jrt.txt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x86
Ran by EID GI (Administrator) on Tue 12/13/2016 at 8:00:03.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 0
Registry: 0
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/13/2016 at 8:01:14.19
End of JRT log
MGA Diagnostic Report
Error message: Failed to create output files, hr = 0x80070002. Please contact support.
Validation Status: Validation unsupported OS
Validation Code: 6
Product Key: *****-*****-C97JM-9MPGT-3V66T
Product Key Hash: gmNDbvZQji7KOiUWbAAATBm+IY8=
Product ID: 00330-80000-00000-AA579
Product ID Type: 0 - unknown
Windows OS Version: N/A, hr=0x8007007a
ID: {7CD3CB71-2412-41B5-BAD2-0616CF75A2A1}(1)
Administrator: Yes
TestCab: 0x0
LegitcheckControl: N/A, hr = 0x80070002
Signed by: N/A, hr = 0x80070002
Product Name: Windows 10 Pro
Architecture & Build: 0x00000000 14393.rs1_release_inmarket.161102
TTS Error: N/A
Validation Diagnostic:
Resolution Status: N/A
frst.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by EID GI (administrator) on EIDABET-PC (13-12-2016 08:11:07)
Running from C:\Users\EID ABET\Desktop
Loaded Profiles: EID GI (Available Profiles: EID GI)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6310504 2011-11-08] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-04-04]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{9b81d74b-3550-4a80-bf57-7758e2fb14f4}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{ed0daf03-451d-4329-bdad-445df51ec114}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{f47d1650-524b-4395-81b6-cd8eff028994}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-14] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
FireFox:
========
FF ProfilePath: C:\Users\EID ABET\AppData\Roaming\Mozilla\Firefox\Profiles\13n43ts3.default-1465183135788 [2016-12-13]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Adblock Plus) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-14]
CHR Extension: (Pinterest Save Button) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-03]
CHR Extension: (Kaspersky Protection) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-08-10]
CHR Extension: (Ghostery) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apache2.4; D:\eclipse php\xampp\apache\bin\httpd.exe [23040 2016-07-07] (Apache Software Foundation) [File not signed]
S2 AVP16.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 KMService; C:\Windows\system32\srvany.exe [8192 2016-04-01] () [File not signed]
S4 mysql; D:\eclipse php\xampp\mysql\bin\mysqld.exe [11738568 2016-07-18] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R3 FETNDIS; C:\WINDOWS\System32\drivers\fetn63.sys [47616 2016-07-16] (VIA Technologies, Inc. )
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [155304 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [66440 2015-12-01] (AO Kaspersky Lab)
S2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [67456 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [25208 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [145800 2015-12-11] (AO Kaspersky Lab)
S1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [51544 2016-12-02] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [165464 2016-11-24] (AO Kaspersky Lab)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [770904 2016-08-17] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [45144 2016-04-29] (AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [46464 2015-11-11] (AO Kaspersky Lab)
S3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [37560 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [41864 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [74160 2016-08-17] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [93528 2016-08-17] (AO Kaspersky Lab)
S1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [161672 2015-12-03] (AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-25] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3245056 2016-07-16] (Realtek Semiconductor Corporation )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-13 08:02 - 2016-12-13 08:02 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2016-12-13 08:01 - 2016-12-13 08:01 - 00000555 _____ C:\Users\EID ABET\Desktop\JRT.txt
2016-12-13 07:43 - 2016-12-13 07:59 - 01631928 _____ (Malwarebytes) C:\Users\EID ABET\Desktop\JRT.exe
2016-12-13 07:41 - 2016-12-13 08:02 - 02031992 _____ (Microsoft Corporation) C:\Users\EID ABET\Desktop\MGADiag.exe
2016-12-12 12:58 - 2016-12-12 13:01 - 00000533 _____ C:\Users\EID ABET\Desktop\ckfiles.txt
2016-12-12 12:46 - 2016-12-12 12:50 - 00014262 _____ C:\Users\EID ABET\Desktop\Fixlog.txt
2016-12-12 11:59 - 2016-12-12 12:57 - 00468480 _____ () C:\Users\EID ABET\Desktop\CKScanner.exe
2016-12-12 08:55 - 2016-12-12 08:56 - 00300100 _____ C:\WINDOWS\Minidump\121216-27796-01.dmp
2016-12-12 08:55 - 2016-12-12 08:55 - 459117854 _____ C:\WINDOWS\MEMORY.DMP
2016-12-12 08:29 - 2016-12-13 08:11 - 00010373 _____ C:\Users\EID ABET\Desktop\FRST.txt
2016-12-12 08:29 - 2016-12-12 08:30 - 00032843 _____ C:\Users\EID ABET\Desktop\Addition.txt
2016-12-12 08:25 - 2016-12-12 08:25 - 00000000 ____D C:\Users\EID ABET\Downloads\FRST-OlderVersion
2016-12-02 11:45 - 2016-12-02 11:45 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\EID ABET\Downloads\flashplayer23_xa_install.exe
2016-12-01 08:37 - 2016-12-01 08:37 - 00000000 ____D C:\Users\EID ABET\Desktop\aaaa
2016-12-01 08:21 - 2016-12-01 08:28 - 00000000 ____D C:\Users\EID ABET\Desktop\New folder
2016-12-01 07:47 - 2016-12-01 07:48 - 00892416 _____ (Farbar) C:\Users\EID ABET\Downloads\MiniToolBox.exe
2016-11-29 13:44 - 2016-11-29 13:44 - 00448971 _____ C:\Users\EID ABET\Documents\IMG_20161129_0001.pdf
2016-11-29 08:26 - 2016-11-29 08:26 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-EIDABET-PC-Windows-10-Pro-(32-bit).dat
2016-11-29 08:26 - 2016-11-29 08:26 - 00000000 ____D C:\RegBackup
2016-11-29 07:49 - 2016-11-29 07:49 - 00183072 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2016-11-29 07:49 - 2016-11-29 07:49 - 00002194 _____ C:\Users\EID ABET\Desktop\Tweaking.com - Windows Repair.lnk
2016-11-29 07:49 - 2016-11-29 07:49 - 00000550 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-11-29 07:49 - 2016-11-29 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-11-29 07:49 - 2016-11-29 07:49 - 00000000 ____D C:\Program Files\Tweaking.com
2016-11-29 07:45 - 2016-11-29 07:47 - 32211176 _____ (Tweaking.com) C:\Users\EID ABET\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-11-29 07:41 - 2016-12-13 08:01 - 00000000 ____D C:\Users\EID ABET\AppData\LocalLow\Mozilla
2016-11-28 13:29 - 2001-01-01 09:22 - 05173624 _____ C:\Users\EID ABET\Desktop\wad boarding pass .pdf
2016-11-28 12:49 - 2016-12-12 08:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-25 16:38 - 2016-11-25 16:39 - 06334848 _____ (AVAST Software) C:\Users\EID ABET\Downloads\avast_free_antivirus_setup_online.exe
2016-11-25 16:27 - 2016-12-12 08:28 - 00032499 _____ C:\Users\EID ABET\Downloads\Addition.txt
2016-11-25 16:25 - 2016-12-13 08:11 - 00000000 ____D C:\FRST
2016-11-25 16:25 - 2016-12-12 08:28 - 00022865 _____ C:\Users\EID ABET\Downloads\FRST.txt
2016-11-25 16:09 - 2016-12-13 07:58 - 00616932 _____ C:\WINDOWS\ntbtlog.txt
2016-11-25 16:09 - 2016-12-13 07:58 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-25 15:33 - 2016-11-25 15:33 - 00000000 ____D C:\Users\EID ABET\Desktop\Slides
2016-11-25 14:54 - 2016-12-12 08:25 - 01761792 _____ (Farbar) C:\Users\EID ABET\Desktop\FRST.exe
2016-11-25 14:40 - 2016-11-25 14:40 - 00000000 ____D C:\$SysReset
2016-11-25 14:04 - 2016-11-25 14:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\EID ABET\Downloads\HijackThis.exe
2016-11-25 11:56 - 2016-11-25 11:56 - 03198066 _____ C:\Users\EID ABET\Downloads\20846668_fd55af6a83d156d2554a2cfd8969abe78c28c557.cab
2016-11-25 11:49 - 2016-11-25 11:52 - 151740327 _____ C:\Users\EID ABET\Downloads\killer_e2200_wireless_netcard_1_1_50_1414_driver.zip
2016-11-25 11:44 - 2016-11-25 11:44 - 02512160 _____ C:\Users\EID ABET\Downloads\win81-10.0.0.308-whql.zip
2016-11-25 07:36 - 2016-11-25 07:39 - 00300156 _____ C:\WINDOWS\Minidump\112516-31703-01.dmp
2016-11-23 10:41 - 2016-11-23 10:41 - 04105259 _____ C:\Users\EID ABET\Downloads\HB 4444 Prohibiting All Forms of Contractualization_TUCP.pdf
2016-11-22 13:58 - 2016-11-22 13:58 - 00449763 _____ C:\Users\EID ABET\Desktop\B1.5 Strategy Plan-post congress_en.pdf
2016-11-22 07:45 - 2016-12-12 08:55 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-21 16:51 - 2016-11-21 16:51 - 00180061 _____ C:\Users\EID ABET\Documents\IMG_20161121_0002.pdf
2016-11-21 16:50 - 2016-11-21 16:50 - 00562206 _____ C:\Users\EID ABET\Documents\IMG_20161121_0001.pdf
2016-11-21 13:46 - 2016-11-21 13:46 - 00000000 ____D C:\ProgramData\EPSON
2016-11-21 13:46 - 2016-11-21 13:46 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-11-21 12:52 - 2016-11-25 16:11 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-21 12:51 - 2016-11-21 12:51 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-21 12:51 - 2016-11-21 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-21 12:51 - 2016-11-21 12:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-21 12:51 - 2016-11-21 12:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-21 12:51 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-21 12:51 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-21 12:51 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-21 12:49 - 2016-11-21 12:51 - 22851472 _____ (Malwarebytes ) C:\Users\EID ABET\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-21 12:40 - 2016-11-25 16:27 - 00000000 ____D C:\AdwCleaner
2016-11-21 12:39 - 2016-11-21 12:40 - 03910208 _____ C:\Users\EID ABET\Downloads\AdwCleaner.exe
2016-11-21 12:14 - 2016-11-21 12:14 - 00357855 _____ C:\Users\EID ABET\Desktop\~WRL2937.tmp
2016-11-21 10:15 - 2016-11-21 10:15 - 00071013 _____ C:\Users\EID ABET\Downloads\Philippine Airlines_18 Nov 2016_YNFDUD_MONTEVIRGEN LUIGI.pdf
2016-11-21 10:14 - 2016-11-21 10:14 - 00070409 _____ C:\Users\EID ABET\Downloads\Philippine Airlines_15 Nov 2016_YNFDUD_MONTEVIRGEN LUIGI (1).pdf
2016-11-21 08:58 - 2016-11-21 08:58 - 00632964 _____ C:\Users\EID ABET\Downloads\WAD2016 passport (1).pdf
2016-11-21 08:57 - 2016-11-21 08:57 - 05587235 _____ C:\Users\EID ABET\Downloads\page 5 (1).pdf
2016-11-21 08:57 - 2016-11-21 08:57 - 04633946 _____ C:\Users\EID ABET\Downloads\page 4 (1).pdf
2016-11-21 08:57 - 2016-11-21 08:57 - 03970649 _____ C:\Users\EID ABET\Downloads\page 3 (1).pdf
2016-11-21 08:56 - 2016-11-21 08:56 - 09046809 _____ C:\Users\EID ABET\Downloads\page 2 (1).pdf
2016-11-21 08:52 - 2016-11-21 08:53 - 21952472 _____ C:\Users\EID ABET\Downloads\page 1 (1).pdf
2016-11-21 08:27 - 2016-11-21 08:28 - 01832378 _____ C:\Users\EID ABET\Downloads\Ludema.zip
2016-11-15 11:17 - 2016-11-15 11:17 - 01787567 _____ C:\Users\EID ABET\Downloads\filename-0=Trade Union Fundamentals and Leadership Seminar (CSCIEU) (1).pd
2016-11-15 11:16 - 2016-11-15 11:16 - 01787567 _____ C:\Users\EID ABET\Downloads\Trade Union Fundamentals and Leadership Seminar(CSCIEU).pdf.pdf
2016-11-15 10:51 - 2016-11-15 10:51 - 00070409 _____ C:\Users\EID ABET\Downloads\Philippine Airlines_15 Nov 2016_YNFDUD_MONTEVIRGEN LUIGI.pdf
2016-11-15 09:26 - 2016-11-15 10:30 - 11727026 _____ C:\Users\EID ABET\Desktop\ANCWtarpWAAD.dpp
2016-11-14 08:46 - 2001-01-01 09:22 - 05173624 _____ C:\Users\EID ABET\Downloads\wad boarding pass .pdf
2016-11-14 08:38 - 2016-11-14 08:38 - 09042660 _____ C:\Users\EID ABET\Downloads\page 2.pdf
2016-11-14 08:38 - 2016-11-14 08:38 - 04617032 _____ C:\Users\EID ABET\Downloads\page 4.pdf
2016-11-14 08:38 - 2016-11-14 08:38 - 03967156 _____ C:\Users\EID ABET\Downloads\page 3.pdf
2016-11-14 08:21 - 2016-11-14 08:23 - 21936044 _____ C:\Users\EID ABET\Downloads\page 1.pdf
2016-11-14 07:42 - 2016-11-14 07:42 - 05587235 _____ C:\Users\EID ABET\Downloads\page 5.pdf
2016-11-14 07:41 - 2016-11-14 07:41 - 00632964 _____ C:\Users\EID ABET\Downloads\WAD2016 passport.pdf
2016-11-14 07:38 - 2016-11-14 07:38 - 09737238 _____ C:\Users\EID ABET\Downloads\WAAD boarding Pass.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-13 08:02 - 2016-09-30 08:57 - 00867260 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-13 07:57 - 2016-09-30 09:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-13 07:57 - 2016-07-16 10:22 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-13 07:56 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-13 07:56 - 2016-07-16 16:29 - 00000000 ____D C:\Program Files\WindowsApps
2016-12-13 07:56 - 2016-07-04 11:15 - 00000000 ____D C:\Users\EID ABET\AppData\Local\Packages
2016-12-13 07:52 - 2016-04-01 12:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-13 07:41 - 2016-07-16 16:28 - 00000000 ____D C:\WINDOWS\INF
2016-12-13 07:37 - 2016-09-30 08:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-12 16:28 - 2016-06-06 17:08 - 00000000 ____D C:\Users\EID ABET\Documents\2016
2016-12-12 16:09 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\rescache
2016-12-12 12:30 - 2016-09-30 08:52 - 00670544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-12 12:29 - 2016-07-16 10:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-12 12:29 - 2016-07-16 10:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-12 12:29 - 2016-07-16 10:22 - 00000000 ____D C:\WINDOWS\servicing
2016-12-12 12:02 - 2016-09-30 08:58 - 00000000 ____D C:\Users\EID ABET
2016-12-12 10:17 - 2016-07-16 16:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-12 08:33 - 2016-04-04 12:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-02 11:45 - 2016-06-23 09:04 - 00000000 ____D C:\Users\EID ABET\AppData\Local\Adobe
2016-12-02 07:53 - 2016-04-29 05:22 - 00051544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-11-29 10:28 - 2016-04-27 12:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-29 10:25 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-29 10:24 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-29 10:24 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-11-29 10:23 - 2016-07-16 16:30 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-29 09:27 - 2016-04-04 13:57 - 00407720 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-11-29 09:25 - 2010-11-21 08:46 - 00000000 ____D C:\WINDOWS\CSC
2016-11-25 16:09 - 2016-06-07 08:09 - 00000000 ____D C:\Users\EID ABET\AppData\Local\ElevatedDiagnostics
2016-11-25 16:03 - 2016-07-04 11:28 - 00000000 ___RD C:\Users\EID ABET\OneDrive
2016-11-25 15:23 - 2016-09-29 08:12 - 00000000 ____D C:\Users\EID ABET\Documents\Driver
2016-11-25 14:54 - 2016-06-09 11:30 - 00000000 ____D C:\Program Files\Google
2016-11-22 07:51 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-21 13:49 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-21 13:46 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-14 11:33 - 2016-11-11 09:46 - 00018111 _____ C:\Users\EID ABET\Documents\starburn.txt
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-12 09:57
==================== End of FRST.txt ============================
addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016
Ran by EID GI (13-12-2016 08:12:44)
Running from C:\Users\EID ABET\Desktop
Microsoft Windows 10 Pro Version 1607 (X86) (2016-09-30 01:20:07)
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-4236182247-2946576656-2820495726-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4236182247-2946576656-2820495726-503 - Limited - Disabled)
EID GI (S-1-5-21-4236182247-2946576656-2820495726-1000 - Administrator - Enabled) => C:\Users\EID ABET
Guest (S-1-5-21-4236182247-2946576656-2820495726-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Blender (HKLM\...\{5184E115-8288-4B8A-B968-21FB39FCCBAB}) (Version: 2.77.1 - Blender Foundation)
Canon E510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_E510_series) (Version: 1.02 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version: - )
EPSON L360 Series Printer Uninstall (HKLM\...\EPSON L360 Series) (Version: - SEIKO EPSON Corporation)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Java 8 Update 102 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (Version: 16.0.1.445 - Kaspersky Lab) Hidden
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
LMMS 1.1.3 (HKLM\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MySQL Workbench 6.3 CE (HKLM\...\{32EECAF8-4CD9-4B9B-93AF-272B6FBF0410}) (Version: 6.3.7 - Oracle Corporation)
RawTherapee version 4.2 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.2 - rawtherapee.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6499 - Realtek Semiconductor Corp.)
Serif DrawPlus Starter Edition (HKLM\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version: - )
TP-LINK TL-WN723N Driver (HKLM\...\{B82D0422-A202-4E51-92F2-821A35CC833F}) (Version: 1.1.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.1.0 - TP-LINK)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.17 - Tweaking.com)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Filmora(Build 7.8.0) (HKLM\...\Wondershare Filmora_is1) (Version: - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
XAMPP (HKLM\...\xampp) (Version: 5.6.24-1 - Bitnami)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {01FEAD6F-74C8-40D8-88F3-6977F61F09CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {0814F25F-1CED-4C12-9F70-591E75C15935} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {203E7437-EF12-4D55-AA98-D0D19301B32F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {249AFC2D-1F9E-4B88-BD85-0F3648F67C54} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {267C6F8A-4251-4E4B-891E-A902A1BBB4C1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {33DF82C1-968C-42A1-9887-C6D425D15044} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36A76F6C-AB0D-4ACC-B8A0-42769B753C8C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3B04BC55-3FEE-4D52-9475-16FD21403BC3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3EC458D0-F00E-47FC-A786-89646B9BF977} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {448EAA86-7D32-4DCB-9B32-B11B75F129D8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {51587011-1054-463C-947E-284385626872} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {68A24525-631E-4528-B54E-B39616F62485} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {707119C3-B0F7-4219-8B47-5733A8212106} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {716024C1-9FAF-48B3-B911-2CC8A1A3CE5F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7BDC8507-DEE5-4098-8681-A6EE70A899E4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D6B2262-79A1-4F9F-A255-205A97B3B04A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {8D7E18A7-B376-4459-99F0-F6204C3B5BDE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {917AD162-B746-46F8-BD96-B062AEBF729B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {95AEF0DA-1669-465C-BE1B-9FE20DC4E812} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {A7042C7B-9068-4DEF-924F-852249D75645} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AAE33E81-D888-4B10-8ED3-8B0B67294DF3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B290781D-9375-47BC-A964-08ABFEA0F89C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BD8CA9F1-FA19-4087-A325-AF254D71881E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E515662C-71AD-4828-BC10-BC05EDDCBAEB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F5984EED-005B-410E-9945-4EA76886A990} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FA627B34-7287-499E-B5A0-02015AF815A3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDA7D037-F301-462B-A0FF-A4EB3E9CE970} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One) Tweaking.com - Windows Repair )Created By Tweaking.com
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-07-16 16:25 - 2016-07-16 16:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-11 10:54 - 2016-09-16 01:32 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-11 10:54 - 2016-09-16 01:32 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 16:25 - 2016-07-16 16:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 08:26 - 2016-11-02 18:46 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 08:27 - 2016-11-02 18:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 08:27 - 2016-11-02 18:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-01 00:47 - 2016-10-01 00:47 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 08:27 - 2016-11-02 18:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 08:27 - 2016-11-02 18:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
iver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 10:04 - 2016-11-29 08:57 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\EID ABET\Documents\2016\Vectors\Panalangin.png
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apache2.4 => 2
MSCONFIG\Services: KMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: mysql => 2
HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\...\StartupApproved\Run: => "OneDrive"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => LPort=808
FirewallRules: [{194EFB70-1678-479F-A800-F654C44A91C5}] => C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{DFA1C21A-CE0C-4C58-8271-0C8DC0742910}] => C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{533A10FC-DE4C-4F8C-968D-0D218DCD37B4}] => C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{97F39D8E-A4C9-4566-895F-F36FB13770F1}] => C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4D8498AA-B57D-4084-BE38-F95BB8338445}] => C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{3C6A0137-898B-4CA6-AAB2-D798BD058C6E}] => C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B179B575-D74E-4A5A-ADB1-5578DBB4EF8B}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{36EB9BEB-5ADE-4D20-A80E-1B63DDC5B6EC}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{766BDF72-0EE4-4F36-949F-D72461C2E9BA}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{32C5DA6B-1D6F-4180-B061-9FC172558990}] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{F6202490-FCD1-4887-BE3B-C2069D93760A}] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{0BA1D169-BED8-4049-9560-1D95E04ECDE9}] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
==================== Restore Points =========================
28-11-2016 07:50:08 Scheduled Checkpoint
12-12-2016 09:58:29 Windows Update
==================== Faulty Device Manager Devices =============
Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/13/2016 08:00:05 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\EIDABE~1\AppData\Local\Temp\jrt\CreateRestorePoint.exe "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).
Error: (12/13/2016 07:58:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/13/2016 07:58:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
Error: (12/13/2016 07:46:31 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (12/13/2016 07:46:31 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (12/13/2016 07:46:31 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (12/13/2016 07:46:31 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
Context: Windows Application, SystemIndex Catalog
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (12/13/2016 07:46:05 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: avpui.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Terminate on fatal exception on start application
Stack:
at System.Environment.FailFast(System.String, System.Exception)
at KasperskyLab.UI.Common.ExceptionPolicy.ProcessExceptionOnStartApplication(System.Exception, System.String)
at KasperskyLab.Kis.UI.EntryPoint.<Start>b__10(System.Exception)
at KasperskyLab.UI.Common.Vb.ExceptionsProcessor.ExecuteActionWithExceptionFilter(System.Action, System.Func`2<System.Exception,Boolean>)
at KasperskyLab.Kis.UI.Bootstrapper..ctor(System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>)
at KasperskyLab.Kis.UI.EntryPoint.StartImpl(KasperskyLab.Kis.UI.Services.GuiStartMode, System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>)
at KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClass12.<Start>b__f()
at KasperskyLab.UI.Common.Vb.ExceptionsProcessor.ExecuteActionWithExceptionFilter(System.Action, System.Func`2<System.Exception,Boolean>)
at KasperskyLab.Kis.UI.EntryPoint.Start(KasperskyLab.Kis.UI.Services.GuiStartMode, System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>)
at KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClassd.<PreloadImpl>b__c()
at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart()
Error: (12/13/2016 07:46:00 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Error: (12/13/2016 07:46:00 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
Context: Windows Application
Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
System errors:
=============
Error: (12/13/2016 08:13:14 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (12/13/2016 08:12:45 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (12/13/2016 08:12:45 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (12/13/2016 08:12:45 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/13/2016 08:12:39 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (12/13/2016 08:12:39 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (12/13/2016 08:12:39 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/13/2016 08:11:51 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (12/13/2016 08:11:08 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (12/13/2016 08:11:08 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
CodeIntegrity:
===================================
Date: 2016-12-12 10:31:26.782
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-12-12 10:31:26.610
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-12-12 10:31:26.167
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-12-12 10:31:25.616
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2016-12-12 10:31:25.402
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Date: 2016-12-12 10:31:25.242
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Date: 2016-12-12 10:31:22.771
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2016-12-12 10:31:20.279
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.
Date: 2016-12-12 09:57:59.701
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2016-11-29 09:55:20.260
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
Processor: AMD A6-3500 APU with Radeon HD Graphics
Percentage of memory in use: 50%
Total physical RAM: 2811.53 MB
Available physical RAM: 1394.01 MB
Total Virtual: 5627.53 MB
Available Virtual: 4308.74 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:243.6 GB) (Free:189.7 GB) NTFS
Drive d: () (Fixed) (Total:221.62 GB) (Free:121.08 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BF7FBED8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
*Note: I'm kind of freaking out at the MGA Diagnostic Report since I'm sure this copy is genuine and that it came from a free upgrade from Win7. After I ran ADWCleaner instead of MalwareBytes my Win10 apps started to say that the trial version has expired.
Edited by Dyjinn, 12 December 2016 - 06:19 PM.