total Virtual: 7371.91 MB Available Virtual: 6042.88 MB ==================== Drives ================================ Drive c: (TI106232W0C) (Fixed) (Total:284.4 GB) (Free:227.17 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 3646BBDB) Partition 1: (Active) - (Size=1.5 GB) - (Type=27) Partition 2: (Not Active) - (Size=284.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=12.2 GB) - (Type=17) ==================== End of Addition.txt ============================