[Help Removing Malware]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Family (administrator) on FAMILY-PC (05-12-2015 08:56:20)
Running from C:\Users\Family\Downloads
Loaded Profiles: Family (Available Profiles: Family & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Aladdin Knowledge Systems Ltd.) C:\Windows\System32\hasplms.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(GeoComply) C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe\Calculator.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1136552 2015-11-12] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-03-14] (Acresso Corporation)
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\Run: [BitTorrent] => C:\Users\Family\AppData\Roaming\BitTorrent\BitTorrent.exe [1977192 2015-11-08] (BitTorrent Inc.)
HKU\S-1-5-21-125191153-927833046-2172898461-1000\...\MountPoints2: {6e82fd09-1856-11e5-8e12-74d43550f80c} - "F:\autorun.exe" 
IFEO\dtagent.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dtlauncher.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\et6sc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\idriver.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-06-21]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-06-21]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{200c7f0a-4139-46dc-a209-da732e06bd40}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U220DHP&pc=U220
HKU\S-1-5-21-125191153-927833046-2172898461-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MCM_WCP
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-28] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-28] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)

FireFox:
========
FF ProfilePath: C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\k6snqj97.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: Google.com
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=3 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [2015-07-19] (GeoComply Inc.)
FF Plugin-x32: @ums.geocomply.com/GeoComply Update;version=9 -> C:\Program Files (x86)\GeoComply\Update\2.1.2.7\npGoogleUpdate3.dll [2015-07-19] (GeoComply Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin-x32: geocomply.com/player_location_check -> C:\Program Files (x86)\GeoComply\PlayerLocationCheck\Application\npapi\npplayer_location_check.dll [2015-07-19] (GeoComply)
FF Plugin HKU\S-1-5-21-125191153-927833046-2172898461-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Family\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-26] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.aol.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Docs Offline) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (My Photo Tab) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmofbadmgolpibnjflbihlaecnhhaanb [2015-06-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-01]
CHR Extension: (Bitdefender QuickScan) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2015-11-23]
CHR Extension: (Gmail) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-06]
CHR Extension: (Space Planet) - C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb [2015-08-01]
CHR HKLM-x32\...\Chrome\Extension: [kmofbadmgolpibnjflbihlaecnhhaanb] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-11-12] (AVG Technologies CZ, s.r.o.)
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [39376 2015-03-12] (Alcohol Soft Development Team)
S2 GeoComplyUpdate; C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [166360 2015-07-19] (GeoComply Inc.)
S3 GeoComplyUpdateM; C:\Program Files (x86)\GeoComply\Update\GeoComplyUpdate.exe [166360 2015-07-19] (GeoComply Inc.)
S4 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-21] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 Player Location Check; C:\Program Files (x86)\GeoComply\\PlayerLocationCheck\Application\service.exe [3431824 2015-07-19] (GeoComply)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4378024 2015-11-23] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48552 2015-11-23] (AVG Technologies CZ, s.r.o.)
R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [42408 2015-11-23] (AVG Technologies CZ, s.r.o.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows (R) Win 7 DDK provider)
R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows (R) Win 7 DDK provider)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-06-15] (Disc Soft Ltd)
R1 GizmoDrv; C:\Windows\System32\Drivers\GizmoDrv.sys [34704 2015-06-16] (Arainia Solutions LLC)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-08-19] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
R3 tapoas; C:\Windows\System32\drivers\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [31144 2015-10-14] (TuneUp Software)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 08:56 - 2015-12-05 08:56 - 00019093 _____ C:\Users\Family\Downloads\FRST.txt
2015-12-05 08:56 - 2015-12-05 08:56 - 00000000 ____D C:\FRST
2015-12-05 08:55 - 2015-12-05 08:56 - 02369024 _____ (Farbar) C:\Users\Family\Downloads\FRST64.exe
2015-12-05 08:33 - 2015-12-05 08:33 - 00016148 _____ C:\WINDOWS\system32\FAMILY-PC_Family_HistoryPrediction.bin
2015-11-27 22:04 - 2015-11-27 22:04 - 00012959 _____ C:\Users\Family\Desktop\malware.txt
2015-11-27 21:51 - 2015-11-27 21:51 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-27 21:50 - 2015-11-27 21:50 - 22908888 _____ (Malwarebytes ) C:\Users\Family\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-27 21:50 - 2015-11-27 21:50 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-27 21:50 - 2015-11-27 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-27 21:50 - 2015-11-27 21:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-27 21:50 - 2015-11-27 21:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-27 21:50 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-27 21:50 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-27 21:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-24 07:08 - 2015-11-24 07:08 - 00002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2015-11-24 07:03 - 2015-11-23 16:37 - 00048552 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\uxtuneup.dll
2015-11-24 07:03 - 2015-11-23 16:37 - 00042408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\uxtuneup.dll
2015-11-24 07:02 - 2015-11-24 07:02 - 00000000 ____D C:\Users\Default\AppData\Roaming\AVG
2015-11-24 07:02 - 2015-11-24 07:02 - 00000000 ____D C:\Users\Default\AppData\Local\AVG
2015-11-24 07:02 - 2015-11-24 07:02 - 00000000 ____D C:\Users\Default User\AppData\Roaming\AVG
2015-11-24 07:02 - 2015-11-24 07:02 - 00000000 ____D C:\Users\Default User\AppData\Local\AVG
2015-11-23 17:32 - 2015-11-23 17:34 - 00000000 ____D C:\Program Files\WhoCrashed
2015-11-23 17:32 - 2015-11-23 17:32 - 02256552 _____ (Resplendence Software Projects Sp. ) C:\Users\Family\Downloads\whocrashedSetup.exe
2015-11-23 17:32 - 2015-11-23 17:32 - 00000887 _____ C:\Users\Family\Desktop\WhoCrashed.lnk
2015-11-23 17:32 - 2015-11-23 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WhoCrashed
2015-11-23 11:56 - 2015-11-23 11:56 - 00509440 _____ (Tech Support Guy System) C:\Users\Family\Downloads\SysInfo.exe
2015-11-23 11:44 - 2015-11-26 10:09 - 00000000 ____D C:\Users\Family\AppData\Roaming\QuickScan
2015-11-23 11:44 - 2015-11-23 11:44 - 00039480 _____ C:\Users\Family\Downloads\qsinstaller.exe
2015-11-23 10:51 - 2015-11-23 10:51 - 00000000 ____D C:\$SysReset
2015-11-13 07:28 - 2015-11-13 07:28 - 00002922 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-11-12 22:31 - 2015-11-12 22:31 - 00003798 _____ C:\WINDOWS\System32\Tasks\Java Platform SE Auto Updater
2015-11-12 22:19 - 2015-11-24 07:03 - 00002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2015-11-12 22:19 - 2015-11-24 07:03 - 00002124 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2015-11-12 22:19 - 2015-11-23 16:41 - 00046504 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2015-11-12 22:19 - 2015-11-23 16:37 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
2015-11-12 22:19 - 2015-11-23 16:37 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
2015-11-12 22:16 - 2015-11-12 22:16 - 117509878 ____R C:\Users\Family\Downloads\AVG PC TuneUp 2016 16.3.1.24857 (x64) Multilingual + Keys [4realtorrentz].zip
2015-11-12 22:11 - 2015-11-12 22:12 - 00000000 ____D C:\Users\Family\Downloads\AVG PC TuneUp 2015 15.0.1001.238 Final Incl. Crack & Key [ATOM]
2015-11-12 15:24 - 2015-11-12 22:18 - 00000000 ____D C:\Users\Family\AppData\Roaming\AVG
2015-11-12 15:23 - 2015-11-12 15:23 - 00000000 ____D C:\Users\Family\AppData\Roaming\TuneUp Software
2015-11-12 15:21 - 2015-11-25 06:43 - 00000000 ____D C:\ProgramData\Avg
2015-11-12 15:21 - 2015-11-25 06:43 - 00000000 ____D C:\Program Files (x86)\AVG
2015-11-12 15:20 - 2015-11-25 06:43 - 00000000 ____D C:\ProgramData\MFAData
2015-11-12 15:20 - 2015-11-12 22:18 - 00000000 ____D C:\Users\Family\AppData\Local\AvgSetupLog
2015-11-12 15:20 - 2015-11-12 22:18 - 00000000 ____D C:\Users\Family\AppData\Local\Avg
2015-11-12 15:20 - 2015-11-12 15:20 - 00000000 ____D C:\Users\Family\AppData\Local\MFAData
2015-11-12 15:20 - 2015-11-12 15:20 - 00000000 ____D C:\Users\Family\AppData\Local\Avg2015
2015-11-12 15:16 - 2015-11-12 15:18 - 377196995 ____R C:\Users\Family\Downloads\AVG Antivirus Pro 2015 15.0 Build 6081 (x86x64) Multilingual + Keys [4realtorrentz].rar
2015-11-11 01:23 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-11-11 01:23 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 01:23 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-11-11 01:23 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 01:23 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-11 01:23 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-11 01:23 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-11-11 01:23 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 01:23 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-11-11 01:23 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 01:23 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-11-11 01:23 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-11 01:23 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-11-11 01:23 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-11 01:23 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 01:23 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-11-11 01:23 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-11-11 01:23 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-11 01:23 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-11-11 01:23 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-11-11 01:23 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 01:23 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-11-11 01:23 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-11 01:23 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-11-11 01:23 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-11-11 01:23 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 01:23 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 01:23 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-11-11 01:23 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-11-11 01:22 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 01:22 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-11 01:22 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-11-11 01:22 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-11 01:22 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 01:22 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-11-11 01:22 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-11-11 01:22 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-11 01:22 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2015-11-11 01:22 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-11-11 01:22 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 01:22 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-11-11 01:22 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 01:22 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-11-11 01:22 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 01:22 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-11-11 01:22 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-11-11 01:22 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-11-11 01:22 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-11-11 01:22 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-11-11 01:22 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-11-11 01:22 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 01:22 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 01:22 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-11 00:54 - 2015-11-11 00:54 - 00000000 ____D C:\Users\Family\Downloads\Wide Open Housewife (Marc Dorcel) XXX DVDRip NEW 2015
2015-11-11 00:52 - 2015-11-11 00:52 - 00000000 ____D C:\Users\Family\Downloads\Rachel RoXXX (Doctor Daydream)
2015-11-11 00:43 - 2015-11-11 00:47 - 322726449 ____R C:\Users\Family\Downloads\ob_bg_anna_polina_dl081315_480p_1500.mp4
2015-11-11 00:34 - 2015-11-11 00:51 - 00000000 ____D C:\Users\Family\Downloads\My Asian Hotwife
2015-11-11 00:25 - 2015-11-11 00:29 - 1364236385 ____R C:\Users\Family\Downloads\Manon.Secretaire.Debutante.mp4
2015-11-08 15:35 - 2015-11-12 22:11 - 00000000 ____D C:\Users\Family\AppData\LocalLow\BitTorrent
2015-11-08 14:23 - 2015-11-08 14:37 - 1942466625 ____R C:\Users\Family\Downloads\Star Wars XXX A Porn Parody.mp4
2015-11-07 09:58 - 2015-11-07 09:58 - 00133054 _____ C:\Users\Family\Downloads\MSB_DaculaSprolesLease_2015-2016_rev1 (1).pdf
2015-11-07 09:53 - 2015-11-07 09:53 - 00133054 _____ C:\Users\Family\Downloads\MSB_DaculaSprolesLease_2015-2016_rev1.pdf
2015-11-06 15:09 - 2015-11-10 22:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 11:35 - 2015-11-06 11:35 - 00000000 ____D C:\Users\Family\AppData\Local\CEF
2015-11-06 11:34 - 2015-11-26 07:44 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-06 11:34 - 2015-11-06 11:34 - 00002124 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-06 11:16 - 2015-11-06 11:16 - 00000000 ____D C:\ProgramData\ATI

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-05 08:56 - 2015-07-10 04:05 - 00000000 ____D C:\Windows
2015-12-05 08:49 - 2015-07-19 19:44 - 00000928 _____ C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineUA.job
2015-12-05 08:45 - 2015-06-04 20:08 - 00000684 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000.job
2015-12-05 08:35 - 2015-05-26 12:55 - 00000588 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000.job
2015-12-05 08:33 - 2014-05-15 04:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-05 08:30 - 2014-05-15 11:26 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-05 06:19 - 2015-10-05 20:35 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ACE0B974-CBAD-4680-9DDC-3ADD882E5C97}
2015-12-05 03:30 - 2014-05-15 11:26 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-04 22:30 - 2015-08-18 17:28 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2015-12-04 20:49 - 2015-07-19 19:44 - 00000924 _____ C:\WINDOWS\Tasks\GeoComplyUpdateTaskMachineCore.job
2015-12-04 19:30 - 2015-08-21 05:54 - 00005214 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Family-PC-Family Family-PC
2015-12-04 10:52 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-04 06:48 - 2015-07-10 06:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-03 20:03 - 2015-07-10 06:02 - 00000000 ____D C:\WINDOWS\INF
2015-12-03 14:32 - 2014-05-15 11:26 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-02 03:25 - 2014-05-15 11:26 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-02 03:25 - 2014-05-15 11:26 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-11-30 09:25 - 2014-05-15 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-11-27 22:15 - 2015-08-21 01:36 - 01005598 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-27 22:09 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-27 22:08 - 2015-08-21 01:44 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-11-27 22:08 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\SchCache
2015-11-27 22:08 - 2015-07-10 04:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-25 06:40 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-25 06:36 - 2015-08-21 04:30 - 00000000 ____D C:\Users\Family\AppData\Local\Packages
2015-11-25 06:36 - 2015-07-30 22:50 - 00000000 ____D C:\ProgramData\Apple
2015-11-22 21:51 - 2015-08-21 01:37 - 00000000 ____D C:\Users\Family
2015-11-22 10:26 - 2015-06-04 20:08 - 00003840 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-125191153-927833046-2172898461-1000
2015-11-22 10:26 - 2015-05-26 12:55 - 00003744 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-125191153-927833046-2172898461-1000
2015-11-19 20:23 - 2015-07-10 04:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-13 01:09 - 2015-07-10 07:20 - 00341448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-12 22:41 - 2015-06-18 14:09 - 00000000 ____D C:\Users\Family\AppData\Roaming\BitTorrent
2015-11-12 22:30 - 2015-07-10 04:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-12 22:30 - 2015-06-22 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLDATA
2015-11-11 10:28 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-11-11 03:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-11 01:59 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-11 01:57 - 2014-05-15 21:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 01:54 - 2014-05-15 21:42 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-10 22:38 - 2014-05-21 18:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-06 11:35 - 2014-12-24 17:38 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-06 11:35 - 2014-08-23 00:00 - 00000000 ____D C:\Users\Family\AppData\Local\Adobe
2015-11-06 11:34 - 2014-05-17 20:40 - 00000000 ____D C:\ProgramData\Adobe
2015-11-06 11:34 - 2014-05-17 20:40 - 00000000 ____D C:\Program Files (x86)\Adobe

==================== Files in the root of some directories =======

2015-08-11 15:14 - 2015-08-11 15:14 - 0010155 _____ () C:\ProgramData\regid.1997-10.com.aciwebs,PCDrafter_4DBD42E3-43A9-4B53-B296-C295D1B07435.swidtag

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-12-02 14:27

==================== End of FRST.txt ============================

[Computer shuts down randomly.]

Thanks Pete and Chuck, I am going out of town for work today but I will be back on Friday and will start the malware clean up process.  

 

I use Firefox and Chrome and have noticed the past couple of days it seems to be when I'm using Firefox that this happens.

[Computer shuts down randomly.]

Hey Chuck here is the malwarebytes report. I removed all the threats it suggested.

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/27/2015

Scan Time: 9:52 PM

Logfile: malware.txt

Administrator: Yes

 

Version: 2.2.0.1024

Malware Database: v2015.11.27.04

Rootkit Database: v2015.11.26.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

 

OS: Windows 10

CPU: x64

File System: NTFS

User: Family

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 377371

Time Elapsed: 9 min, 56 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 1

PUP.Optional.Spigot, HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B790F5A6-BB0B-41B4-ACCF-2289C8A676F4}, , [8779275c3d4e132364a3851fad56768a], 

 

Registry Values: 1

PUP.Optional.Spigot, HKU\S-1-5-21-125191153-927833046-2172898461-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{B790F5A6-BB0B-41B4-ACCF-2289C8A676F4}|URL, https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=926458&p={searchTerms},, [8779275c3d4e132364a3851fad56768a]

 

Registry Data: 0

(No malicious items detected)

 

Folders: 21

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\rep, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\rep, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.BlockAndSurf, C:\Program Files (x86)\BlockAndSurf-soft, , [cf314043e1aa69cd17ad185129d9df21], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect, , [f709b6cd76153df958c08312798906fa], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\SearchProtect, , [f709b6cd76153df958c08312798906fa], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\SearchProtect\rep, , [f709b6cd76153df958c08312798906fa], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\SearchProtect\STG, , [f709b6cd76153df958c08312798906fa], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\UI, , [f709b6cd76153df958c08312798906fa], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\UI\rep, , [f709b6cd76153df958c08312798906fa], 

 

Files: 61

PUP.Optional.Proinstall, C:\Users\Family\Downloads\gizmo-279-setup-44272913.exe, , [54ac2b58593266d054cc1ed61ee25ba5], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\EULA.txt, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.SearchProtect.AppFlsh, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, , [d52b651efb90c571bfe844a8f60db64a], 

PUP.Optional.BlockAndSurf, C:\Program Files (x86)\BlockAndSurf-soft\173.crx, , [cf314043e1aa69cd17ad185129d9df21], 

PUP.Optional.BlockAndSurf, C:\Program Files (x86)\BlockAndSurf-soft\173.dat, , [cf314043e1aa69cd17ad185129d9df21], 

PUP.Optional.BlockAndSurf, C:\Program Files (x86)\BlockAndSurf-soft\173.xpi, , [cf314043e1aa69cd17ad185129d9df21], 

PUP.Optional.BlockAndSurf, C:\Program Files (x86)\BlockAndSurf-soft\a.db, , [cf314043e1aa69cd17ad185129d9df21], 

PUP.Optional.BlockAndSurf, C:\Program Files (x86)\BlockAndSurf-soft\b.db, , [cf314043e1aa69cd17ad185129d9df21], 

PUP.Optional.BlockAndSurf, C:\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfiP173.bin, , [cf314043e1aa69cd17ad185129d9df21], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\SearchProtect\CRASH_DUMP_P8456_T8464_D2014_06_15_T21_30_28.dmp, , [f709b6cd76153df958c08312798906fa], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\SearchProtect\CRASH_REPORT_P8456_T8464_D2014_06_15_T21_30_28.txt, , [f709b6cd76153df958c08312798906fa], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, , [f709b6cd76153df958c08312798906fa], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, , [f709b6cd76153df958c08312798906fa], 

PUP.Optional.SearchProtect.AppFlsh, C:\Users\Family\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, , [f709b6cd76153df958c08312798906fa], 

[Computer shuts down randomly.]

Log Name:      Microsoft-Windows-AppModel-Runtime/Admin

Source:        Microsoft-Windows-AppModel-Runtime

Date:          11/26/2015 4:20:57 AM

Event ID:      69

Task Category: None

Level:         Error

Keywords:      (70368744177664),Process

User:          SYSTEM

Computer:      Family-PC

Description:

Failed with 0x490 modifying AppModel Runtime status for package Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe for user Family-PC\Family (current status = 0x0, desired status = 0x20).

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />

    <EventID>69</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x2000400000000001</Keywords>

    <TimeCreated SystemTime="2015-11-26T09:20:57.555960000Z" />

    <EventRecordID>669</EventRecordID>

    <Correlation ActivityID="{6ECAAE32-2776-0002-58C6-CA6E7627D101}" />

    <Execution ProcessID="1968" ThreadID="4476" />

    <Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>

    <Computer>Family-PC</Computer>

    <Security UserID="S-1-5-18" />

  </System>

  <EventData>

    <Data Name="ErrorCode">1168</Data>

    <Data Name="PackageFullName">Microsoft.WindowsCalculator_10.1511.24020.0_x64__8wekyb3d8bbwe</Data>

    <Data Name="User">S-1-5-21-125191153-927833046-2172898461-1000</Data>

    <Data Name="DesiredStatus">32</Data>

    <Data Name="CurrentStatus">0</Data>

  </EventData>

</Event>

[Computer shuts down randomly.]

Log Name:      System

Source:        Service Control Manager

Date:          11/25/2015 6:43:38 AM

Event ID:      7001

Task Category: None

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      Family-PC

Description:

The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: 

The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />

    <EventID Qualifiers="49152">7001</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8080000000000000</Keywords>

    <TimeCreated SystemTime="2015-11-25T11:43:38.304920900Z" />

    <EventRecordID>7613</EventRecordID>

    <Correlation />

    <Execution ProcessID="908" ThreadID="1124" />

    <Channel>System</Channel>

    <Computer>Family-PC</Computer>

    <Security />

  </System>

  <EventData>

    <Data Name="param1">Net.Tcp Listener Adapter</Data>

    <Data Name="param2">Net.Tcp Port Sharing Service</Data>

    <Data Name="param3">%%1058</Data>

    <Binary>4E006500740054006300700041006300740069007600610074006F0072000000</Binary>

  </EventData>

</Event>

[Computer shuts down randomly.]

Log Name:      Application

Source:        .NET Runtime

Date:          11/25/2015 7:02:40 AM

Event ID:      1026

Task Category: None

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      Family-PC

Description:

Application: AutoKMS.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ApplicationException

Stack:

   at ..()

   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)

   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)

   at ..(.)

   at ..()

 

Event Xml:

<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><ProviderName='.NET Runtime'/><EventID Qualifiers='0'>1026</EventID><Level>2</Level><Task>0</Task><Keywords>0x80000000000000</Keywords><TimeCreated SystemTime='2015-11-25T12:02:40.000000000Z'/><EventRecordID>8736</EventRecordID><Channel>Application</Channel><Computer>Family-PC</Computer><Security/></System><EventData><Data>Application: AutoKMS.exe

Framework Version: v4.0.30319

Description: The process was terminated due to an unhandled exception.

Exception Info: System.ApplicationException

Stack:

   at ..()

   at ..(., System.String, Boolean, System.String, Int32, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)

   at ..(System.String, Boolean, Boolean, System.String, Boolean, Boolean, System.String, ., Boolean, Int32, System.String, Boolean, Boolean)

   at ..(.)

   at ..()

</Data></EventData></Event>

[Computer shuts down randomly.]

Log Name:      System

Source:        Microsoft-Windows-DistributedCOM

Date:          11/25/2015 7:10:20 AM

Event ID:      10016

Task Category: None

Level:         Error

Keywords:      Classic

User:          LOCAL SERVICE

Computer:      Family-PC

Description:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID 

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />

    <EventID Qualifiers="0">10016</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8080000000000000</Keywords>

    <TimeCreated SystemTime="2015-11-25T12:10:20.884925200Z" />

    <EventRecordID>7670</EventRecordID>

    <Correlation />

    <Execution ProcessID="468" ThreadID="700" />

    <Channel>System</Channel>

    <Computer>Family-PC</Computer>

    <Security UserID="S-1-5-19" />

  </System>

  <EventData>

    <Data Name="param1">application-specific</Data>

    <Data Name="param2">Local</Data>

    <Data Name="param3">Activation</Data>

    <Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data>

    <Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data>

    <Data Name="param6">NT AUTHORITY</Data>

    <Data Name="param7">LOCAL SERVICE</Data>

    <Data Name="param8">S-1-5-19</Data>

    <Data Name="param9">LocalHost (Using LRPC)</Data>

    <Data Name="param10">Unavailable</Data>

    <Data Name="param11">Unavailable</Data>

  </EventData>

</Event>

[Computer shuts down randomly.]

Log Name:      Application

Source:        MsiInstaller

Date:          11/26/2015 7:44:24 AM

Event ID:      1024

Task Category: None

Level:         Error

Keywords:      Classic

User:          Family-PC\Family

Computer:      Family-PC

Description:

Product: Adobe Acrobat Reader DC - Update '{AC76BA86-7AD7-0000-2550-AC0F094E6F00}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="MsiInstaller" />

    <EventID Qualifiers="0">1024</EventID>

    <Level>2</Level>

    <Task>0</Task>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2015-11-26T12:44:24.000000000Z" />

    <EventRecordID>8787</EventRecordID>

    <Channel>Application</Channel>

    <Computer>Family-PC</Computer>

    <Security UserID="S-1-5-21-125191153-927833046-2172898461-1000" />

  </System>

  <EventData>

    <Data>Adobe Acrobat Reader DC</Data>

    <Data>{AC76BA86-7AD7-0000-2550-AC0F094E6F00}</Data>

    <Data>1625</Data>

    <Data>(NULL)</Data>

    <Data>(NULL)</Data>

    <Data>(NULL)</Data>

    <Data>

    </Data>

    <Binary>7B41433736424138362D374144372D313033332D374234342D4143304630373445343130307D207B41433736424138362D374144372D303030302D323535302D4143304630393445364630307D2031363235</Binary>

  </EventData>

</Event>

[Computer shuts down randomly.]

Faulting application name: firefox.exe, version: 42.0.0.5780, time stamp: 0x5632ba5c

Faulting module name: WS2_32.dll, version: 10.0.10240.16384, time stamp: 0x559f3b08

Exception code: 0xc0000409

Fault offset: 0x0000fcec

Faulting process id: 0x1988

Faulting application start time: 0x01d128a2c2f831af

Faulting application path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Faulting module path: C:\WINDOWS\SYSTEM32\WS2_32.dll

Report Id: bb9eedc1-9ac8-4ba0-9a93-01dcaeecc80c

Faulting package full name: 

Faulting package-relative application ID: 

[Computer shuts down randomly.]

Log Name:      System

Source:        Microsoft-Windows-NDIS

Date:          11/27/2015 6:51:47 AM

Event ID:      10317

Task Category: PnP

Level:         Error

Keywords:      (16384),(16),(4),(2)

User:          SYSTEM

Computer:      Family-PC

Description:

Miniport TAP-Win32 Adapter OAS #25, {8e9e7468-ae38-433b-a07c-3bfe58ae52f4}, had event 76

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-NDIS" Guid="{CDEAD503-17F5-4A3E-B7AE-DF8CC2902EB9}" />

    <EventID>10317</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>2</Task>

    <Opcode>0</Opcode>

    <Keywords>0x2000000000004016</Keywords>

    <TimeCreated SystemTime="2015-11-27T11:51:47.518437600Z" />

    <EventRecordID>7766</EventRecordID>

    <Correlation ActivityID="{8E9E7468-AE38-433B-A07C-3BFE58AE52F4}" />

    <Execution ProcessID="972" ThreadID="3572" />

    <Channel>System</Channel>

    <Computer>Family-PC</Computer>

    <Security UserID="S-1-5-18" />

  </System>

  <EventData>

    <Data Name="IfGuid">{8E9E7468-AE38-433B-A07C-3BFE58AE52F4}</Data>

    <Data Name="IfIndex">128</Data>

    <Data Name="IfLuid">282024732524544</Data>

    <Data Name="AdapterName">TAP-Win32 Adapter OAS #25</Data>

    <Data Name="MiniportEventEnum">76</Data>

  </EventData>

</Event>

[Computer shuts down randomly.]

Log Name:      Application

Source:        Application Error

Date:          11/26/2015 7:23:11 PM

Event ID:      1000

Task Category: (100)

Level:         Error

Keywords:      Classic

User:          N/A

Computer:      Family-PC

Description:

Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4

Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58

Exception code: 0x80000003

Fault offset: 0x0000ed50

Faulting process id: 0x6a4

Faulting application start time: 0x01d128a2cc833196

Faulting application path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

Faulting module path: C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

Report Id: bcb0b005-8538-462b-8399-ca8199e37c52

Faulting package full name: 

Faulting package-relative application ID: 

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Application Error" />

    <EventID Qualifiers="0">1000</EventID>

    <Level>2</Level>

    <Task>100</Task>

    <Keywords>0x80000000000000</Keywords>

    <TimeCreated SystemTime="2015-11-27T00:23:11.000000000Z" />

    <EventRecordID>8826</EventRecordID>

    <Channel>Application</Channel>

    <Computer>Family-PC</Computer>

    <Security />

  </System>

  <EventData>

    <Data>plugin-container.exe</Data>

    <Data>42.0.0.5780</Data>

    <Data>5632d0a4</Data>

    <Data>mozglue.dll</Data>

    <Data>42.0.0.5780</Data>

    <Data>5632ba58</Data>

    <Data>80000003</Data>

    <Data>0000ed50</Data>

    <Data>6a4</Data>

    <Data>01d128a2cc833196</Data>

    <Data>C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe</Data>

    <Data>C:\Program Files (x86)\Mozilla Firefox\mozglue.dll</Data>

    <Data>bcb0b005-8538-462b-8399-ca8199e37c52</Data>

    <Data>

    </Data>

    <Data>

    </Data>

  </EventData>

</Event>

[Computer shuts down randomly.]

In administrative events there are 2550 events since 8/21/15 mostly warning's. I would guess probably the percentage at about 60/40 Warning's to Error's.

 

27 Error's since yesterday morning.

[Computer shuts down randomly.]

Pete and Chuck, are you saying that my computer shutting down randomly and the trouble with my mouse being jumpy and slow/unresponsive is related to the task bar? 

 

Also, Chuck I did as you advised running explorer.exe

[Computer shuts down randomly.]

Thanks Pete, I have found the event viewer but I don't know how to tell when and if an update happened.

[Computer shuts down randomly.]

This is a basic home built computer about a year ago, nothing special just for the internet. Started running windows 7 and then the upgrade to Windows 10 a couple of months ago. For the past couple of weeks the PC has been shutting down randomly. No rhyme nor reason to the issue. Someone told me years ago the worst thing you can do is turn it off because of the sudden burst of electricity so it runs 24/7 plus I'm so impatient it drives me crazy to wait for it to power up even though it only takes about a minute to power up and get the browser back up. That said even with the computer running and not being used it will crash and this happens a couple of times per day. I have used AVG and cleaned the computer, run scans and it finds nothing so I am beginning to believe it might be a hardware issue.

 

Also another weird thing is the mouse becomes unresponsive from time to time and is jumpy and I have to click several times to get it o work, and sometimes when I click its like it thinks I still have my finger on the mouse button to highlight a sentence or relocate something. I have changed the batteries etc and still have the problem. This issue seems to happen a couple of times per hour, then it will operate normally for a while.

 

The computer has been cleaned out because my first thought was it was overheating so I removed the CPU and blew out all the dust and still no help.

 

CPU   AMD A10-6800

RAM  8gb

64 bit

Using on board graphics 

Motherboard  Gigabyte Technology Co., Ltd., F2A55M-HD2