1. #1

    Possibly Infected.

    Help. I installed windows 10 a few months ago, and was working well. I let mu son install Minecraft and he decided to install packs and upgrades that I did not know of. Afterward, my computer has started to act up where at first it does not see my sound card. Then I am having troubles installing updates or certain internet centric programs ie. Googgle Chrome and Adobe Flash. I have run Windows Defender and othe anti-virus and anti-malware programs, but nothing seems to find anything wrong. I have also tried to re-install Windows 10 through the ISO file, like I did to upgrade to Win 10, but it will not let it re-install. Please I am desperate to have this computer fixed. Thank You.


    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: Possibly Infected.

    Hi, Sean.

    Please post the logs as requested at Malware Removal Posting Instructions.

    Thank you.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  3. #3

    Re: Possibly Infected.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-12-2015
    Ran by Admin (administrator) on SEANARMOLT (24-12-2015 11:11:08)
    Running from C:\Users\Admin\Desktop
    Loaded Profiles: Admin (Available Profiles: Admin)
    Platform: Windows 10 Home (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (IObit) C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    (Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Windows\syswow64\cmd.exe
    (Microsoft Corporation) C:\Windows\syswow64\schtasks.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-12-22] (Synaptics Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-03] (SUPERAntiSpyware)
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2010912 2015-11-30] (IObit)
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_Plugin.exe [1156296 2015-09-28] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\MountPoints2: {c3d9b0b8-3f5d-11e5-9e0c-78e3b5591fc8} - "H:\setup.exe"
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
    Tcpip\..\Interfaces\{3a5c723a-33ea-424a-9324-e879207a77a9}: [DhcpNameServer] 75.75.75.75 75.75.76.76

    Internet Explorer:
    ==================
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
    SearchScopes: HKU\S-1-5-21-1833631763-2706768176-790802966-1008 -> {ABA0B58B-A9D6-4897-BFE5-3961F1FE5A75} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
    BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
    BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-16] (Oracle Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8g57uh.default
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-28] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-28] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-16] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-16] (Oracle Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
    FF user.js: detected! => C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6m8g57uh.default\user.js [2015-12-22]

    Chrome:
    =======
    CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
    CHR DefaultSearchKeyword: Default -> Yahoo
    CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
    CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-07]
    CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-07]
    CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-07]
    CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
    CHR Extension: (Adblock Plus) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-07]
    CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-07]
    CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-08]
    CHR Extension: (AdBlock) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-09-27]
    CHR Extension: (Adblock Super) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-09-15]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-07]
    CHR Extension: (Adblock Pro) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2015-09-24]
    CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-07]
    CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [827680 2015-11-04] (IObit)
    S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [File not signed]
    R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
    R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2934048 2015-10-09] (IObit)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-12-22] (Synaptics Incorporated)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdide64; C:\Windows\System32\drivers\amdide64.sys [13848 2015-12-22] (Advanced Micro Devices Inc.)
    S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [31992 2015-06-03] (Advanced Micro Devices, Inc.)
    R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-12-22] (Advanced Micro Devices)
    R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-09-30] (Disc Soft Ltd)
    R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-22] (REALiX(tm))
    R3 i8042HDR; C:\Windows\System32\drivers\i8042HDR.sys [15920 2009-08-14] (Windows (R) Codename Longhorn DDK provider)
    R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-12-22] (Realtek )
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-09-07] (HP)
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-24 11:11 - 2015-12-24 11:11 - 00013363 _____ C:\Users\Admin\Desktop\FRST.txt
    2015-12-24 11:11 - 2015-12-24 11:11 - 00000000 ____D C:\FRST
    2015-12-24 11:09 - 2015-12-24 11:09 - 00852798 _____ C:\Users\Admin\Desktop\SecurityCheck.exe
    2015-12-24 11:08 - 2015-12-24 11:10 - 02370560 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
    2015-12-24 10:12 - 2015-12-24 10:12 - 00016148 _____ C:\WINDOWS\system32\SEANARMOLT_Admin_HistoryPrediction.bin
    2015-12-23 22:35 - 2015-09-16 10:45 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2015-12-23 22:17 - 2015-12-23 22:34 - 00000000 ____D C:\Program Files\Java
    2015-12-23 22:16 - 2015-12-23 22:34 - 57017440 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-8u66-windows-x64.exe
    2015-12-23 22:15 - 2015-12-23 22:36 - 01193696 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\readerdc_en_a_install.exe
    2015-12-23 22:15 - 2015-12-23 22:15 - 00584288 _____ (Oracle Corporation) C:\Users\Admin\Downloads\jre-8u66-windows-i586-iftw.exe
    2015-12-23 17:21 - 2015-12-23 17:21 - 01319424 _____ (niemiro) C:\Users\Admin\Downloads\SFCFix.exe
    2015-12-23 17:07 - 2015-12-23 17:11 - 01190608 _____ (Adobe Systems Incorporated) C:\Users\Admin\Downloads\flashplayer20_a_install.exe
    2015-12-23 16:54 - 2015-12-23 17:04 - 00248632 _____ C:\Users\Admin\Downloads\Firefox Setup Stub 43.0.2.exe
    2015-12-23 16:39 - 2015-12-23 16:39 - 00021970 _____ C:\Users\Admin\Documents\cc_20151223_163913.reg
    2015-12-23 16:35 - 2015-12-23 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-12-23 16:33 - 2015-12-23 16:33 - 06805328 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup513.exe
    2015-12-22 18:38 - 2015-12-22 18:38 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
    2015-12-22 18:36 - 2015-12-22 18:36 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
    2015-12-22 18:36 - 2015-12-22 18:36 - 00755880 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
    2015-12-22 18:36 - 2015-12-22 18:36 - 00410792 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
    2015-12-22 18:36 - 2015-12-22 18:36 - 00260264 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
    2015-12-22 18:36 - 2015-12-22 18:36 - 00248488 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31-1.dll
    2015-12-22 18:36 - 2015-12-22 18:36 - 00033960 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
    2015-12-22 18:36 - 2015-12-22 18:36 - 00033448 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
    2015-12-22 18:34 - 2015-12-22 18:38 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
    2015-12-22 18:34 - 2015-12-22 18:34 - 00103424 _____ (Advanced Micro Devices) C:\WINDOWS\system32\DelayAPO.dll
    2015-12-22 18:34 - 2015-12-22 18:34 - 00013848 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\Drivers\amdide64.sys
    2015-12-22 18:13 - 2015-12-22 18:13 - 00026528 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
    2015-12-22 18:13 - 2015-12-22 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 3
    2015-12-22 18:12 - 2015-12-22 18:12 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
    2015-12-22 18:12 - 2015-12-22 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    2015-12-22 18:12 - 2015-12-22 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
    2015-12-22 18:12 - 2015-12-22 18:12 - 00000000 ____D C:\ProgramData\{FD6F83C0-EC70-4581-8361-C70CD1AA4B98}
    2015-12-22 18:10 - 2015-12-22 18:10 - 39651632 _____ (IObit ) C:\Users\Admin\Downloads\advanced-systemcare-setup(1).exe
    2015-12-18 17:48 - 2015-12-18 17:58 - 00000000 ___HD C:\$WINDOWS.~BT
    2015-12-18 17:43 - 2015-12-18 17:43 - 00000000 ____D C:\Users\Admin\AppData\Local\CEF
    2015-12-09 01:39 - 2015-12-01 02:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2015-12-09 01:39 - 2015-12-01 01:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
    2015-12-09 01:39 - 2015-12-01 00:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2015-12-09 01:39 - 2015-11-30 23:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2015-12-09 01:39 - 2015-11-25 00:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2015-12-09 01:39 - 2015-11-25 00:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
    2015-12-09 01:39 - 2015-11-25 00:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2015-12-09 01:39 - 2015-11-25 00:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-12-09 01:39 - 2015-11-25 00:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-12-09 01:39 - 2015-11-25 00:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
    2015-12-09 01:39 - 2015-11-25 00:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2015-12-09 01:39 - 2015-11-25 00:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2015-12-09 01:39 - 2015-11-25 00:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2015-12-09 01:39 - 2015-11-25 00:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2015-12-09 01:39 - 2015-11-25 00:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-12-09 01:39 - 2015-11-24 23:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
    2015-12-09 01:39 - 2015-11-24 23:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2015-12-09 01:39 - 2015-11-24 23:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
    2015-12-09 01:39 - 2015-11-24 23:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-12-09 01:39 - 2015-11-24 23:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
    2015-12-09 01:39 - 2015-11-24 23:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
    2015-12-09 01:39 - 2015-11-24 23:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
    2015-12-09 01:39 - 2015-11-24 23:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-12-09 01:39 - 2015-11-24 23:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-12-09 01:39 - 2015-11-24 23:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2015-12-09 01:39 - 2015-11-24 23:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2015-12-09 01:39 - 2015-11-24 23:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
    2015-12-09 01:39 - 2015-11-24 23:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2015-12-09 01:39 - 2015-11-24 23:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
    2015-12-09 01:39 - 2015-11-24 23:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-12-09 01:39 - 2015-11-24 23:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
    2015-12-09 01:39 - 2015-11-24 23:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
    2015-12-09 01:39 - 2015-11-24 23:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
    2015-12-09 01:39 - 2015-11-24 23:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
    2015-12-09 01:39 - 2015-11-24 23:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2015-12-09 01:39 - 2015-11-24 23:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
    2015-12-09 01:39 - 2015-11-24 23:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-12-09 01:39 - 2015-11-24 23:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
    2015-12-09 01:39 - 2015-11-24 23:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2015-12-09 01:39 - 2015-11-24 23:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2015-12-09 01:39 - 2015-11-24 23:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
    2015-12-09 01:39 - 2015-11-24 23:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2015-12-09 01:39 - 2015-11-24 23:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-12-09 01:39 - 2015-11-24 23:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-12-09 01:39 - 2015-11-24 23:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
    2015-12-09 01:39 - 2015-11-24 23:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2015-12-09 01:39 - 2015-11-24 23:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-12-09 01:39 - 2015-11-24 23:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
    2015-12-09 01:39 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
    2015-12-09 01:39 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
    2015-12-09 01:39 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
    2015-12-09 01:39 - 2015-11-24 23:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
    2015-12-09 01:39 - 2015-11-24 23:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2015-12-09 01:39 - 2015-11-24 23:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2015-12-09 01:39 - 2015-11-24 23:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2015-12-09 01:39 - 2015-11-24 23:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2015-12-09 01:39 - 2015-11-24 23:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2015-12-09 01:39 - 2015-11-24 23:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
    2015-12-09 01:39 - 2015-11-24 23:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2015-12-09 01:39 - 2015-11-24 23:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
    2015-12-09 01:39 - 2015-11-24 23:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2015-12-09 01:39 - 2015-11-24 23:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2015-12-09 01:39 - 2015-11-24 23:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-12-09 01:39 - 2015-11-24 23:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
    2015-12-09 01:39 - 2015-11-24 23:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2015-12-09 01:39 - 2015-11-24 23:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-12-09 01:39 - 2015-11-24 23:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2015-12-09 01:39 - 2015-11-24 23:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
    2015-12-09 01:39 - 2015-11-24 23:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
    2015-12-09 01:39 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
    2015-12-09 01:39 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
    2015-12-09 01:39 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
    2015-12-09 01:39 - 2015-11-24 23:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
    2015-12-09 01:39 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
    2015-12-09 01:39 - 2015-11-24 21:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
    2015-12-09 01:38 - 2015-12-01 00:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2015-12-09 01:38 - 2015-12-01 00:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-12-09 01:38 - 2015-12-01 00:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-12-09 01:38 - 2015-11-24 23:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2015-12-09 01:38 - 2015-11-24 23:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
    2015-12-07 16:27 - 2015-12-07 16:34 - 18901936 _____ C:\Users\Admin\Downloads\tweaking.com_windows_repair_aio(1).zip

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-24 11:11 - 2015-09-07 12:26 - 00000000 ____D C:\Windows
    2015-12-24 11:09 - 2015-09-07 11:58 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-24 10:54 - 2015-09-07 12:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-12-24 02:09 - 2015-09-07 11:58 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-23 22:36 - 2015-09-07 12:12 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
    2015-12-23 22:35 - 2015-09-16 10:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-12-23 22:18 - 2015-09-16 10:46 - 00000000 ____D C:\Users\Admin\.oracle_jre_usage
    2015-12-23 18:13 - 2015-09-07 12:48 - 00000000 ___HD C:\Program Files\WindowsApps
    2015-12-23 18:13 - 2015-09-07 12:48 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-12-23 17:06 - 2015-09-07 11:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-12-23 17:04 - 2015-09-28 11:56 - 00000000 ____D C:\Program Files (x86)\Real
    2015-12-23 17:04 - 2015-09-07 13:16 - 00000000 ____D C:\ProgramData\Real
    2015-12-23 17:03 - 2015-09-07 13:17 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Real
    2015-12-23 16:56 - 2015-09-07 11:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2015-12-23 16:48 - 2015-09-15 10:57 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-12-23 16:40 - 2015-09-17 17:43 - 00000000 ____D C:\WINDOWS\Minidump
    2015-12-23 16:40 - 2015-09-07 12:46 - 00000000 ____D C:\WINDOWS\INF
    2015-12-23 16:40 - 2015-09-07 12:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-12-23 16:40 - 2015-08-09 10:17 - 00000000 ____D C:\Users\Admin\Desktop\Tools
    2015-12-23 16:40 - 2015-08-08 08:36 - 00000000 ____D C:\Users\Admin\Desktop\Games
    2015-12-22 18:50 - 2015-09-07 09:57 - 00810570 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-12-22 18:48 - 2015-09-15 10:37 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-12-22 18:45 - 2015-09-07 09:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-12-22 18:41 - 2015-09-07 23:03 - 00000000 ____D C:\ProgramData\IObit
    2015-12-22 18:39 - 2015-09-07 13:26 - 00000000 ___DC C:\WINDOWS\Panther
    2015-12-22 18:38 - 2015-09-30 15:28 - 00000000 ____D C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
    2015-12-22 18:38 - 2015-08-11 13:46 - 00935168 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
    2015-12-22 18:36 - 2015-09-07 09:38 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
    2015-12-22 18:36 - 2015-07-17 06:51 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
    2015-12-22 18:36 - 2015-07-17 06:51 - 00610472 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
    2015-12-22 18:36 - 2015-06-03 06:41 - 00367320 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsPStor.sys
    2015-12-22 18:36 - 2015-06-03 06:41 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
    2015-12-22 18:34 - 2015-09-16 15:02 - 00102912 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdWT6.sys
    2015-12-22 18:13 - 2015-09-07 23:03 - 00000000 ____D C:\ProgramData\ProductData
    2015-12-22 18:13 - 2015-09-07 23:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\IObit
    2015-12-22 18:13 - 2015-09-07 23:02 - 00000000 ____D C:\Program Files (x86)\IObit
    2015-12-18 17:58 - 2015-09-07 12:48 - 00000000 ____D C:\WINDOWS\rescache
    2015-12-18 17:43 - 2015-09-07 09:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
    2015-12-17 04:38 - 2015-09-07 09:55 - 00000000 ____D C:\Users\Admin\AppData\Local\Packages
    2015-12-16 13:46 - 2015-09-07 12:37 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-12-16 13:32 - 2015-09-07 12:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-12-16 13:31 - 2015-09-07 12:48 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-16 13:30 - 2015-09-07 09:50 - 00000000 ____D C:\Users\Admin
    2015-12-15 18:32 - 2015-09-07 10:34 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-12-15 18:28 - 2015-09-07 10:34 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-12-09 16:19 - 2015-09-30 07:02 - 00001908 _____ C:\WINDOWS\diagwrn.xml
    2015-12-09 16:19 - 2015-09-30 07:02 - 00001908 _____ C:\WINDOWS\diagerr.xml
    2015-12-08 22:39 - 2015-09-07 10:36 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2015-12-07 17:00 - 2015-09-28 12:50 - 00000000 ____D C:\WINDOWS\pss
    2015-12-07 16:59 - 2015-09-28 12:52 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2015-11-30 19:32 - 2015-09-07 12:51 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-11-30 19:32 - 2015-09-07 12:51 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-24 09:36

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
    Ran by Admin (2015-12-24 11:12:26)
    Running from C:\Users\Admin\Desktop
    Windows 10 Home (X64) (2015-09-07 14:54:14)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Admin (S-1-5-21-1833631763-2706768176-790802966-1008 - Administrator - Enabled) => C:\Users\Admin
    Administrator (S-1-5-21-1833631763-2706768176-790802966-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1833631763-2706768176-790802966-503 - Limited - Disabled)
    Guest (S-1-5-21-1833631763-2706768176-790802966-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1833631763-2706768176-790802966-1014 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.0.3 - IObit)
    AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
    DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
    Driver Booster 3.1 (HKLM-x32\...\Driver Booster_is1) (Version: 3.1 - IObit)
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.0.29.6 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.1.0.21 - IObit)
    Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Mozilla Firefox 43.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.2 (x86 en-US)) (Version: 43.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.2 - Mozilla)
    RealDownloader (x32 Version: 18.0.2.56 - RealNetworks, Inc.) Hidden
    RealDownloader (x32 Version: 18.0.2.60 - RealNetworks) Hidden
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
    Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.104 - Synaptics Incorporated)
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    15-11-2015 13:50:13 Windows Update
    07-12-2015 18:50:56 Scheduled Checkpoint
    15-12-2015 18:23:58 Windows Update
    15-12-2015 18:26:33 Windows Update
    23-12-2015 16:59:36 Installed Minecraft
    24-12-2015 11:06:05 12/24/2015

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-09-07 12:49 - 2015-09-08 00:02 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {03558B35-DF14-49A5-BB30-DED9E39EC4C5} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1833631763-2706768176-790802966-1008 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
    Task: {2CAC407B-D129-45D0-868D-9E6CCAA58DE5} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-15] (Microsoft Corporation)
    Task: {33173560-A6E1-4C20-9D5D-DDD4E5D2BCFA} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-11-23] (IObit)
    Task: {5C9DF0AE-EA0C-4FE5-83A5-BC988D65DC33} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1833631763-2706768176-790802966-1008 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe
    Task: {623FD666-16FD-49BF-A66D-6B3F159551B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: {6C67028B-F7A9-4ED5-8FFA-59E9824F3764} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
    Task: {75BD4934-4C50-404B-8896-5B9312A319F6} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
    Task: {805FB2E0-8E87-4654-B659-128CCF2D9DA3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-28] (Adobe Systems Incorporated)
    Task: {A9852D42-FBC2-4251-A5D0-4A190F4A4878} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)
    Task: {DE58BA22-0AF5-4E54-B9EB-3661B6391536} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
    Task: {FA147EBC-D755-42AC-8796-F68D002B7C0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: {FD20A8A6-C32B-44F4-B753-28A6FAE738FF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-07-11] (Hewlett-Packard Company)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Admin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-08-11 02:27 - 2015-08-11 02:27 - 00032768 ____N () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-08-19 13:48 - 2015-08-11 04:13 - 00413184 ____N () C:\WINDOWS\System32\diagtrack_win.dll
    2015-10-14 17:46 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-14 17:46 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-14 17:45 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
    2015-12-09 01:39 - 2015-11-24 23:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-09 01:39 - 2015-11-24 23:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-09 01:39 - 2015-11-24 23:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-14 17:46 - 2015-09-17 00:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
    2015-09-07 23:03 - 2015-08-31 16:45 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
    2015-09-07 23:02 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2015-09-07 23:02 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2015-09-07 23:02 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\1001movie.com -> 1001movie.com
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\1001night.biz -> 1001night.biz
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\100gal.net -> 100gal.net
    IE restricted site: HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\100sexlinks.com -> 100sexlinks.com

    There are 4788 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 75.75.75.75 - 75.75.76.76
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMD FUEL Service => 2
    MSCONFIG\Services: Disc Soft Lite Bus Service => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: hpqwmiex => 3
    MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
    MSCONFIG\Services: LiveUpdateSvc => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: RealPlayerUpdateSvc => 2
    MSCONFIG\Services: RealTimes Desktop Service => 2
    MSCONFIG\Services: ScDeviceEnum => 3
    MSCONFIG\Services: SynTPEnhService => 2
    MSCONFIG\Services: XblAuthManager => 3
    MSCONFIG\Services: XblGameSave => 3
    MSCONFIG\Services: XboxNetApiSvc => 3
    MSCONFIG\startupreg: OneDrive => "c:\users\admin\appdata\local\microsoft\onedrive\onedrive.exe" /background
    MSCONFIG\startupreg: RealDownloader =>
    MSCONFIG\startupreg: StartCCC => "c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe" msrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "c:\program files (x86)\common files\java\java update\jusched.exe"
    MSCONFIG\startupreg: SynTPEnh =>
    MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
    HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
    HKLM\...\StartupApproved\Run32: => "RealDownloader"
    HKLM\...\StartupApproved\Run32: => "TkBellExe"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "SynTPEnh"
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\StartupApproved\Run: => "Advanced SystemCare 9"
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\StartupApproved\Run: => "FlashPlayerUpdate"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{77347B98-D57C-491D-9338-296B10936542}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{2EC3F73B-FC16-4C9D-9FF3-43CC50830004}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/24/2015 09:00:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f38c5
    Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16590, time stamp: 0x563ad512
    Exception code: 0xc000027b
    Fault offset: 0x000000000006646f
    Faulting process id: 0xe30
    Faulting application start time: 0xbackgroundTaskHost.exe0
    Faulting application path: backgroundTaskHost.exe1
    Faulting module path: backgroundTaskHost.exe2
    Report Id: backgroundTaskHost.exe3
    Faulting package full name: backgroundTaskHost.exe4
    Faulting package-relative application ID: backgroundTaskHost.exe5

    Error: (12/24/2015 05:00:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f38c5
    Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16590, time stamp: 0x563ad512
    Exception code: 0xc000027b
    Fault offset: 0x000000000006646f
    Faulting process id: 0x1520
    Faulting application start time: 0xbackgroundTaskHost.exe0
    Faulting application path: backgroundTaskHost.exe1
    Faulting module path: backgroundTaskHost.exe2
    Report Id: backgroundTaskHost.exe3
    Faulting package full name: backgroundTaskHost.exe4
    Faulting package-relative application ID: backgroundTaskHost.exe5

    Error: (12/24/2015 04:18:04 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: CompatTelRunner.exe, version: 10.0.10240.16590, time stamp: 0x563ad31a
    Faulting module name: msvcrt.dll, version: 7.0.10240.16384, time stamp: 0x559f3b84
    Exception code: 0xc0000005
    Fault offset: 0x0000000000073bc5
    Faulting process id: 0xa00
    Faulting application start time: 0xCompatTelRunner.exe0
    Faulting application path: CompatTelRunner.exe1
    Faulting module path: CompatTelRunner.exe2
    Report Id: CompatTelRunner.exe3
    Faulting package full name: CompatTelRunner.exe4
    Faulting package-relative application ID: CompatTelRunner.exe5

    Error: (12/24/2015 01:00:09 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10240.16384, time stamp: 0x559f38c5
    Faulting module name: twinapi.appcore.dll, version: 10.0.10240.16590, time stamp: 0x563ad512
    Exception code: 0xc000027b
    Fault offset: 0x000000000006646f
    Faulting process id: 0xf38
    Faulting application start time: 0xbackgroundTaskHost.exe0
    Faulting application path: backgroundTaskHost.exe1
    Faulting module path: backgroundTaskHost.exe2
    Report Id: backgroundTaskHost.exe3
    Faulting package full name: backgroundTaskHost.exe4
    Faulting package-relative application ID: backgroundTaskHost.exe5

    Error: (12/23/2015 10:36:15 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: readerdc_en_a_install.exe, version: 2.0.0.94, time stamp: 0x56655ca9
    Faulting module name: readerdc_en_a_install.exe, version: 2.0.0.94, time stamp: 0x56655ca9
    Exception code: 0xc0000005
    Fault offset: 0x00078dee
    Faulting process id: 0xafc
    Faulting application start time: 0xreaderdc_en_a_install.exe0
    Faulting application path: readerdc_en_a_install.exe1
    Faulting module path: readerdc_en_a_install.exe2
    Report Id: readerdc_en_a_install.exe3
    Faulting package full name: readerdc_en_a_install.exe4
    Faulting package-relative application ID: readerdc_en_a_install.exe5

    Error: (12/23/2015 10:35:08 PM) (Source: MsiInstaller) (EventID: 11719) (User: SEANARMOLT)
    Description: Product: Java 8 Update 66 (64-bit) -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

    Error: (12/23/2015 10:18:09 PM) (Source: MsiInstaller) (EventID: 11719) (User: SEANARMOLT)
    Description: Product: Java 8 Update 66 (64-bit) -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

    Error: (12/23/2015 10:15:22 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: readerdc_en_a_install.exe, version: 2.0.0.94, time stamp: 0x56655ca9
    Faulting module name: readerdc_en_a_install.exe, version: 2.0.0.94, time stamp: 0x56655ca9
    Exception code: 0xc0000005
    Fault offset: 0x00078dee
    Faulting process id: 0xb5c
    Faulting application start time: 0xreaderdc_en_a_install.exe0
    Faulting application path: readerdc_en_a_install.exe1
    Faulting module path: readerdc_en_a_install.exe2
    Report Id: readerdc_en_a_install.exe3
    Faulting package full name: readerdc_en_a_install.exe4
    Faulting package-relative application ID: readerdc_en_a_install.exe5

    Error: (12/23/2015 10:11:09 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: flashplayer20_a_install.exe, version: 2.0.0.94, time stamp: 0x56655ca9
    Faulting module name: flashplayer20_a_install.exe, version: 2.0.0.94, time stamp: 0x56655ca9
    Exception code: 0xc000041d
    Fault offset: 0x00078dee
    Faulting process id: 0x10a0
    Faulting application start time: 0xflashplayer20_a_install.exe0
    Faulting application path: flashplayer20_a_install.exe1
    Faulting module path: flashplayer20_a_install.exe2
    Report Id: flashplayer20_a_install.exe3
    Faulting package full name: flashplayer20_a_install.exe4
    Faulting package-relative application ID: flashplayer20_a_install.exe5

    Error: (12/23/2015 10:10:55 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: flashplayer20_a_install.exe, version: 2.0.0.94, time stamp: 0x56655ca9
    Faulting module name: flashplayer20_a_install.exe, version: 2.0.0.94, time stamp: 0x56655ca9
    Exception code: 0xc0000005
    Fault offset: 0x00078dee
    Faulting process id: 0x10a0
    Faulting application start time: 0xflashplayer20_a_install.exe0
    Faulting application path: flashplayer20_a_install.exe1
    Faulting module path: flashplayer20_a_install.exe2
    Report Id: flashplayer20_a_install.exe3
    Faulting package full name: flashplayer20_a_install.exe4
    Faulting package-relative application ID: flashplayer20_a_install.exe5


    System errors:
    =============
    Error: (12/23/2015 05:27:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (12/23/2015 05:27:06 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
    Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.

    Error: (12/22/2015 11:45:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073b0f: HP Explore.

    Error: (12/22/2015 11:45:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: HP Explore.

    Error: (12/22/2015 11:45:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073b0f: HP Explore.

    Error: (12/22/2015 06:49:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (12/22/2015 06:43:46 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
    Description: The system watchdog timer was triggered.

    Error: (12/22/2015 06:45:21 PM) (Source: BugCheck) (EventID: 1001) (User: )
    Description: 0x00000154 (0xffffe001a2516000, 0xffffd00022bcbd00, 0x0000000000000000, 0x0000000000000000)C:\WINDOWS\MEMORY.DMP122215-77984-01

    Error: (12/22/2015 06:45:01 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 6:14:24 PM on ‎12/‎22/‎2015 was unexpected.

    Error: (12/22/2015 06:43:43 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
    Description: 32212254734758136570308360


    ==================== Memory info ===========================

    Processor: AMD A4-3300M APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 50%
    Total physical RAM: 3562.9 MB
    Available physical RAM: 1753.75 MB
    Total Virtual: 4202.9 MB
    Available Virtual: 1834.3 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:450.73 GB) (Free:358.3 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:14.73 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    Drive h: (ESD-ISO) (CDROM) (Total:3.12 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5D644BB8)
    Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=14.7 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

    ==================== End of Addition.txt ============================

    Results of screen317's Security Check version 1.014 --- 12/23/15
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java 8 Update 60
    Java version 32-bit out of Date!
    Adobe Flash Player 19.0.0.185 Flash Player out of Date!
    Mozilla Firefox (43.0.2)
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````

  4. #4
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: Possibly Infected.

    Hi, Sean. Thanks you for the logs.

    The only sign of Minecraft showing in the logs is the System Restore point, "23-12-2015 16:59:36 Installed Minecraft". As to the sound card, that may be a hardware issue. However, let's take a look at what I saw in the logs:

    1. Yes, the version of Java on your computer is out of date, likely because it has been disabled via MSConfig (see #4 below). Although most people do not need Java on their computer, there are some programs and games that require Java. In the event you need to continue using Java, How-to Geek discovered a little-known and unpublicized option in the Java Control Panel to suppress the offers for the pre-checked unwanted extras that Oracle has long included with the updates. Although the Ask Toolbar has been removed, that does not preclude the pre-checked option for some other unnecessary add-on.

    If you wish to keep Java on your computer, I suggest you do the following to suppress the sponsor offers:

    • Launch the Windows Start menu
    • Click on Programs
    • Find the Java program listing
    • Click Configure Java to launch the Java Control Panel
    • Click the Advanced tab and go to the "Miscellaneous" section at the bottom.
    • Check the box by the “Suppress sponsor offers when installing or updating Java” option and click OK.



    Following that, get the latest version from Download Free Java Software.

    2. Although Flash Player in Windows 10 is updated as part of the automatic security updates, you still need to update Flash Player for Firefox, the FlashPlayerUpdate also disabled via MSConfig. Following is a direct download link: Non-IE Plugin (Opera, Firefox, Etc.), http://download.macromedia.com/get/f..._20_plugin.exe

    3. Based on IOBit's past practices, I wouldn't run it on my computer. See the following for additional information:
    -- IOBit Steals Malwarebytes' Intellectual Property
    -- IOBit’s Denial of Theft Unconvincing
    -- IOBit Theft Conclusion

    In addition, system optimizers, such as Advanced System Care, provide no advantage and generally do more harm than good. I strongly suggest you consider uninstalling the following:

    Advanced SystemCare 9 (HKLM-x32\...\Advanced SystemCare_is1) (Version: 9.0.3 - IObit)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.1.0.21 - IObit)


    4. From Using System Configuration (msconfig) - Windows Help:

    System Configuration is a tool that can help identify problems that might prevent Windows from starting correctly. You can start Windows with common services and startup programs turned off and then turn them back on, one at a time. If a problem doesn't occur when a service is turned off, but does occur when that service is turned on, then the service could be the cause of the problem.

    System Configuration is intended to find and isolate problems, but it's not meant as a startup management program. {Bold added}
    In other words, MSConfig is useful for troubleshooting but not for managing startup programs. Using MSConfig can lock malware in the registry, only to become apparent should it be restored to normal start up. In addition, there is no automated way of changing the setting. In addition, having removed the Oracle Sun Java and FlashPlayer update exe files from startup has resulted in both being outdated and vulnerable. After adding programs to MSConfig, each has to be done manually, which is what I suggest that you do:

    a. Click start, type msconfig in the search box, open msconfig, click on the start up tab. Put a check mark in each entry, reboot the computer.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AdobeARMservice => 2
    MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMD FUEL Service => 2
    MSCONFIG\Services: Disc Soft Lite Bus Service => 3
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: hpqwmiex => 3
    MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
    MSCONFIG\Services: LiveUpdateSvc => 2
    MSCONFIG\Services: MBAMScheduler => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: RealPlayerUpdateSvc => 2
    MSCONFIG\Services: RealTimes Desktop Service => 2
    MSCONFIG\Services: ScDeviceEnum => 3
    MSCONFIG\Services: SynTPEnhService => 2
    MSCONFIG\Services: XblAuthManager => 3
    MSCONFIG\Services: XblGameSave => 3
    MSCONFIG\Services: XboxNetApiSvc => 3
    MSCONFIG\startupreg: OneDrive => "c:\users\admin\appdata\local\microsoft\onedrive\onedrive.exe" /background
    MSCONFIG\startupreg: RealDownloader =>
    MSCONFIG\startupreg: StartCCC => "c:\program files (x86)\ati technologies\ati.ace\core-static\amd64\clistart.exe" msrun
    MSCONFIG\startupreg: SunJavaUpdateSched => "c:\program files (x86)\common files\java\java update\jusched.exe"
    MSCONFIG\startupreg: SynTPEnh =>
    MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\update\realsched.exe" -osboot
    HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk"
    HKLM\...\StartupApproved\Run32: => "RealDownloader"
    HKLM\...\StartupApproved\Run32: => "TkBellExe"
    HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
    HKLM\...\StartupApproved\Run32: => "SynTPEnh"
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\StartupApproved\Run: => "Advanced SystemCare 9"
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\...\StartupApproved\Run: => "FlashPlayerUpdate"
    b. Next, if there are items you wish to remove from Startup, with Windows 10, you can easily manage Startup items with Task Manager. See the instructions below, copied from How to Use the New Task Manager in Windows 8 or 10 by How-to-Geek:

    Startup Programs

    The Startup tab shows the applications that automatically start with your computer. Windows finally has a way to easily disable startup programs. Windows also measures just how long each application is delaying your startup, so you can make informed decisions.



    5. Please do the following to run FRST:

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

    • Open Notepad (Start =>All Programs => Accessories => Notepad).
    • Copy/Paste the entire contents of the code box below into Notepad.

    Code:
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\SOFTWARE\Policies\Microsoft\Internet  Explorer: Restriction <======= ATTENTION
    BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
    BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    EmptyTemp:
    end
    • Click Format and ensure Wordwrap is unchecked.
    • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
      • Press the Fix button once and wait.
      • FRST will process fixlist.txt
      • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
      • Please post the log in your next reply.




    6. In addition to the requested log, please advise whether you elected to follow my recommendation and uninstall the programs in #3 above.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  5. #5

    Re: Possibly Infected.

    OK I have tried steps 1 - 3 but am having problems with 1 and 2. Step 1 comes up with Erroe code 1603, and Step 2 will not run at all. As for 3 I have uninstalled both programs. Will try the rest of the steps today.

  6. #6

    Re: Possibly Infected.

    Step 4. I'm running windows 10, so not sure if you want all programs enabled or disabled.

  7. #7

    Re: Possibly Infected.

    Step 5.

    Fix result of Farbar Recovery Scan Tool (x64) Version:23-12-2015
    Ran by Admin (2015-12-27 15:33:06) Run:1
    Running from C:\Users\Admin\Desktop
    Loaded Profiles: Admin (Available Profiles: Admin)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO-x32: No Name -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> No File
    BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    EmptyTemp:
    end
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    HKU\S-1-5-21-1833631763-2706768176-790802966-1008\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION => Error: No automatic fix found for this entry.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{3049C3E9-B461-4BC5-8870-4C09146192CA} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.

    EmptyTemp: => 894.8 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 15:36:37 ====

    Adobe installed after reboot. Not sure if everything is fixed but will try installing Chrome again to see if it worked.

  8. #8

    Re: Possibly Infected.

    Chrome instalation error 0x80004002.
    Tried to run Java installation and it would not even bring up the intallation window.
    Please help I'm a bit desperate.
    Many of my programs are refusing to run or work the way are supposed to.

  9. #9
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: Possibly Infected.

    Hi, Sean.

    What I meant by #4 is that using MSConfig to disable startup programs is not the correct way to handle programs you don't want launching at startup. With Windows 10, disabling unwanted startup programs should be done as illustrated above. That way, if the program (legitimate or malware) is removed, the remnants are not left behind.

    Regarding the Chrome installation error -- What did you do to Chrome? The extensions and Google update are shown as installed, although the update is disabled via MSConfig. In looking at your thread when you were attempting to update to Windows 10, Google Chrome was properly installed then.

    That said, I'm also seeing Windows Update failures. So, after consulting with Aura regarding the issues had previously, he suggested it wouldn't hurt to try Windows Repair All-In-One again. Please do the following:

    NOTE: Before following to step below, please disable your Antivirus software or any other real-time security software that you have enabled.
    • Boot in Safe Mode with Networking: The easiest way with Windows 10 is press and hold the shift key while clicking on Restart at the login Screen (Bottom right corner) -> Troubleshoot -> Advanced Options -> Startup Settings -> Restart ->Choose Enable Safe mode with networking.
    • Download the portable version of Windows Repair All-In-One;
    • Move the file (archive) on your Desktop, and extract it there;
    • Go in the tweaking.com_windows_repair_aio folder, then Tweaking.com - Windows Repair folder, right-click on Repair_Windows.exe and select Run as Administrator;
    • From there, click on the Next button until you are presented with an Open Repairs button and click on it;
    • Let the Registry back up complete, and move on to the check-list window;
    • Click on the Unselect All button at the bottom, then check the following items:
      • Reset Registry Permissions;
      • Reset File Permissions;
      • Repair Windows Update;
      • Remove Temp Files;
    • Once done, click on the Start Repairs button and let the scan execute;
    • If you are being prompted with a Security Warning, allow it to go through;
    • Once the repair is complete, it'll ask you to restart your computer, please do it;


    Now see if you can reinstall Google Chrome, update Java and Flash Player.
    Last edited by Corrine; 12-28-2015 at 10:17 PM.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  10. #10

    Re: Possibly Infected.

    Not sure what happened with Chrome. All I know is that one day I tred to run it and it failed. I uninstalled it and tried to re-install and it does nothing at all. As for using the tweaking program I get the message runtime "0:" no matter how I try to run the program either normal boot or safe boot. But I will try one more time.

  11. #11

    Re: Possibly Infected.

    Still the same Run Time "0". Please help me find a way to get this computer running correctly again.

  12. #12
    xilolee's Avatar
    Join Date
    Dec 2013
    Location
    World, Europe, Italy
    Posts
    2,192
    • specs System Specs
      • Manufacturer:
        XILOLEE.com
      • Model Number:
        XILO
      • Motherboard:
        ASROCK FM2A88M Pro3+ chipset A88X Bolton-D4
      • CPU:
        A10-7800, 4 CPU, 4 thr, 65/45W, FM2+, 28nm, Steamroller/Kaveri
      • Memory:
        10GB (Nanya and kingston ddr3-1333 9-9-9-24)
      • Graphics:
        Radeon R7 720MHz (8 GPU cores, integrated in CPU)
      • Sound Card:
        RealTek ALC662 (integrated in MB)
      • Hard Drives:
        Seagate ST500DM002-1BD142 500GB 7200RPM
      • Power Supply:
        SuperFlower 450W 80+ Platinum (SF-450P14PE)
      • Case:
        Sharkoon VG4-S
      • Cooling:
        Realtek RTL8111GR (NIC integrated in MB)
      • Display:
        Samsung SyncMaster SA100 LS22A100NS-EN
      • Operating System:
        Windows 10 Home/Standard x64

    Re: Possibly Infected.

    Hi.
    I found these two links on microsoft:

    - "No such interface supported. (0x80004002)" error message when you use Microsoft Baseline Security Analyzer to download the Mssecure.cab security update (click)
    This is for WinXP and MBSA, by the way I saw you installed RealDownloader (I don't know where you found it): you could try to uninstall it and see if things come back to normality.

    - Windows Update error 80004002 (click)
    This is for windows 7, hence I won't try the links inside it.
    Windows Update Troubleshooter for windows 10 (click)

  13. #13

    Re: Possibly Infected.

    I know this is the Holiday Season, but am I still getting help?

  14. #14
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: Possibly Infected.

    Thanks, xilolee, but windows update errors are the least of the problem.

    Sorry for the delay in responding, Sean. My area of specialty is malware removal and I'm not finding anything helpful for Run Time "0" on Windows 10. Since you cannot run programs, thus System File Checker won't run, beyond creating yet another new Admin account (as you had to do before upgrading to Windows 10), there are Recovery options in Windows 10.

    However, it would be helpful if you could provide the exact error message you get when you attempt to install a program and anything else you think would be helpful. With that information, I can get other members of the team to provide suggestions.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  15. #15

    Re: Possibly Infected.

    Most of the time I don't get any type of error messages. Either I get nothing to run, or it will pop up and disappear ( Mainly Windows programs, ie. photos ). Only other error message I've been getting is Adobe Acrobat Reader update I get error code 1601.

  16. #16
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: Possibly Infected.

    1. Let's start with seeing if unregister and reregistering the windows installer service helps:

    A. Click on the Start menu, click on Run.
    B. In the Open box, type msiexec /unreg, and then press ENTER.
    C. On the Start menu, click Run.
    D. In the Open box, type msiexec /regserver, and then press ENTER.

    Try one of the updates again and if still a problem, continue . . .

    2. Please perform a SFC (System File Checker) scan which will check and fix any corrupted files on your system.
    • Right-click the Windows Icon and select Command Prompt (Admin).
    • If you are prompted for an administrator password or confirmation, type your password or click Continue
    • At the command prompt, type the following line, and then press ENTER: sfc /scannow (note the space before the slash)
    • Restart your computer.


    3. Run DISM
    • Right-click the Windows Icon and select Command Prompt (Admin).
    • If you are prompted for an administrator password or confirmation, type your password or click Continue
    • At the command prompt, type the following line, and then press ENTER: Dism /Online /Cleanup-Image /RestoreHealth (note the space before the slash)
    • Restart your computer.


    Please let us know the results.
    Evyatar says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  17. #17

    Re: Possibly Infected.

    OK, I was finally able to run these 3 steps:

    1. No Change
    2. Windows Resource Protection did not find any integrity violations.
    3. No Change

    Starting to really think Windows Installer is corrupted.

  18. #18
    xilolee's Avatar
    Join Date
    Dec 2013
    Location
    World, Europe, Italy
    Posts
    2,192
    • specs System Specs
      • Manufacturer:
        XILOLEE.com
      • Model Number:
        XILO
      • Motherboard:
        ASROCK FM2A88M Pro3+ chipset A88X Bolton-D4
      • CPU:
        A10-7800, 4 CPU, 4 thr, 65/45W, FM2+, 28nm, Steamroller/Kaveri
      • Memory:
        10GB (Nanya and kingston ddr3-1333 9-9-9-24)
      • Graphics:
        Radeon R7 720MHz (8 GPU cores, integrated in CPU)
      • Sound Card:
        RealTek ALC662 (integrated in MB)
      • Hard Drives:
        Seagate ST500DM002-1BD142 500GB 7200RPM
      • Power Supply:
        SuperFlower 450W 80+ Platinum (SF-450P14PE)
      • Case:
        Sharkoon VG4-S
      • Cooling:
        Realtek RTL8111GR (NIC integrated in MB)
      • Display:
        Samsung SyncMaster SA100 LS22A100NS-EN
      • Operating System:
        Windows 10 Home/Standard x64

    Re: Possibly Infected.

    It could help if you check to have msi*.LOG files in c:\windows\temp and post the content of the most recent three here (possibly inside show/hide tags-button).
    It is obviously better if you try to install/uninstall programs and then post their logs.

    If you haven't got them, check in the registry (regedit) if you have this value:
    Code:
    registry path: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]
    string value: "Logging"="voicewarmupx"
    I did not modify it.
    Hence it was here from the beginning or it was added by an undefined program I used, but I think is true the first.
    Corrine says thanks for this.

  19. #19
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,779

    Re: Possibly Infected.

    Thanks for the suggestion, xilolee. Sean, I've also pointed staff members to this thread asking for suggestions.
    Evyatar says thanks for this.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  20. #20
    niemiro's Avatar
    Join Date
    Mar 2012
    Location
    District 12
    Posts
    7,854

    Re: Possibly Infected.

    Hello Sean :)

    Could you please run a memory test for me as outline at this link: Test RAM With Memtest86+

    This computer is a real mess. As one of the Windows Update team here I've gone over your previous thread and logfiles in depth looking for clues. There are so many things going on that it's actually really hard to see what's causing what, what's separate from what, and what the root causes are.

    Figuring that out will involve taking a large number of logfiles and process memory captures in a single go then sending them to me. I'll go over them with a really fine tooth comb and try to piece everything back together to arrive at a single root cause. Hopefully

    Before we do that though I first want to check that the computer is stable and isn't shifting around from underneath us like quicksand. For this reason I want to stress test the system hardware and make sure it's functioning to standard. If it is we'll jump in with the logfiles.

    Richard
    Corrine and Evyatar say thanks for this.

Similar Threads

  1. Replies: 16
    Last Post: 08-06-2015, 03:20 PM
  2. Replies: 2
    Last Post: 04-08-2015, 03:18 AM
  3. [SOLVED] WIN 2011 SBS with possibly destroyed reg
    By DarkLordSilver in forum Windows Update
    Replies: 9
    Last Post: 05-28-2014, 06:18 PM
  4. BSOD when gaming (Possibly atikmdag.sys related?)
    By sheldonjace in forum BSOD, Crashes, Kernel Debugging
    Replies: 15
    Last Post: 02-14-2014, 03:42 AM
  5. 8.1 audio popping, new system, possibly related to high DPC
    By advocation in forum Windows 8 | Windows RT
    Replies: 11
    Last Post: 01-27-2014, 08:12 PM

Log in

Log in