[Dyjinn]

Whenever I run a program that requires admin privileges, I get the message saying "The request is not supported."

I am currently using a Windows 10 OS.

 

Update: Seems like anything I Run as Administrator does not work. Tried a few other programs and I had the same problem.

Edited by Dyjinn, 25 November 2016 - 01:41 AM.

[Advertisements]

Hello Dyjinn,

 

Welcome to the Malware forum at Geekstogo.

 

I see from your topic in the Windows 10 forum that you are managing to run some programs in Safe Mode.

 

Let's see if we can run FRST from Safe Mode to let us have a look and see what we can find.
 
Now
 
Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

For Internet Explorer (excluding IE8):

• Please press both Ctrl + J on your keyboard.
• Press Options in the lower left corner.
• Click Browse and in the shown window highlight your Desktop.
• When done, click Select Folder.
• Click OK and close the View Downloads screen.

Please note that Internet Explorer 8 doesn't support changing the downloads location. In this case, upon completion you need to navigate to the Downloads folder and transfer the tool to your Desktop.

For Mozilla Firefox:

• Click the button (upper-right corner) and select Options.
• In the General tab find the Downloads section and check Save files to.
• Click Browse, Navigate to the Desktop and click Select Folder.
• Click OK and the Window will close.

For Google Chrome:

• Click the button (upper-right corner) and select Settings.
• Scroll down and at the bottom press Show advanced settings.
• Scroll down to the Downloads section and click the Change button.
• Navigate to your Desktop and click OK.

Next

Please enter Safe Mode and download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

[emeraldnzl]

Hello Dyjinn,

 

Welcome to the Malware forum at Geekstogo.

 

I see from your topic in the Windows 10 forum that you are managing to run some programs in Safe Mode.

 

Let's see if we can run FRST from Safe Mode to let us have a look and see what we can find.
 
Now
 
Important - We ask that the tools we use be downloaded to your computers desktop.

If you are unsure about how to do that, please press the Show button beside Spoiler below to see guides for the most popular browsers:

Spoiler

For Internet Explorer (excluding IE8):

• Please press both Ctrl + J on your keyboard.
• Press Options in the lower left corner.
• Click Browse and in the shown window highlight your Desktop.
• When done, click Select Folder.
• Click OK and close the View Downloads screen.

Please note that Internet Explorer 8 doesn't support changing the downloads location. In this case, upon completion you need to navigate to the Downloads folder and transfer the tool to your Desktop.

For Mozilla Firefox:

• Click the button (upper-right corner) and select Options.
• In the General tab find the Downloads section and check Save files to.
• Click Browse, Navigate to the Desktop and click Select Folder.
• Click OK and the Window will close.

For Google Chrome:

• Click the button (upper-right corner) and select Settings.
• Scroll down and at the bottom press Show advanced settings.
• Scroll down to the Downloads section and click the Change button.
• Navigate to your Desktop and click OK.

Next

Please enter Safe Mode and download Farbar Recovery Scan Tool from here and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called (FRST.txt) in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

 

[Dyjinn]

Hi, really sorry that I replied this late since I had to attend a business trip. Will do so and update you on what comes up.

[Dyjinn]

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by EID GI (administrator) on EIDABET-PC (12-12-2016 08:29:21)
Running from C:\Users\EID ABET\Desktop
Loaded Profiles: EID GI (Available Profiles: EID GI)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Serif (Europe) Ltd) C:\Program Files\Serif\DrawPlus Starter Edition\2.0\Program\DrawPlus Starter Edition.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6310504 2011-11-08] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-04-04]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{9b81d74b-3550-4a80-bf57-7758e2fb14f4}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{ed0daf03-451d-4329-bdad-445df51ec114}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{f47d1650-524b-4395-81b6-cd8eff028994}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-14] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\EID ABET\AppData\Roaming\Mozilla\Firefox\Profiles\13n43ts3.default-1465183135788 [2016-12-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default [2016-11-25]
CHR Extension: (Adblock Plus) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-14]
CHR Extension: (Pinterest Save Button) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-03]
CHR Extension: (Kaspersky Protection) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-08-10]
CHR Extension: (Ghostery) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apache2.4; D:\eclipse php\xampp\apache\bin\httpd.exe [23040 2016-07-07] (Apache Software Foundation) [File not signed]
S2 AVP16.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 KMService; C:\Windows\system32\srvany.exe [8192 2016-04-01] () [File not signed]
S4 mysql; D:\eclipse php\xampp\mysql\bin\mysqld.exe [11738568 2016-07-18] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R3 FETNDIS; C:\WINDOWS\System32\drivers\fetn63.sys [47616 2016-07-16] (VIA Technologies, Inc.              )
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [155304 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [66440 2015-12-01] (AO Kaspersky Lab)
S2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [67456 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [25208 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [145800 2015-12-11] (AO Kaspersky Lab)
S1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [51544 2016-12-02] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [165464 2016-11-24] (AO Kaspersky Lab)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [770904 2016-08-17] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [45144 2016-04-29] (AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [46464 2015-11-11] (AO Kaspersky Lab)
S3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [37560 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [41864 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [74160 2016-08-17] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [93528 2016-08-17] (AO Kaspersky Lab)
S1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [161672 2015-12-03] (AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-25] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3245056 2016-07-16] (Realtek Semiconductor Corporation                           )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 08:29 - 2016-12-12 08:29 - 00011151 _____ C:\Users\EID ABET\Desktop\FRST.txt
2016-12-12 08:25 - 2016-12-12 08:25 - 00000000 ____D C:\Users\EID ABET\Downloads\FRST-OlderVersion
2016-12-02 11:45 - 2016-12-02 11:45 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\EID ABET\Downloads\flashplayer23_xa_install.exe
2016-12-01 08:37 - 2016-12-01 08:37 - 00000000 ____D C:\Users\EID ABET\Desktop\aaaa
2016-12-01 08:21 - 2016-12-01 08:28 - 00000000 ____D C:\Users\EID ABET\Desktop\New folder
2016-12-01 07:47 - 2016-12-01 07:48 - 00892416 _____ (Farbar) C:\Users\EID ABET\Downloads\MiniToolBox.exe
2016-11-29 13:44 - 2016-11-29 13:44 - 00448971 _____ C:\Users\EID ABET\Documents\IMG_20161129_0001.pdf
2016-11-29 08:26 - 2016-11-29 08:26 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-EIDABET-PC-Windows-10-Pro-(32-bit).dat
2016-11-29 08:26 - 2016-11-29 08:26 - 00000000 ____D C:\RegBackup
2016-11-29 07:49 - 2016-11-29 07:49 - 00183072 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2016-11-29 07:49 - 2016-11-29 07:49 - 00002194 _____ C:\Users\EID ABET\Desktop\Tweaking.com - Windows Repair.lnk
2016-11-29 07:49 - 2016-11-29 07:49 - 00000550 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-11-29 07:49 - 2016-11-29 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-11-29 07:49 - 2016-11-29 07:49 - 00000000 ____D C:\Program Files\Tweaking.com
2016-11-29 07:45 - 2016-11-29 07:47 - 32211176 _____ (Tweaking.com) C:\Users\EID ABET\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-11-29 07:41 - 2016-12-12 08:21 - 00000000 ____D C:\Users\EID ABET\AppData\LocalLow\Mozilla
2016-11-28 13:29 - 2001-01-01 09:22 - 05173624 _____ C:\Users\EID ABET\Desktop\wad boarding pass .pdf
2016-11-28 12:49 - 2016-12-12 08:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-25 16:38 - 2016-11-25 16:39 - 06334848 _____ (AVAST Software) C:\Users\EID ABET\Downloads\avast_free_antivirus_setup_online.exe
2016-11-25 16:27 - 2016-12-12 08:28 - 00032499 _____ C:\Users\EID ABET\Downloads\Addition.txt
2016-11-25 16:25 - 2016-12-12 08:29 - 00000000 ____D C:\FRST
2016-11-25 16:25 - 2016-12-12 08:28 - 00022865 _____ C:\Users\EID ABET\Downloads\FRST.txt
2016-11-25 16:09 - 2016-12-12 08:21 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-25 16:09 - 2016-12-12 08:20 - 00266624 _____ C:\WINDOWS\ntbtlog.txt
2016-11-25 15:33 - 2016-11-25 15:33 - 00000000 ____D C:\Users\EID ABET\Desktop\Slides
2016-11-25 14:54 - 2016-12-12 08:25 - 01761792 _____ (Farbar) C:\Users\EID ABET\Desktop\FRST.exe
2016-11-25 14:40 - 2016-11-25 14:40 - 00000000 ____D C:\$SysReset
2016-11-25 14:04 - 2016-11-25 14:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\EID ABET\Downloads\HijackThis.exe
2016-11-25 11:56 - 2016-11-25 11:56 - 03198066 _____ C:\Users\EID ABET\Downloads\20846668_fd55af6a83d156d2554a2cfd8969abe78c28c557.cab
2016-11-25 11:49 - 2016-11-25 11:52 - 151740327 _____ C:\Users\EID ABET\Downloads\killer_e2200_wireless_netcard_1_1_50_1414_driver.zip
2016-11-25 11:44 - 2016-11-25 11:44 - 02512160 _____ C:\Users\EID ABET\Downloads\win81-10.0.0.308-whql.zip
2016-11-25 07:36 - 2016-11-25 07:39 - 00300156 _____ C:\WINDOWS\Minidump\112516-31703-01.dmp
2016-11-23 10:41 - 2016-11-23 10:41 - 04105259 _____ C:\Users\EID ABET\Downloads\HB 4444 Prohibiting All Forms of Contractualization_TUCP.pdf
2016-11-22 13:58 - 2016-11-22 13:58 - 00449763 _____ C:\Users\EID ABET\Desktop\B1.5 Strategy Plan-post congress_en.pdf
2016-11-22 07:45 - 2016-12-12 07:52 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-21 16:51 - 2016-11-21 16:51 - 00180061 _____ C:\Users\EID ABET\Documents\IMG_20161121_0002.pdf
2016-11-21 16:50 - 2016-11-21 16:50 - 00562206 _____ C:\Users\EID ABET\Documents\IMG_20161121_0001.pdf
2016-11-21 13:46 - 2016-11-21 13:46 - 00000000 ____D C:\ProgramData\EPSON
2016-11-21 13:46 - 2016-11-21 13:46 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-11-21 12:52 - 2016-11-25 16:11 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-21 12:51 - 2016-11-21 12:51 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-21 12:51 - 2016-11-21 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-21 12:51 - 2016-11-21 12:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-21 12:51 - 2016-11-21 12:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-21 12:51 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-21 12:51 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-21 12:51 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-21 12:49 - 2016-11-21 12:51 - 22851472 _____ (Malwarebytes ) C:\Users\EID ABET\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-21 12:40 - 2016-11-25 16:27 - 00000000 ____D C:\AdwCleaner
2016-11-21 12:39 - 2016-11-21 12:40 - 03910208 _____ C:\Users\EID ABET\Downloads\AdwCleaner.exe
2016-11-21 12:14 - 2016-11-21 12:14 - 00357855 _____ C:\Users\EID ABET\Desktop\~WRL2937.tmp
2016-11-21 10:15 - 2016-11-21 10:15 - 00071013 _____ C:\Users\EID ABET\Downloads\Philippine Airlines_18 Nov 2016_YNFDUD_MONTEVIRGEN  LUIGI.pdf
2016-11-21 10:14 - 2016-11-21 10:14 - 00070409 _____ C:\Users\EID ABET\Downloads\Philippine Airlines_15 Nov 2016_YNFDUD_MONTEVIRGEN  LUIGI (1).pdf
2016-11-21 08:58 - 2016-11-21 08:58 - 00632964 _____ C:\Users\EID ABET\Downloads\WAD2016 passport (1).pdf
2016-11-21 08:57 - 2016-11-21 08:57 - 05587235 _____ C:\Users\EID ABET\Downloads\page 5 (1).pdf
2016-11-21 08:57 - 2016-11-21 08:57 - 04633946 _____ C:\Users\EID ABET\Downloads\page 4 (1).pdf
2016-11-21 08:57 - 2016-11-21 08:57 - 03970649 _____ C:\Users\EID ABET\Downloads\page 3 (1).pdf
2016-11-21 08:56 - 2016-11-21 08:56 - 09046809 _____ C:\Users\EID ABET\Downloads\page 2 (1).pdf
2016-11-21 08:52 - 2016-11-21 08:53 - 21952472 _____ C:\Users\EID ABET\Downloads\page 1 (1).pdf
2016-11-21 08:27 - 2016-11-21 08:28 - 01832378 _____ C:\Users\EID ABET\Downloads\Ludema.zip
2016-11-15 11:17 - 2016-11-15 11:17 - 01787567 _____ C:\Users\EID ABET\Downloads\filename-0=Trade Union Fundamentals and Leadership Seminar   (CSCIEU) (1).pd
2016-11-15 11:16 - 2016-11-15 11:16 - 01787567 _____ C:\Users\EID ABET\Downloads\Trade Union Fundamentals and Leadership Seminar(CSCIEU).pdf.pdf
2016-11-15 10:51 - 2016-11-15 10:51 - 00070409 _____ C:\Users\EID ABET\Downloads\Philippine Airlines_15 Nov 2016_YNFDUD_MONTEVIRGEN  LUIGI.pdf
2016-11-15 09:26 - 2016-11-15 10:30 - 11727026 _____ C:\Users\EID ABET\Desktop\ANCWtarpWAAD.dpp
2016-11-14 08:46 - 2001-01-01 09:22 - 05173624 _____ C:\Users\EID ABET\Downloads\wad boarding pass .pdf
2016-11-14 08:38 - 2016-11-14 08:38 - 09042660 _____ C:\Users\EID ABET\Downloads\page 2.pdf
2016-11-14 08:38 - 2016-11-14 08:38 - 04617032 _____ C:\Users\EID ABET\Downloads\page 4.pdf
2016-11-14 08:38 - 2016-11-14 08:38 - 03967156 _____ C:\Users\EID ABET\Downloads\page 3.pdf
2016-11-14 08:21 - 2016-11-14 08:23 - 21936044 _____ C:\Users\EID ABET\Downloads\page 1.pdf
2016-11-14 07:42 - 2016-11-14 07:42 - 05587235 _____ C:\Users\EID ABET\Downloads\page 5.pdf
2016-11-14 07:41 - 2016-11-14 07:41 - 00632964 _____ C:\Users\EID ABET\Downloads\WAD2016 passport.pdf
2016-11-14 07:38 - 2016-11-14 07:38 - 09737238 _____ C:\Users\EID ABET\Downloads\WAAD boarding Pass.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-12 08:24 - 2016-09-30 08:57 - 00861244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-12 08:21 - 2016-04-04 12:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-12 08:20 - 2016-07-16 10:22 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-12 08:19 - 2016-09-30 09:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-12 08:17 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-12 08:17 - 2016-04-01 12:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-12 08:15 - 2016-09-30 08:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-12 08:02 - 2016-07-16 16:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-12 08:01 - 2016-07-16 16:29 - 00000000 ____D C:\Program Files\WindowsApps
2016-12-12 07:51 - 2016-07-16 16:28 - 00000000 ____D C:\WINDOWS\INF
2016-12-12 07:49 - 2016-09-30 08:58 - 00000000 ____D C:\Users\EID ABET
2016-12-02 16:53 - 2016-06-06 17:08 - 00000000 ____D C:\Users\EID ABET\Documents\2016
2016-12-02 11:45 - 2016-06-23 09:04 - 00000000 ____D C:\Users\EID ABET\AppData\Local\Adobe
2016-12-02 07:53 - 2016-04-29 05:22 - 00051544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-11-29 10:28 - 2016-04-27 12:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-29 10:27 - 2016-09-30 08:52 - 00670544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-29 10:25 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-29 10:25 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-29 10:25 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-29 10:24 - 2016-07-16 16:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-29 10:24 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-29 10:24 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-29 10:24 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-11-29 10:24 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-29 10:23 - 2016-07-16 16:30 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-29 09:27 - 2016-04-04 13:57 - 00407720 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-11-29 09:25 - 2010-11-21 08:46 - 00000000 ____D C:\WINDOWS\CSC
2016-11-29 09:06 - 2016-07-04 11:15 - 00000000 ____D C:\Users\EID ABET\AppData\Local\Packages
2016-11-25 16:09 - 2016-06-07 08:09 - 00000000 ____D C:\Users\EID ABET\AppData\Local\ElevatedDiagnostics
2016-11-25 16:03 - 2016-07-04 11:28 - 00000000 ___RD C:\Users\EID ABET\OneDrive
2016-11-25 15:23 - 2016-09-29 08:12 - 00000000 ____D C:\Users\EID ABET\Documents\Driver
2016-11-25 14:54 - 2016-06-09 11:30 - 00000000 ____D C:\Program Files\Google
2016-11-22 07:51 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-21 13:49 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-21 13:46 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-14 11:33 - 2016-11-11 09:46 - 00018111 _____ C:\Users\EID ABET\Documents\starburn.txt

==================== Files in the root of some directories =======

2016-11-11 11:15 - 2016-11-11 11:15 - 0002163 _____ () C:\Users\EID ABET\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-11-29 09:55

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016
Ran by EID GI (12-12-2016 08:29:54)
Running from C:\Users\EID ABET\Desktop
Microsoft Windows 10 Pro Version 1607 (X86) (2016-09-30 01:20:07)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4236182247-2946576656-2820495726-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4236182247-2946576656-2820495726-503 - Limited - Disabled)
EID GI (S-1-5-21-4236182247-2946576656-2820495726-1000 - Administrator - Enabled) => C:\Users\EID ABET
Guest (S-1-5-21-4236182247-2946576656-2820495726-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Blender (HKLM\...\{5184E115-8288-4B8A-B968-21FB39FCCBAB}) (Version: 2.77.1 - Blender Foundation)
Canon E510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_E510_series) (Version: 1.02 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
EPSON L360 Series Printer Uninstall (HKLM\...\EPSON L360 Series) (Version:  - SEIKO EPSON Corporation)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Java 8 Update 102 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (Version: 16.0.1.445 - Kaspersky Lab) Hidden
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
LMMS 1.1.3 (HKLM\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MySQL Workbench 6.3 CE (HKLM\...\{32EECAF8-4CD9-4B9B-93AF-272B6FBF0410}) (Version: 6.3.7 - Oracle Corporation)
RawTherapee version 4.2 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.2 - rawtherapee.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6499 - Realtek Semiconductor Corp.)
Serif DrawPlus Starter Edition (HKLM\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
TP-LINK TL-WN723N Driver (HKLM\...\{B82D0422-A202-4E51-92F2-821A35CC833F}) (Version: 1.1.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.1.0 - TP-LINK)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.17 - Tweaking.com)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Filmora(Build 7.8.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
XAMPP (HKLM\...\xampp) (Version: 5.6.24-1 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01FEAD6F-74C8-40D8-88F3-6977F61F09CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {0814F25F-1CED-4C12-9F70-591E75C15935} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {189AD279-3324-417D-A230-DB9CF6E94E08} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {203E7437-EF12-4D55-AA98-D0D19301B32F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {249AFC2D-1F9E-4B88-BD85-0F3648F67C54} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {267C6F8A-4251-4E4B-891E-A902A1BBB4C1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {33DF82C1-968C-42A1-9887-C6D425D15044} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36A76F6C-AB0D-4ACC-B8A0-42769B753C8C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3B04BC55-3FEE-4D52-9475-16FD21403BC3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3B9CC8E2-F632-4AA1-9B5E-663FA8A68415} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {3EC458D0-F00E-47FC-A786-89646B9BF977} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {448EAA86-7D32-4DCB-9B32-B11B75F129D8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {47E1708A-9D41-4E26-A544-9DDA8459A9EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {51587011-1054-463C-947E-284385626872} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {5C406DA2-42E3-4D82-A47D-B104D3EDC6E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {68A24525-631E-4528-B54E-B39616F62485} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {707119C3-B0F7-4219-8B47-5733A8212106} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {716024C1-9FAF-48B3-B911-2CC8A1A3CE5F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {73672978-DAE3-4B71-B6E0-9590B0B90624} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {763499B5-9785-4F78-A190-A8E00F95CE89} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {7BDC8507-DEE5-4098-8681-A6EE70A899E4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {85A70E1A-B341-4C2A-874C-66DD6C48D242} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8D6B2262-79A1-4F9F-A255-205A97B3B04A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {8D7E18A7-B376-4459-99F0-F6204C3B5BDE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {917AD162-B746-46F8-BD96-B062AEBF729B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {934541A5-701C-4F29-BE99-ED052C6A7B20} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {95AEF0DA-1669-465C-BE1B-9FE20DC4E812} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {A7042C7B-9068-4DEF-924F-852249D75645} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AAE33E81-D888-4B10-8ED3-8B0B67294DF3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B290781D-9375-47BC-A964-08ABFEA0F89C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B6071680-64C1-43B6-B2FB-350FAD8CC033} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B707EDBB-FF4A-468D-84F8-1ECD193B6AC1} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BD621B11-25A9-4AD0-85AC-19AC3F7B08D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BD8CA9F1-FA19-4087-A325-AF254D71881E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BE99D6C1-3062-43D7-B3AA-92AC5F19FF41} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C5E8FCE8-8D5C-4379-A515-4DBAC53B219D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D61FF40F-C6B4-4BDF-B7A2-E3D22F3675A6} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {DACDFD89-9C39-41AC-AE4B-5F2C700F4761} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E515662C-71AD-4828-BC10-BC05EDDCBAEB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E71761AA-84C3-4130-A0B8-6526F753F44B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EACD1969-5C09-4939-B8FC-86D75B0B98B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EE86421C-422E-4BEB-BE29-305DD6BE6E0F} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {F5984EED-005B-410E-9945-4EA76886A990} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FA627B34-7287-499E-B5A0-02015AF815A3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDA7D037-F301-462B-A0FF-A4EB3E9CE970} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One) Tweaking.com - Windows Repair )Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 16:25 - 2016-07-16 16:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-11 10:54 - 2016-09-16 01:32 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-11 10:54 - 2016-09-16 01:32 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 16:25 - 2016-07-16 16:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 08:26 - 2016-11-02 18:46 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 08:27 - 2016-11-02 18:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 08:27 - 2016-11-02 18:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-01 00:47 - 2016-10-01 00:47 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 08:27 - 2016-11-02 18:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 08:27 - 2016-11-02 18:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-05-11 16:55 - 2012-05-11 16:55 - 05827920 _____ () C:\Program Files\Serif\DrawPlus Starter Edition\2.0\Program\SerifAVU.dll
2012-05-11 16:55 - 2012-05-11 16:55 - 00076624 _____ () C:\Program Files\Serif\DrawPlus Starter Edition\2.0\Program\SerifThreeDU.dll
2010-05-13 12:50 - 2010-05-13 12:50 - 00020232 _____ () C:\Program Files\Serif\DrawPlus Starter Edition\2.0\Program\lpf.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
iver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2016-11-29 08:57 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\EID ABET\Documents\2016\Vectors\Panalangin.png
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apache2.4 => 2
MSCONFIG\Services: KMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: mysql => 2
HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => LPort=808
FirewallRules: [{194EFB70-1678-479F-A800-F654C44A91C5}] => C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{DFA1C21A-CE0C-4C58-8271-0C8DC0742910}] => C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{533A10FC-DE4C-4F8C-968D-0D218DCD37B4}] => C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{97F39D8E-A4C9-4566-895F-F36FB13770F1}] => C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4D8498AA-B57D-4084-BE38-F95BB8338445}] => C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{3C6A0137-898B-4CA6-AAB2-D798BD058C6E}] => C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B179B575-D74E-4A5A-ADB1-5578DBB4EF8B}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{36EB9BEB-5ADE-4D20-A80E-1B63DDC5B6EC}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{766BDF72-0EE4-4F36-949F-D72461C2E9BA}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{32C5DA6B-1D6F-4180-B061-9FC172558990}] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{F6202490-FCD1-4887-BE3B-C2069D93760A}] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{0BA1D169-BED8-4049-9560-1D95E04ECDE9}] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

==================== Restore Points =========================

28-11-2016 07:50:08 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2016 08:24:52 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 08:22:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 08:21:49 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.Windows.Apprep.ChxApp_cw5n1h2txyewy:App.AppXc99k5qnnsvxj5szemm7fp3g7y08we5vm.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 08:21:20 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 08:21:08 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 08:19:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927139 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 08:19:23 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.WindowsAlarms_8wekyb3d8bbwe!App failed with error: -2144927139 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 08:19:22 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927139 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 08:17:37 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/12/2016 08:17:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.StickyNotes.exe, version: 1.2.14.0, time stamp: 0x582b47c0
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.14393.351, time stamp: 0x5801a7ad
Exception code: 0xc000027b
Fault offset: 0x008b7b42
Faulting process id: 0x143c
Faulting application start time: 0x01d2540d1ac12a45
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.2.14.0_x86__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 3c520e70-891a-41ec-bacb-f2f9a9998eec
Faulting package full name: Microsoft.MicrosoftStickyNotes_1.2.14.0_x86__8wekyb3d8bbwe
Faulting package-relative application ID: App


System errors:
=============
Error: (12/12/2016 08:29:55 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2016 08:29:55 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2016 08:29:52 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2016 08:29:52 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2016 08:29:52 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/12/2016 08:29:42 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2016 08:29:42 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2016 08:29:42 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2016 08:29:42 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/12/2016 08:29:42 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
  Date: 2016-11-29 09:55:20.260
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-29 09:25:26.971
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-10-14 10:19:04.763
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-10-14 10:19:04.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-10-14 10:19:04.562
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-10-14 10:19:04.305
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-10-14 10:19:04.172
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-10-14 10:19:03.955
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-10-14 10:19:01.467
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-10-14 10:19:00.776
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-3500 APU with Radeon™ HD Graphics
Percentage of memory in use: 43%
Total physical RAM: 2811.53 MB
Available physical RAM: 1579.21 MB
Total Virtual: 5627.53 MB
Available Virtual: 4539.28 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.6 GB) (Free:191.8 GB) NTFS
Drive d: () (Fixed) (Total:221.62 GB) (Free:121.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BF7FBED8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

[emeraldnzl]

Hello Dyjinn,

Now

Open notepad.

Please copy the contents of the code box below.

To do this highlight (click in the box and press Ctrl + A) the contents of the box and right click on it. Paste this into the open notepad. Save it to the Desktop as fixlist.txt.

Alternatively type the contents of the box into notepad and save it to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
2016-11-11 11:15 - 2016-11-11 11:15 - 0002163 _____ () C:\Users\EID ABET\AppData\Local\recently-used.xbel
Task: {189AD279-3324-417D-A230-DB9CF6E94E08} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3B9CC8E2-F632-4AA1-9B5E-663FA8A68415} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {47E1708A-9D41-4E26-A544-9DDA8459A9EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5C406DA2-42E3-4D82-A47D-B104D3EDC6E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {73672978-DAE3-4B71-B6E0-9590B0B90624} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {763499B5-9785-4F78-A190-A8E00F95CE89} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {85A70E1A-B341-4C2A-874C-66DD6C48D242} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {934541A5-701C-4F29-BE99-ED052C6A7B20} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B6071680-64C1-43B6-B2FB-350FAD8CC033} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B707EDBB-FF4A-468D-84F8-1ECD193B6AC1} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BD621B11-25A9-4AD0-85AC-19AC3F7B08D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BE99D6C1-3062-43D7-B3AA-92AC5F19FF41} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C5E8FCE8-8D5C-4379-A515-4DBAC53B219D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D61FF40F-C6B4-4BDF-B7A2-E3D22F3675A6} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {DACDFD89-9C39-41AC-AE4B-5F2C700F4761} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E71761AA-84C3-4130-A0B8-6526F753F44B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EACD1969-5C09-4939-B8FC-86D75B0B98B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EE86421C-422E-4BEB-BE29-305DD6BE6E0F} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:

This script is specifically written for the infection on this person's computer. It should NOT to be used on another machine. It may cause serious damage even to the point of rendering the computer unusable.

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Download CKScanner from here

Important : Save it to your desktop.

• Doubleclick (Vista and above - right click and run as Administrator) CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File.
• A message box will verify that the file is saved.
• Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

So when you return please post

• Fixlog.txt
• CKFiles.txt

 

[Dyjinn]

fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016
Ran by EID GI (12-12-2016 12:46:33) Run:1
Running from C:\Users\EID ABET\Desktop
Loaded Profiles: EID GI (Available Profiles: EID GI)
Boot Mode: Safe Mode (with Networking)

==============================================

fixlist content:
*****************
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [No File]
2016-11-11 11:15 - 2016-11-11 11:15 - 0002163 _____ () C:\Users\EID ABET\AppData\Local\recently-used.xbel
Task: {189AD279-3324-417D-A230-DB9CF6E94E08} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3B9CC8E2-F632-4AA1-9B5E-663FA8A68415} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {47E1708A-9D41-4E26-A544-9DDA8459A9EB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5C406DA2-42E3-4D82-A47D-B104D3EDC6E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {73672978-DAE3-4B71-B6E0-9590B0B90624} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {763499B5-9785-4F78-A190-A8E00F95CE89} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {85A70E1A-B341-4C2A-874C-66DD6C48D242} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {934541A5-701C-4F29-BE99-ED052C6A7B20} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B6071680-64C1-43B6-B2FB-350FAD8CC033} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {B707EDBB-FF4A-468D-84F8-1ECD193B6AC1} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {BD621B11-25A9-4AD0-85AC-19AC3F7B08D2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BE99D6C1-3062-43D7-B3AA-92AC5F19FF41} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C5E8FCE8-8D5C-4379-A515-4DBAC53B219D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D61FF40F-C6B4-4BDF-B7A2-E3D22F3675A6} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {DACDFD89-9C39-41AC-AE4B-5F2C700F4761} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E71761AA-84C3-4130-A0B8-6526F753F44B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EACD1969-5C09-4939-B8FC-86D75B0B98B2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {EE86421C-422E-4BEB-BE29-305DD6BE6E0F} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
EmptyTemp:
*****************

"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully.
"HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully.
C:\Users\EID ABET\AppData\Local\recently-used.xbel => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{189AD279-3324-417D-A230-DB9CF6E94E08}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{189AD279-3324-417D-A230-DB9CF6E94E08}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B9CC8E2-F632-4AA1-9B5E-663FA8A68415}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B9CC8E2-F632-4AA1-9B5E-663FA8A68415}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47E1708A-9D41-4E26-A544-9DDA8459A9EB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E1708A-9D41-4E26-A544-9DDA8459A9EB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C406DA2-42E3-4D82-A47D-B104D3EDC6E5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C406DA2-42E3-4D82-A47D-B104D3EDC6E5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{73672978-DAE3-4B71-B6E0-9590B0B90624}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73672978-DAE3-4B71-B6E0-9590B0B90624}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{763499B5-9785-4F78-A190-A8E00F95CE89}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{763499B5-9785-4F78-A190-A8E00F95CE89}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85A70E1A-B341-4C2A-874C-66DD6C48D242}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85A70E1A-B341-4C2A-874C-66DD6C48D242}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{934541A5-701C-4F29-BE99-ED052C6A7B20}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{934541A5-701C-4F29-BE99-ED052C6A7B20}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B6071680-64C1-43B6-B2FB-350FAD8CC033}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6071680-64C1-43B6-B2FB-350FAD8CC033}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B707EDBB-FF4A-468D-84F8-1ECD193B6AC1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B707EDBB-FF4A-468D-84F8-1ECD193B6AC1}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD621B11-25A9-4AD0-85AC-19AC3F7B08D2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD621B11-25A9-4AD0-85AC-19AC3F7B08D2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE99D6C1-3062-43D7-B3AA-92AC5F19FF41}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE99D6C1-3062-43D7-B3AA-92AC5F19FF41}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5E8FCE8-8D5C-4379-A515-4DBAC53B219D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5E8FCE8-8D5C-4379-A515-4DBAC53B219D}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D61FF40F-C6B4-4BDF-B7A2-E3D22F3675A6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D61FF40F-C6B4-4BDF-B7A2-E3D22F3675A6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DACDFD89-9C39-41AC-AE4B-5F2C700F4761}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DACDFD89-9C39-41AC-AE4B-5F2C700F4761}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E71761AA-84C3-4130-A0B8-6526F753F44B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E71761AA-84C3-4130-A0B8-6526F753F44B}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EACD1969-5C09-4939-B8FC-86D75B0B98B2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EACD1969-5C09-4939-B8FC-86D75B0B98B2}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EE86421C-422E-4BEB-BE29-305DD6BE6E0F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE86421C-422E-4BEB-BE29-305DD6BE6E0F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 1960848 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 70179228 B
Java, Flash, Steam htmlcache => 879 B
Windows/system/drivers => 3918063 B
Edge => 549289 B
Chrome => 746169924 B
Firefox => 371722212 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
LocalService => 125200 B
NetworkService => 39476 B
EID ABET => 21180034 B
DefaultAppPool => 16674 B

RecycleBin => 16368855 B
EmptyTemp: => 1.1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:50:05 ====

 

 

ckfiles.txt

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\blender foundation\blender\2.77\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
c:\program files\inkscape\python\lib\site-packages\numpy\f2py\crackfortran.py
c:\users\eid abet\documents\2016\news clip filing\alu in the news\the standard\2016_01_31 bill gives workers first crack at bankrupt companies - the standard.html
scanner sequence 3.BB.11.BSAPM0
 ----- EOF -----

[emeraldnzl]

Hello again Dyjinn,

 

Please download Junkware Removal Tool to your desktop.
 

• Shut down your protection software to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

 

After that

 

Please run the MGA Diagnostic Tool and post back the report it produces:

• Download MGADiag to your desktop.
• Double-click on MGADiag.exe to launch the program
• Click "Continue"
• Ensure that the "Windows" tab is selected (it should be by default).
• Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
• Paste the MGA Diagnostic Report back here in your next reply.

 

Finally

 

Please run FRST again and post back the FRST.txt together with the Addition.txt logs it generates.

 

So when you return please post

• JRT.txt
• FRST.txt
• Addition.txt
• MGA Diagnostic Report

[Dyjinn]

jrt.txt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x86
Ran by EID GI (Administrator) on Tue 12/13/2016 at  8:00:03.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/13/2016 at  8:01:14.19
End of JRT log

 

 

MGA Diagnostic Report

Error message: Failed to create output files, hr = 0x80070002. Please contact support.

Validation Status: Validation unsupported OS

Validation Code: 6

Product Key: *****-*****-C97JM-9MPGT-3V66T

Product Key Hash: gmNDbvZQji7KOiUWbAAATBm+IY8=

Product ID: 00330-80000-00000-AA579

Product ID Type: 0 - unknown

Windows OS Version: N/A, hr=0x8007007a

ID: {7CD3CB71-2412-41B5-BAD2-0616CF75A2A1}(1)

Administrator: Yes

TestCab: 0x0

LegitcheckControl: N/A, hr = 0x80070002

Signed by: N/A, hr = 0x80070002

Product Name: Windows 10 Pro

Architecture & Build: 0x00000000 14393.rs1_release_inmarket.161102

TTS Error: N/A

Validation Diagnostic:

Resolution Status: N/A

frst.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by EID GI (administrator) on EIDABET-PC (13-12-2016 08:11:07)
Running from C:\Users\EID ABET\Desktop
Loaded Profiles: EID GI (Available Profiles: EID GI)
Platform: Microsoft Windows 10 Pro Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6310504 2011-11-08] (Realtek Semiconductor)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-04-04]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{9b81d74b-3550-4a80-bf57-7758e2fb14f4}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{ed0daf03-451d-4329-bdad-445df51ec114}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{f47d1650-524b-4395-81b6-cd8eff028994}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-14] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-14] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-02] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\EID ABET\AppData\Roaming\Mozilla\Firefox\Profiles\13n43ts3.default-1465183135788 [2016-12-13]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-02]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-14] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default [2016-12-12]
CHR Extension: (Adblock Plus) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-11-14]
CHR Extension: (Pinterest Save Button) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-11-03]
CHR Extension: (Kaspersky Protection) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2016-08-10]
CHR Extension: (Ghostery) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-11-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-09]
CHR Extension: (Chrome Media Router) - C:\Users\EID ABET\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-04]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
S4 Apache2.4; D:\eclipse php\xampp\apache\bin\httpd.exe [23040 2016-07-07] (Apache Software Foundation) [File not signed]
S2 AVP16.0.1; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S4 KMService; C:\Windows\system32\srvany.exe [8192 2016-04-01] () [File not signed]
S4 mysql; D:\eclipse php\xampp\mysql\bin\mysqld.exe [11738568 2016-07-18] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [1887272 2016-09-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [201912 2015-07-06] (Kaspersky Lab ZAO)
R3 FETNDIS; C:\WINDOWS\System32\drivers\fetn63.sys [47616 2016-07-16] (VIA Technologies, Inc.              )
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [155304 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [46776 2015-06-06] (Kaspersky Lab ZAO)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [66440 2015-12-01] (AO Kaspersky Lab)
S2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [67456 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [25208 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [145800 2015-12-11] (AO Kaspersky Lab)
S1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [51544 2016-12-02] (AO Kaspersky Lab)
S3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [165464 2016-11-24] (AO Kaspersky Lab)
S1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [770904 2016-08-17] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [45144 2016-04-29] (AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [46464 2015-11-11] (AO Kaspersky Lab)
S3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [37560 2015-06-07] (Kaspersky Lab ZAO)
S1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [41864 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [74160 2016-08-17] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [93528 2016-08-17] (AO Kaspersky Lab)
S1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [161672 2015-12-03] (AO Kaspersky Lab)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-11-25] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 RtlWlanu_OldIC; C:\WINDOWS\System32\drivers\rtwlanu_oldIC.sys [3245056 2016-07-16] (Realtek Semiconductor Corporation                           )
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
S3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 08:02 - 2016-12-13 08:02 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2016-12-13 08:01 - 2016-12-13 08:01 - 00000555 _____ C:\Users\EID ABET\Desktop\JRT.txt
2016-12-13 07:43 - 2016-12-13 07:59 - 01631928 _____ (Malwarebytes) C:\Users\EID ABET\Desktop\JRT.exe
2016-12-13 07:41 - 2016-12-13 08:02 - 02031992 _____ (Microsoft Corporation) C:\Users\EID ABET\Desktop\MGADiag.exe
2016-12-12 12:58 - 2016-12-12 13:01 - 00000533 _____ C:\Users\EID ABET\Desktop\ckfiles.txt
2016-12-12 12:46 - 2016-12-12 12:50 - 00014262 _____ C:\Users\EID ABET\Desktop\Fixlog.txt
2016-12-12 11:59 - 2016-12-12 12:57 - 00468480 _____ () C:\Users\EID ABET\Desktop\CKScanner.exe
2016-12-12 08:55 - 2016-12-12 08:56 - 00300100 _____ C:\WINDOWS\Minidump\121216-27796-01.dmp
2016-12-12 08:55 - 2016-12-12 08:55 - 459117854 _____ C:\WINDOWS\MEMORY.DMP
2016-12-12 08:29 - 2016-12-13 08:11 - 00010373 _____ C:\Users\EID ABET\Desktop\FRST.txt
2016-12-12 08:29 - 2016-12-12 08:30 - 00032843 _____ C:\Users\EID ABET\Desktop\Addition.txt
2016-12-12 08:25 - 2016-12-12 08:25 - 00000000 ____D C:\Users\EID ABET\Downloads\FRST-OlderVersion
2016-12-02 11:45 - 2016-12-02 11:45 - 01198288 _____ (Adobe Systems Incorporated) C:\Users\EID ABET\Downloads\flashplayer23_xa_install.exe
2016-12-01 08:37 - 2016-12-01 08:37 - 00000000 ____D C:\Users\EID ABET\Desktop\aaaa
2016-12-01 08:21 - 2016-12-01 08:28 - 00000000 ____D C:\Users\EID ABET\Desktop\New folder
2016-12-01 07:47 - 2016-12-01 07:48 - 00892416 _____ (Farbar) C:\Users\EID ABET\Downloads\MiniToolBox.exe
2016-11-29 13:44 - 2016-11-29 13:44 - 00448971 _____ C:\Users\EID ABET\Documents\IMG_20161129_0001.pdf
2016-11-29 08:26 - 2016-11-29 08:26 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-EIDABET-PC-Windows-10-Pro-(32-bit).dat
2016-11-29 08:26 - 2016-11-29 08:26 - 00000000 ____D C:\RegBackup
2016-11-29 07:49 - 2016-11-29 07:49 - 00183072 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2016-11-29 07:49 - 2016-11-29 07:49 - 00002194 _____ C:\Users\EID ABET\Desktop\Tweaking.com - Windows Repair.lnk
2016-11-29 07:49 - 2016-11-29 07:49 - 00000550 _____ C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job
2016-11-29 07:49 - 2016-11-29 07:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-11-29 07:49 - 2016-11-29 07:49 - 00000000 ____D C:\Program Files\Tweaking.com
2016-11-29 07:45 - 2016-11-29 07:47 - 32211176 _____ (Tweaking.com) C:\Users\EID ABET\Downloads\tweaking.com_windows_repair_aio_setup.exe
2016-11-29 07:41 - 2016-12-13 08:01 - 00000000 ____D C:\Users\EID ABET\AppData\LocalLow\Mozilla
2016-11-28 13:29 - 2001-01-01 09:22 - 05173624 _____ C:\Users\EID ABET\Desktop\wad boarding pass .pdf
2016-11-28 12:49 - 2016-12-12 08:21 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-11-25 16:38 - 2016-11-25 16:39 - 06334848 _____ (AVAST Software) C:\Users\EID ABET\Downloads\avast_free_antivirus_setup_online.exe
2016-11-25 16:27 - 2016-12-12 08:28 - 00032499 _____ C:\Users\EID ABET\Downloads\Addition.txt
2016-11-25 16:25 - 2016-12-13 08:11 - 00000000 ____D C:\FRST
2016-11-25 16:25 - 2016-12-12 08:28 - 00022865 _____ C:\Users\EID ABET\Downloads\FRST.txt
2016-11-25 16:09 - 2016-12-13 07:58 - 00616932 _____ C:\WINDOWS\ntbtlog.txt
2016-11-25 16:09 - 2016-12-13 07:58 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-11-25 15:33 - 2016-11-25 15:33 - 00000000 ____D C:\Users\EID ABET\Desktop\Slides
2016-11-25 14:54 - 2016-12-12 08:25 - 01761792 _____ (Farbar) C:\Users\EID ABET\Desktop\FRST.exe
2016-11-25 14:40 - 2016-11-25 14:40 - 00000000 ____D C:\$SysReset
2016-11-25 14:04 - 2016-11-25 14:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\EID ABET\Downloads\HijackThis.exe
2016-11-25 11:56 - 2016-11-25 11:56 - 03198066 _____ C:\Users\EID ABET\Downloads\20846668_fd55af6a83d156d2554a2cfd8969abe78c28c557.cab
2016-11-25 11:49 - 2016-11-25 11:52 - 151740327 _____ C:\Users\EID ABET\Downloads\killer_e2200_wireless_netcard_1_1_50_1414_driver.zip
2016-11-25 11:44 - 2016-11-25 11:44 - 02512160 _____ C:\Users\EID ABET\Downloads\win81-10.0.0.308-whql.zip
2016-11-25 07:36 - 2016-11-25 07:39 - 00300156 _____ C:\WINDOWS\Minidump\112516-31703-01.dmp
2016-11-23 10:41 - 2016-11-23 10:41 - 04105259 _____ C:\Users\EID ABET\Downloads\HB 4444 Prohibiting All Forms of Contractualization_TUCP.pdf
2016-11-22 13:58 - 2016-11-22 13:58 - 00449763 _____ C:\Users\EID ABET\Desktop\B1.5 Strategy Plan-post congress_en.pdf
2016-11-22 07:45 - 2016-12-12 08:55 - 00000000 ____D C:\WINDOWS\Minidump
2016-11-21 16:51 - 2016-11-21 16:51 - 00180061 _____ C:\Users\EID ABET\Documents\IMG_20161121_0002.pdf
2016-11-21 16:50 - 2016-11-21 16:50 - 00562206 _____ C:\Users\EID ABET\Documents\IMG_20161121_0001.pdf
2016-11-21 13:46 - 2016-11-21 13:46 - 00000000 ____D C:\ProgramData\EPSON
2016-11-21 13:46 - 2016-11-21 13:46 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-11-21 12:52 - 2016-11-25 16:11 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-21 12:51 - 2016-11-21 12:51 - 00001133 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-21 12:51 - 2016-11-21 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-21 12:51 - 2016-11-21 12:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-21 12:51 - 2016-11-21 12:51 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-11-21 12:51 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-21 12:51 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-21 12:51 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-21 12:49 - 2016-11-21 12:51 - 22851472 _____ (Malwarebytes ) C:\Users\EID ABET\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-21 12:40 - 2016-11-25 16:27 - 00000000 ____D C:\AdwCleaner
2016-11-21 12:39 - 2016-11-21 12:40 - 03910208 _____ C:\Users\EID ABET\Downloads\AdwCleaner.exe
2016-11-21 12:14 - 2016-11-21 12:14 - 00357855 _____ C:\Users\EID ABET\Desktop\~WRL2937.tmp
2016-11-21 10:15 - 2016-11-21 10:15 - 00071013 _____ C:\Users\EID ABET\Downloads\Philippine Airlines_18 Nov 2016_YNFDUD_MONTEVIRGEN  LUIGI.pdf
2016-11-21 10:14 - 2016-11-21 10:14 - 00070409 _____ C:\Users\EID ABET\Downloads\Philippine Airlines_15 Nov 2016_YNFDUD_MONTEVIRGEN  LUIGI (1).pdf
2016-11-21 08:58 - 2016-11-21 08:58 - 00632964 _____ C:\Users\EID ABET\Downloads\WAD2016 passport (1).pdf
2016-11-21 08:57 - 2016-11-21 08:57 - 05587235 _____ C:\Users\EID ABET\Downloads\page 5 (1).pdf
2016-11-21 08:57 - 2016-11-21 08:57 - 04633946 _____ C:\Users\EID ABET\Downloads\page 4 (1).pdf
2016-11-21 08:57 - 2016-11-21 08:57 - 03970649 _____ C:\Users\EID ABET\Downloads\page 3 (1).pdf
2016-11-21 08:56 - 2016-11-21 08:56 - 09046809 _____ C:\Users\EID ABET\Downloads\page 2 (1).pdf
2016-11-21 08:52 - 2016-11-21 08:53 - 21952472 _____ C:\Users\EID ABET\Downloads\page 1 (1).pdf
2016-11-21 08:27 - 2016-11-21 08:28 - 01832378 _____ C:\Users\EID ABET\Downloads\Ludema.zip
2016-11-15 11:17 - 2016-11-15 11:17 - 01787567 _____ C:\Users\EID ABET\Downloads\filename-0=Trade Union Fundamentals and Leadership Seminar   (CSCIEU) (1).pd
2016-11-15 11:16 - 2016-11-15 11:16 - 01787567 _____ C:\Users\EID ABET\Downloads\Trade Union Fundamentals and Leadership Seminar(CSCIEU).pdf.pdf
2016-11-15 10:51 - 2016-11-15 10:51 - 00070409 _____ C:\Users\EID ABET\Downloads\Philippine Airlines_15 Nov 2016_YNFDUD_MONTEVIRGEN  LUIGI.pdf
2016-11-15 09:26 - 2016-11-15 10:30 - 11727026 _____ C:\Users\EID ABET\Desktop\ANCWtarpWAAD.dpp
2016-11-14 08:46 - 2001-01-01 09:22 - 05173624 _____ C:\Users\EID ABET\Downloads\wad boarding pass .pdf
2016-11-14 08:38 - 2016-11-14 08:38 - 09042660 _____ C:\Users\EID ABET\Downloads\page 2.pdf
2016-11-14 08:38 - 2016-11-14 08:38 - 04617032 _____ C:\Users\EID ABET\Downloads\page 4.pdf
2016-11-14 08:38 - 2016-11-14 08:38 - 03967156 _____ C:\Users\EID ABET\Downloads\page 3.pdf
2016-11-14 08:21 - 2016-11-14 08:23 - 21936044 _____ C:\Users\EID ABET\Downloads\page 1.pdf
2016-11-14 07:42 - 2016-11-14 07:42 - 05587235 _____ C:\Users\EID ABET\Downloads\page 5.pdf
2016-11-14 07:41 - 2016-11-14 07:41 - 00632964 _____ C:\Users\EID ABET\Downloads\WAD2016 passport.pdf
2016-11-14 07:38 - 2016-11-14 07:38 - 09737238 _____ C:\Users\EID ABET\Downloads\WAAD boarding Pass.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 08:02 - 2016-09-30 08:57 - 00867260 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-13 07:57 - 2016-09-30 09:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-13 07:57 - 2016-07-16 10:22 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-13 07:56 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-13 07:56 - 2016-07-16 16:29 - 00000000 ____D C:\Program Files\WindowsApps
2016-12-13 07:56 - 2016-07-04 11:15 - 00000000 ____D C:\Users\EID ABET\AppData\Local\Packages
2016-12-13 07:52 - 2016-04-01 12:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-12-13 07:41 - 2016-07-16 16:28 - 00000000 ____D C:\WINDOWS\INF
2016-12-13 07:37 - 2016-09-30 08:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-12 16:28 - 2016-06-06 17:08 - 00000000 ____D C:\Users\EID ABET\Documents\2016
2016-12-12 16:09 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\rescache
2016-12-12 12:30 - 2016-09-30 08:52 - 00670544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-12 12:29 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-12 12:29 - 2016-07-16 10:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-12 12:29 - 2016-07-16 10:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-12 12:29 - 2016-07-16 10:22 - 00000000 ____D C:\WINDOWS\servicing
2016-12-12 12:02 - 2016-09-30 08:58 - 00000000 ____D C:\Users\EID ABET
2016-12-12 10:17 - 2016-07-16 16:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-12 08:33 - 2016-04-04 12:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-12-02 11:45 - 2016-06-23 09:04 - 00000000 ____D C:\Users\EID ABET\AppData\Local\Adobe
2016-12-02 07:53 - 2016-04-29 05:22 - 00051544 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-11-29 10:28 - 2016-04-27 12:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-29 10:25 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-29 10:24 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-29 10:24 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-11-29 10:23 - 2016-07-16 16:30 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-29 09:27 - 2016-04-04 13:57 - 00407720 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-11-29 09:25 - 2010-11-21 08:46 - 00000000 ____D C:\WINDOWS\CSC
2016-11-25 16:09 - 2016-06-07 08:09 - 00000000 ____D C:\Users\EID ABET\AppData\Local\ElevatedDiagnostics
2016-11-25 16:03 - 2016-07-04 11:28 - 00000000 ___RD C:\Users\EID ABET\OneDrive
2016-11-25 15:23 - 2016-09-29 08:12 - 00000000 ____D C:\Users\EID ABET\Documents\Driver
2016-11-25 14:54 - 2016-06-09 11:30 - 00000000 ____D C:\Program Files\Google
2016-11-22 07:51 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-11-21 13:49 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-21 13:46 - 2016-07-16 16:29 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-14 11:33 - 2016-11-11 09:46 - 00018111 _____ C:\Users\EID ABET\Documents\starburn.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-12 09:57

==================== End of FRST.txt ============================

 

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016
Ran by EID GI (13-12-2016 08:12:44)
Running from C:\Users\EID ABET\Desktop
Microsoft Windows 10 Pro Version 1607 (X86) (2016-09-30 01:20:07)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4236182247-2946576656-2820495726-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4236182247-2946576656-2820495726-503 - Limited - Disabled)
EID GI (S-1-5-21-4236182247-2946576656-2820495726-1000 - Administrator - Enabled) => C:\Users\EID ABET
Guest (S-1-5-21-4236182247-2946576656-2820495726-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Blender (HKLM\...\{5184E115-8288-4B8A-B968-21FB39FCCBAB}) (Version: 2.77.1 - Blender Foundation)
Canon E510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_E510_series) (Version: 1.02 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MX340 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series) (Version:  - )
EPSON L360 Series Printer Uninstall (HKLM\...\EPSON L360 Series) (Version:  - SEIKO EPSON Corporation)
GIMP 2.8.16 (HKLM\...\GIMP-2_is1) (Version: 2.8.16 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Java 8 Update 102 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Kaspersky Internet Security (HKLM\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (Version: 16.0.1.445 - Kaspersky Lab) Hidden
Lightworks (HKLM\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.6.0.0 - Lightworks)
LMMS 1.1.3 (HKLM\...\LMMS) (Version: 1.1.3 - LMMS Developers)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 50.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 50.0.2 (x86 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 50.0.2.6177 - Mozilla)
MySQL Workbench 6.3 CE (HKLM\...\{32EECAF8-4CD9-4B9B-93AF-272B6FBF0410}) (Version: 6.3.7 - Oracle Corporation)
RawTherapee version 4.2 (HKLM\...\{128459AB-59A7-430A-8BD0-3D8803D50400}_is1) (Version: 4.2 - rawtherapee.com)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6499 - Realtek Semiconductor Corp.)
Serif DrawPlus Starter Edition (HKLM\...\{33311EA4-0ECA-4E7F-83E5-8A92CD760152}) (Version: 2.0.2.010 - Serif (Europe) Ltd)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sublime Text 2.0.2 (HKLM\...\Sublime Text 2_is1) (Version:  - )
TP-LINK TL-WN723N Driver (HKLM\...\{B82D0422-A202-4E51-92F2-821A35CC833F}) (Version: 1.1.0 - TP-LINK)
TP-LINK Wireless Configuration Utility (HKLM\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.1.0 - TP-LINK)
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 3.9.17 - Tweaking.com)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Wondershare Filmora(Build 7.8.0) (HKLM\...\Wondershare Filmora_is1) (Version:  - Wondershare Software)
Wondershare Helper Compact 2.5.2 (HKLM\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
XAMPP (HKLM\...\xampp) (Version: 5.6.24-1 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01FEAD6F-74C8-40D8-88F3-6977F61F09CD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {0814F25F-1CED-4C12-9F70-591E75C15935} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {203E7437-EF12-4D55-AA98-D0D19301B32F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {249AFC2D-1F9E-4B88-BD85-0F3648F67C54} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {267C6F8A-4251-4E4B-891E-A902A1BBB4C1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {33DF82C1-968C-42A1-9887-C6D425D15044} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {36A76F6C-AB0D-4ACC-B8A0-42769B753C8C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3B04BC55-3FEE-4D52-9475-16FD21403BC3} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {3EC458D0-F00E-47FC-A786-89646B9BF977} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {448EAA86-7D32-4DCB-9B32-B11B75F129D8} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {51587011-1054-463C-947E-284385626872} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {68A24525-631E-4528-B54E-B39616F62485} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {707119C3-B0F7-4219-8B47-5733A8212106} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {716024C1-9FAF-48B3-B911-2CC8A1A3CE5F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7BDC8507-DEE5-4098-8681-A6EE70A899E4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8D6B2262-79A1-4F9F-A255-205A97B3B04A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {8D7E18A7-B376-4459-99F0-F6204C3B5BDE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {917AD162-B746-46F8-BD96-B062AEBF729B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {95AEF0DA-1669-465C-BE1B-9FE20DC4E812} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {A7042C7B-9068-4DEF-924F-852249D75645} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AAE33E81-D888-4B10-8ED3-8B0B67294DF3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B290781D-9375-47BC-A964-08ABFEA0F89C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BD8CA9F1-FA19-4087-A325-AF254D71881E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E515662C-71AD-4828-BC10-BC05EDDCBAEB} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F5984EED-005B-410E-9945-4EA76886A990} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {FA627B34-7287-499E-B5A0-02015AF815A3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FDA7D037-F301-462B-A0FF-A4EB3E9CE970} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Tweaking.com - Windows Repair Tray Icon.job => C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe C:\Program Files\Tweaking.com\Windows Repair (All in One) Tweaking.com - Windows Repair )Created By Tweaking.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 16:25 - 2016-07-16 16:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-10-11 10:54 - 2016-09-16 01:32 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-11 10:54 - 2016-09-16 01:32 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-07-16 16:25 - 2016-07-16 16:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-09 08:26 - 2016-11-02 18:46 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 08:27 - 2016-11-02 18:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 08:27 - 2016-11-02 18:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-01 00:47 - 2016-10-01 00:47 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 08:27 - 2016-11-02 18:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 08:27 - 2016-11-02 18:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
iver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2016-11-29 08:57 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\EID ABET\Documents\2016\Vectors\Panalangin.png
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: Apache2.4 => 2
MSCONFIG\Services: KMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: mysql => 2
HKLM\...\StartupApproved\StartupFolder: => "TP-LINK Wireless Configuration Utility.lnk"
HKU\S-1-5-21-4236182247-2946576656-2820495726-1000\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => LPort=808
FirewallRules: [{194EFB70-1678-479F-A800-F654C44A91C5}] => C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{DFA1C21A-CE0C-4C58-8271-0C8DC0742910}] => C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{533A10FC-DE4C-4F8C-968D-0D218DCD37B4}] => C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{97F39D8E-A4C9-4566-895F-F36FB13770F1}] => C:\Program Files\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{4D8498AA-B57D-4084-BE38-F95BB8338445}] => C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{3C6A0137-898B-4CA6-AAB2-D798BD058C6E}] => C:\Program Files\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{B179B575-D74E-4A5A-ADB1-5578DBB4EF8B}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{36EB9BEB-5ADE-4D20-A80E-1B63DDC5B6EC}] => C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{766BDF72-0EE4-4F36-949F-D72461C2E9BA}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [WMP-In-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-UDP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [WMP-Out-TCP-x86] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{32C5DA6B-1D6F-4180-B061-9FC172558990}] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{F6202490-FCD1-4887-BE3B-C2069D93760A}] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
FirewallRules: [{0BA1D169-BED8-4049-9560-1D95E04ECDE9}] => %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe

==================== Restore Points =========================

28-11-2016 07:50:08 Scheduled Checkpoint
12-12-2016 09:58:29 Windows Update

==================== Faulty Device Manager Devices =============

Name: Kaspersky Lab power events provider
Description: Kaspersky Lab power events provider
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: KL
Service: klhk
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2016 08:00:05 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Users\EIDABE~1\AppData\Local\Temp\jrt\CreateRestorePoint.exe  "JRT Pre-Junkware Removal"; Description = JRT Pre-Junkware Removal; Error = 0x8007043c).

Error: (12/13/2016 07:58:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppX9zvsr9qeth9e9a03yr0g7rpdrcrwgn5r.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2016 07:58:40 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: EIDABET-PC)
Description: Activation of app Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe!App failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2016 07:46:31 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/13/2016 07:46:31 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/13/2016 07:46:31 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/13/2016 07:46:31 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/13/2016 07:46:05 AM) (Source: .NET Runtime) (EventID: 1025) (User: )
Description: Application: avpui.exe
Framework Version: v4.0.30319
Description: The application requested process termination through System.Environment.FailFast(string message).
Message: Terminate on fatal exception on start application
Stack:
   at System.Environment.FailFast(System.String, System.Exception)
   at KasperskyLab.UI.Common.ExceptionPolicy.ProcessExceptionOnStartApplication(System.Exception, System.String)
   at KasperskyLab.Kis.UI.EntryPoint.<Start>b__10(System.Exception)
   at KasperskyLab.UI.Common.Vb.ExceptionsProcessor.ExecuteActionWithExceptionFilter(System.Action, System.Func`2<System.Exception,Boolean>)
   at KasperskyLab.Kis.UI.Bootstrapper..ctor(System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>)
   at KasperskyLab.Kis.UI.EntryPoint.StartImpl(KasperskyLab.Kis.UI.Services.GuiStartMode, System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>)
   at KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClass12.<Start>b__f()
   at KasperskyLab.UI.Common.Vb.ExceptionsProcessor.ExecuteActionWithExceptionFilter(System.Action, System.Func`2<System.Exception,Boolean>)
   at KasperskyLab.Kis.UI.EntryPoint.Start(KasperskyLab.Kis.UI.Services.GuiStartMode, System.Action`1<Microsoft.Practices.Unity.IUnityContainer>, System.Collections.Generic.IEnumerable`1<System.Type>, System.Func`1<System.IDisposable>)
   at KasperskyLab.Kis.UI.EntryPoint+<>c__DisplayClassd.<PreloadImpl>b__c()
   at System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Threading.ThreadHelper.ThreadStart()

Error: (12/13/2016 07:46:00 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/13/2016 07:46:00 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)


System errors:
=============
Error: (12/13/2016 08:13:14 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/13/2016 08:12:45 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/13/2016 08:12:45 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/13/2016 08:12:45 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/13/2016 08:12:39 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/13/2016 08:12:39 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/13/2016 08:12:39 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/13/2016 08:11:51 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/13/2016 08:11:08 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/13/2016 08:11:08 AM) (Source: DCOM) (EventID: 10005) (User: EIDABET-PC)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


CodeIntegrity:
===================================
  Date: 2016-12-12 10:31:26.782
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-12-12 10:31:26.610
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-12-12 10:31:26.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-12-12 10:31:25.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-12-12 10:31:25.402
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-12-12 10:31:25.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-12-12 10:31:22.771
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-12-12 10:31:20.279
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2016-12-12 09:57:59.701
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-29 09:55:20.260
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-3500 APU with Radeon™ HD Graphics
Percentage of memory in use: 50%
Total physical RAM: 2811.53 MB
Available physical RAM: 1394.01 MB
Total Virtual: 5627.53 MB
Available Virtual: 4308.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:243.6 GB) (Free:189.7 GB) NTFS
Drive d: () (Fixed) (Total:221.62 GB) (Free:121.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BF7FBED8)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=243.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=221.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


*Note: I'm kind of freaking out at the MGA Diagnostic Report since I'm sure this copy is genuine and that it came from a free upgrade from Win7. After I ran ADWCleaner instead of MalwareBytes my Win10 apps started to say that the trial version has expired.

Edited by Dyjinn, 12 December 2016 - 06:19 PM.

[emeraldnzl]

 

*Note: I'm kind of freaking out at the MGA Diagnostic Report since I'm sure this copy is genuine and that it came from a free upgrade from Win7.

 

My mistake and apologies, I overlooked that that tool doesn't work with OS's later than Win7, hence the unusual result. Please disregard it. I saw a suspicious service in your log but on further research I have found it is actually an application which allows an executable to be run as a service and not the bad keygen one.

 

Now

 

Tell me have those security programs always returned the error outlined in your first post or did something change after something happening e.g. an update or some such?

 

Also please check that the date, time and time zone are correct on your machine.

[Dyjinn]

I thought that a failed Windows Update caused the error since there were frequent crashes after. I tried using system restore but the restore points showed some error saying that it cannot be accessed. Kaspersky and Run as Admin still works by that time though.

A few days after, I inserted a flash disk that had a potential virus. That was the time that I couldn't access Kaspersky and Run as Admin. Win10 apps also showed that "trial has expired" and I couldn't use them anymore (calculator, photos, etc. couldn't be accessed but other apps could still be used).

 

Time and time zone of the machine seem correct.

[emeraldnzl]

 

Win10 apps also showed that "trial has expired" and I couldn't use them anymore (calculator, photos, etc. couldn't be accessed but other apps could still be used).

 

I wonder, was you Kaspersky Anti Virus a trial version?

[Dyjinn]

Unfortunately, no. It was a paid version that would expire by February. Kaspersky still runs in the background processes, and it continues to update but the interface does not load at all.

[emeraldnzl]

 

Kaspersky still runs in the background processes, and it continues to update but the interface does not load at all.

 

Have you tried a re-installation? Sometimes there can be corruption which uninstalling followed by re-installation solves.

[Dyjinn]

I've already tried but it doesn't work still. Something seems to block all the programs that need Run as Administrator to work.

[emeraldnzl]

But they do work in Safe Mode?