[SOLVED] Windows update problems

[BrianDrab]

Can you double-click on QueryInfo2.bat again and post the results of that? The file should still be on your desktop or you can re-download from the previous post. Thanks.

 

[wavly]

Still on my desktop.



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
SusClientId REG_SZ e0a6eefb-d0d4-4ac1-ab4a-82f7f0584e3a
SusClientIdValidation REG_BINARY 060228011C1C53003200520051004A0039004600430041003000330035003800360020002000200020002000200006B888E3FC0FED31003200330034003900300045004E0034003000300030003100350031003200330034003900300045004E00340030003000300031003500
LastTaskOperationHandle REG_DWORD 0x74
AUOptions REG_DWORD 0x4
CachedAUOptions REG_DWORD 0x4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
IsOOBEInProgress REG_DWORD 0x0
AUOptions REG_DWORD 0x2
ElevateNonAdmins REG_DWORD 0x1
ForcedReboot REG_DWORD 0x2
IncludeRecommendedUpdates REG_DWORD 0x1
NonFirmwareUpdatesAvailableForInstall REG_DWORD 0x0
NextDetectionTime REG_SZ 2015-06-15 23:01:43
CachedAUOptions REG_DWORD 0x2
InstallInProgress REG_DWORD 0x0
UpdatesAvailableForDownloadLogon REG_DWORD 0x0
UpdatesAvailableForInstallLogon REG_DWORD 0x0
UpdatesAvailableWithUiOrEulaLogon REG_DWORD 0x0
UpdatesAvailableWithUiLogon REG_DWORD 0x0
FirmwareUpdatesNotDownloaded REG_DWORD 0x0
FirmwareUpdatesNotInstalled REG_DWORD 0x0
OldestSpecialImportanceUpdateNotInstalledTimestampShutdown REG_SZ 2015-06-13 02:22:40


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Power
ContinueInstallAtShutdown-Final REG_DWORD 0xa
Firmware-Final REG_DWORD 0x1e
FirmwareForcedInstall-Final REG_DWORD 0x23
OfferInstallAtShutdown-Final REG_DWORD 0x28


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories

wavly

 

[BrianDrab]

At this point I suspect Antivirus or something similar like security software causing this issue. Please do the following.

FRST Scan

1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 

[wavly]

Hi, hope there's something in these logs you can identify as the problem.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by John (administrator) on DADS on 16-06-2015 01:41:27
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum


==================== Processes (Whitelisted) =================


(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)


(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\SAMSUNG\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe




==================== Registry (Whitelisted) ==================


(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)


HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13877464 2015-06-01] (Realtek Semiconductor)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [168152 2015-06-01] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-04-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-06-17] (Qualcomm®Atheros®)
HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1


==================== Internet (Whitelisted) ====================


(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2504187048-450917338-1780602940-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2504187048-450917338-1780602940-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
SearchScopes: HKU\S-1-5-21-2504187048-450917338-1780602940-1001 -> DefaultScope {FC92DBFF-364D-475D-81D8-BCA44E28C6EE} URL =
SearchScopes: HKU\S-1-5-21-2504187048-450917338-1780602940-1001 -> {FC92DBFF-364D-475D-81D8-BCA44E28C6EE} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-06-07] (IObit)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll [2014-10-17] (IObit)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100


FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-04-29] (Adobe Systems Inc.)


Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-10]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-10]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-10]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-10]
CHR Extension: (Adblock Plus) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-10]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-10]
CHR Extension: (Google Finance) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgckldmmjdbpdejkclmfnnnehhocbfp [2015-05-10]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-10]
CHR Extension: (AdBlock) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-05-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-10]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-10]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-10]


==================== Services (Whitelisted) =================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-06-17] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-22] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-06-07] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-06-07] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2015-06-07] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-05-11] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-05-11] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-06-17] (Atheros) [File not signed]


==================== Drivers (Whitelisted) ====================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4282904 2015-05-11] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-06-17] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-06-17] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-22] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 HWiNFO32; C:\windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-11] (REALiX(tm))
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-05-18] (Intel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [2599128 2015-06-01] (Realtek Semiconductor Corp.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-05-11] (Microsoft Corporation)


==================== NetSvcs (Whitelisted) ===================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)




==================== One Month Created files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-06-16 01:41 - 2015-06-16 01:42 - 00014585 _____ C:\Users\John\Downloads\FRST.txt
2015-06-16 01:40 - 2015-06-16 01:41 - 00000000 ____D C:\FRST
2015-06-16 01:39 - 2015-06-16 01:39 - 02109952 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2015-06-15 03:21 - 2015-06-15 03:21 - 00001866 _____ C:\Users\John\Desktop\SFCFix.txt
2015-06-15 03:21 - 2015-06-15 03:21 - 00000000 ____D C:\Users\John\AppData\Local\niemiro
2015-06-15 03:21 - 2015-06-15 03:21 - 00000000 ____D C:\SFCFix
2015-06-15 03:18 - 2015-06-15 03:18 - 00000249 _____ C:\Users\John\Downloads\SFCScript.txt
2015-06-15 03:17 - 2015-06-15 03:17 - 01319424 _____ (niemiro) C:\Users\John\Downloads\SFCFix.exe
2015-06-14 23:41 - 2015-06-15 21:48 - 00005547 _____ C:\Users\John\Downloads\1
2015-06-14 23:41 - 2015-06-14 23:41 - 00000108 _____ C:\Users\John\Downloads\QueryInfo2.bat
2015-06-13 03:13 - 2015-06-13 03:13 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-06-13 02:44 - 2015-06-13 02:44 - 00000594 _____ C:\WINDOWS\PFRO.log
2015-06-13 02:02 - 2015-06-13 02:02 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DADS-Windows-8.1-(64-bit).dat
2015-06-13 02:02 - 2015-06-13 02:02 - 00000000 ____D C:\RegBackup
2015-06-13 01:58 - 2015-06-13 01:58 - 00000000 ____D C:\Users\John\Downloads\tweaking.com_windows_repair_aio
2015-06-13 01:53 - 2015-06-13 01:53 - 10704943 _____ C:\Users\John\Downloads\tweaking.com_windows_repair_aio.zip
2015-06-10 18:48 - 2015-06-10 18:48 - 00020499 _____ C:\WINDOWS\iis.log
2015-06-10 18:45 - 2015-06-10 18:45 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-06-10 18:45 - 2015-06-10 18:45 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-06-10 18:45 - 2015-06-10 18:45 - 00000000 ____D C:\inetpub
2015-06-10 03:47 - 2015-06-10 04:00 - 00000000 ____D C:\Users\John\Documents\SystemSoftware
2015-06-10 03:31 - 2015-06-10 03:31 - 00002004 _____ C:\Users\Public\Desktop\Help Desk.lnk
2015-06-09 21:14 - 2015-06-09 21:14 - 00001910 _____ C:\Users\Public\Desktop\SW Update.lnk
2015-06-08 02:13 - 2015-06-08 02:13 - 00009795 _____ C:\Users\John\Downloads\CBS.log
2015-06-07 23:08 - 2015-06-13 02:44 - 00000154 _____ C:\WINDOWS\setupact.log
2015-06-07 23:08 - 2015-06-07 23:08 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-06-07 20:35 - 2015-06-07 20:35 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-06-07 20:35 - 2015-06-07 20:35 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-06-07 20:35 - 2015-06-07 20:35 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-06-07 20:35 - 2015-06-07 20:35 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-06-07 20:35 - 2015-06-07 20:35 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-06-07 20:35 - 2015-06-07 20:35 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-06-07 20:35 - 2015-06-07 20:35 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-06-07 20:35 - 2015-06-07 20:35 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-06-07 20:35 - 2015-06-07 20:35 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-06-07 20:35 - 2015-06-07 20:35 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-06-07 20:35 - 2015-06-07 20:35 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-06-07 20:35 - 2015-06-07 20:35 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-06-07 19:51 - 2015-06-07 20:03 - 00000000 ____D C:\WINDOWS\pss
2015-06-07 18:41 - 2015-06-07 18:41 - 00142388 _____ C:\Users\John\Desktop\sfcdetails 6th june.txt
2015-06-07 18:35 - 2015-06-07 19:14 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak2
2015-06-07 17:13 - 2015-06-07 17:13 - 00057241 _____ C:\Users\John\Documents\Legionnaires' risk assessment Maltings.odt
2015-06-07 16:53 - 2015-06-07 16:53 - 00057039 _____ C:\Users\John\Documents\Legionnaires' risk assessment Hutchison.odt
2015-06-07 16:22 - 2015-06-07 16:22 - 00057061 _____ C:\Users\John\Documents\Legionnaires' risk assessment Easter Bankton.odt
2015-06-07 15:41 - 2015-06-07 17:01 - 00057193 _____ C:\Users\John\Documents\Legionnaires'risk assessment Whitson.odt
2015-06-07 00:56 - 2015-06-07 01:12 - 00000000 ____D C:\Users\John\AppData\Roaming\Wise Registry Cleaner
2015-06-07 00:55 - 2015-06-07 00:55 - 02497184 _____ (WiseCleaner.com ) C:\Users\John\Downloads\WRCFree.exe
2015-06-07 00:55 - 2015-06-07 00:55 - 00001261 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2015-06-07 00:55 - 2015-06-07 00:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-06-07 00:55 - 2015-06-07 00:55 - 00000000 ____D C:\Program Files (x86)\Wise
2015-06-07 00:31 - 2015-06-07 00:31 - 00002384 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_John
2015-06-07 00:31 - 2015-06-07 00:31 - 00001286 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-06-07 00:31 - 2015-06-07 00:31 - 00001262 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-06-07 00:31 - 2015-06-07 00:31 - 00000286 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_John.job
2015-06-07 00:29 - 2015-06-07 00:30 - 15889184 _____ (IObit) C:\Users\John\Downloads\iobituninstaller.exe
2015-06-05 05:09 - 2015-06-05 05:10 - 00809344 _____ (Error.info) C:\Users\John\Downloads\ErrorAnalyzer.exe
2015-06-05 02:30 - 2015-06-05 05:38 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak1
2015-06-05 01:54 - 2015-06-05 01:54 - 00000000 ____D C:\SFCFix 5th june
2015-06-05 00:34 - 2015-06-05 00:49 - 00000000 ____D C:\Users\John\AppData\Roaming\Solvusoft
2015-06-05 00:34 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\WINDOWS\system32\roboot64.exe
2015-06-05 00:29 - 2015-06-05 00:29 - 03894696 _____ (solvusoft Corporation ) C:\Users\John\Downloads\Setup_WinThruster_2015.exe
2015-06-02 21:41 - 2015-06-02 21:41 - 00000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2015-06-02 20:39 - 2015-06-03 20:15 - 00000000 ____D C:\WINDOWS\softwaredistribution.bak
2015-06-01 23:33 - 2015-06-01 23:33 - 00000000 ____D C:\Users\John\AppData\Local\GWX
2015-06-01 00:36 - 2015-06-01 00:36 - 00333528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsUVStor.sys
2015-06-01 00:35 - 2015-06-01 00:35 - 02628312 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe
2015-06-01 00:35 - 2015-06-01 00:35 - 02599128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys
2015-06-01 00:35 - 2015-06-01 00:35 - 01971928 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsDecode.dll
2015-06-01 00:35 - 2015-06-01 00:35 - 00507096 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamX64.dll
2015-06-01 00:35 - 2015-06-01 00:35 - 00448728 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll
2015-06-01 00:35 - 2015-06-01 00:35 - 00168152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtsCM64.exe
2015-06-01 00:34 - 2015-06-01 00:34 - 04464344 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-06-01 00:34 - 2015-06-01 00:34 - 02918104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-06-01 00:34 - 2015-06-01 00:34 - 02847448 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-06-01 00:34 - 2015-06-01 00:34 - 02532568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2015-06-01 00:34 - 2015-06-01 00:34 - 02048372 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-06-01 00:34 - 2015-06-01 00:34 - 01739992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-06-01 00:34 - 2015-06-01 00:34 - 01316056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-05-31 01:41 - 2015-06-07 15:50 - 00027136 ___SH C:\Users\John\Downloads\Thumbs.db
2015-05-31 01:07 - 2015-06-16 00:19 - 01618497 _____ C:\WINDOWS\WindowsUpdate.log
2015-05-20 19:16 - 2015-05-20 19:16 - 00003434 _____ C:\WINDOWS\System32\Tasks\Settings
2015-05-20 19:16 - 2015-05-20 19:16 - 00001214 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2015-05-20 19:15 - 2015-05-20 19:15 - 00002044 _____ C:\Users\Public\Desktop\Settings.lnk
2015-05-20 19:15 - 2015-05-20 19:15 - 00000000 ____D C:\Users\John\AppData\Roaming\Atheros
2015-05-20 19:15 - 2015-05-20 19:15 - 00000000 ____D C:\ProgramData\Atheros
2015-05-20 18:45 - 2015-05-20 18:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2015-05-20 18:44 - 2015-05-20 18:47 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2015-05-20 18:44 - 2015-05-20 18:44 - 00000000 ____D C:\ProgramData\{311B5C7D-9853-428B-932D-68E04EBDAE47}
2015-05-20 18:41 - 2015-05-20 18:41 - 00003126 _____ C:\WINDOWS\System32\Tasks\advRecovery
2015-05-20 18:39 - 2015-05-20 18:39 - 00002062 _____ C:\Users\Public\Desktop\Support Center.lnk
2015-05-20 02:52 - 2015-05-05 18:59 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-05-20 02:52 - 2015-05-05 18:59 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-20 02:08 - 2015-03-03 06:50 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-05-20 02:05 - 2015-04-08 23:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-05-20 02:05 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-05-20 02:05 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-05-20 02:05 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-05-20 02:05 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-05-20 02:05 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-05-20 02:05 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-05-20 02:04 - 2015-04-16 07:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-05-20 02:04 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-05-20 02:04 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-05-20 02:04 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-05-20 02:04 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-05-20 02:04 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-05-20 02:04 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-05-20 02:04 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-05-20 02:04 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-05-20 02:04 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-05-20 02:04 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-05-20 02:04 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-05-20 02:04 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-05-20 02:04 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-05-20 02:04 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-05-20 02:04 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-05-20 02:04 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-05-20 02:04 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-05-20 02:04 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-05-20 02:04 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-05-20 02:04 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-05-19 23:16 - 2015-05-19 23:16 - 00000157 _____ C:\WINDOWS\SysWOW64\SystemPreferences.xml
2015-05-18 15:44 - 2015-05-18 15:44 - 00129312 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\TeeDriverx64.sys
2015-05-18 01:50 - 2015-05-18 01:50 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-05-18 01:50 - 2015-05-18 01:50 - 00002039 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk


==================== One Month Modified files and folders ========


(If an entry is included in the fixlist, the file/folder will be moved.)


2015-06-16 01:32 - 2015-05-15 08:27 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-16 01:16 - 2012-09-16 23:31 - 00000360 _____ C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2015-06-16 01:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-06-15 22:56 - 2015-05-13 21:34 - 00003906 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{83F6DE49-F294-4A41-AC30-059DA7360933}
2015-06-15 22:02 - 2015-05-11 14:36 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-15 21:47 - 2015-05-15 08:27 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-15 21:47 - 2015-05-11 00:59 - 00002864 _____ C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (John)
2015-06-15 21:46 - 2015-05-11 17:25 - 00000000 ___RD C:\Users\John\OneDrive
2015-06-15 21:46 - 2012-09-16 23:14 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-06-15 17:34 - 2015-05-11 00:59 - 00002166 _____ C:\Users\Public\Desktop\Driver Booster 2.lnk
2015-06-13 03:25 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-06-13 02:59 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-13 02:49 - 2014-11-22 02:01 - 00994404 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-06-13 02:44 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-13 02:44 - 2013-08-22 15:44 - 00362544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-13 02:31 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-13 02:25 - 2013-08-22 14:25 - 00000128 _____ C:\WINDOWS\win.ini
2015-06-10 20:23 - 2015-05-10 11:39 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2504187048-450917338-1780602940-1001
2015-06-10 19:37 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-06-10 18:48 - 2012-09-16 23:37 - 00960492 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-06-10 18:45 - 2013-08-22 16:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-10 18:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-06-10 18:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-06-10 18:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-06-10 18:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-06-10 18:45 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-06-10 03:31 - 2012-09-16 22:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-06-10 01:33 - 2015-05-10 22:01 - 00000000 ____D C:\ProgramData\ProductData
2015-06-09 21:34 - 2015-05-10 21:23 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 14:54 - 2012-09-16 23:14 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-06-06 22:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-06-05 05:55 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-01 00:35 - 2015-05-11 16:23 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-06-01 00:27 - 2015-05-10 23:01 - 00007609 _____ C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-05-30 23:06 - 2015-05-11 11:18 - 00000000 ____D C:\Users\John\AppData\Local\CrashDumps
2015-05-24 21:55 - 2015-05-15 08:56 - 00000000 ____D C:\Program Files\CCleaner
2015-05-23 22:35 - 2012-07-26 09:12 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-05-20 19:13 - 2012-09-16 22:47 - 00000000 ____D C:\Program Files\Samsung
2015-05-20 18:45 - 2012-09-16 23:15 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-05-20 18:40 - 2012-09-16 22:47 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-05-20 18:28 - 2012-09-16 23:18 - 00000000 ____D C:\ProgramData\SAMSUNG
2015-05-20 14:58 - 2012-09-16 23:22 - 00000000 ____D C:\ProgramData\WinClon
2015-05-20 14:39 - 2015-05-11 00:59 - 00003168 _____ C:\WINDOWS\System32\Tasks\Driver Booster Update
2015-05-20 11:32 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\Registration
2015-05-20 02:52 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-05-20 02:48 - 2015-05-11 16:58 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-05-20 02:48 - 2015-05-11 16:58 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-05-20 02:48 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-05-20 02:12 - 2015-05-10 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-20 02:10 - 2015-05-10 14:52 - 140425016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-05-20 02:05 - 2014-11-22 01:45 - 00000000 ____D C:\Program Files\Windows Journal


==================== Files in the root of some directories =======


2015-05-10 23:01 - 2015-06-01 00:27 - 0007609 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2015-05-11 16:23 - 2015-05-11 16:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-09-16 23:31 - 2012-08-08 05:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-09-16 23:31 - 2012-08-07 11:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml


Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe




==================== Bamital & volsnap Check =================


(There is no automatic fix for files that do not pass verification.)


C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed




LastRegBack: 2015-06-09 16:37


==================== End of log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015
Ran by John at 2015-06-16 01:42:27
Running from C:\Users\John\Downloads
Boot Mode: Normal
==========================================================




==================== Accounts: =============================


Administrator (S-1-5-21-2504187048-450917338-1780602940-500 - Administrator - Disabled)
Guest (S-1-5-21-2504187048-450917338-1780602940-501 - Limited - Disabled)
John (S-1-5-21-2504187048-450917338-1780602940-1001 - Administrator - Enabled) => C:\Users\John


==================== Security Center ========================


(If an entry is included in the fixlist, it will be removed.)


AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


==================== Installed Programs ======================


(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)


Adobe Reader X (10.1.14) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.14 - Adobe Systems Incorporated)
Allshare Play Link (HKLM-x32\...\{91786428-D4AA-476D-8AF9-A63FFAC2901F}) (Version: 1.0.0 - Samsung)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 2.3 (HKLM-x32\...\Driver Booster_is1) (Version: 2.3 - IObit)
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.4 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.122 - IObit)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games)
PriceMinus (HKLM-x32\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version: - ) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.326 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10291 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
SW Update (HKLM-x32\...\{AAFEFB05-CF98-48FC-985E-F04CD8AD620D}) (Version: 2.2.9 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.11.3 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{66172F70-0BDE-4BAB-A973-E2E4EF501F6D}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Wise Registry Cleaner 8.61 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 8.61 - WiseCleaner.com, Inc.)
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)


==================== Custom CLSID (Whitelisted): ==========================


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


CustomCLSID: HKU\S-1-5-21-2504187048-450917338-1780602940-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)


==================== Restore Points =========================


29-05-2015 03:53:46 Scheduled Checkpoint
01-06-2015 00:33:54 Driver Booster : Realtek High Definition Audio
07-06-2015 20:18:50 Windows Modules Installer
09-06-2015 21:13:30 Installed SW Update
15-06-2015 17:32:59 Driver Booster : Microsoft USB Wheel Mouse Optical


==================== Hosts content: ===============================


(If needed Hosts: directive could be included in the fixlist to reset Hosts.)


2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Task: {0083C5A1-C83C-44B6-A75B-BAD711B95773} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-04-07] (IObit)
Task: {0C0726E1-1264-4339-B1C4-5DC6DF9A71C6} - \ReimageUpdater No Task File <==== ATTENTION
Task: {282F6FCB-C760-446B-94D5-6E8205E9F093} - System32\Tasks\Uninstaller_SkipUac_John => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-06-07] (IObit)
Task: {304946E4-75FD-4D77-9FE0-800DC1933C33} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {4477ED57-AF65-4CF3-9BCD-EA728B03BC59} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-05-20] (Microsoft Corporation)
Task: {4AD60684-6399-4AE6-9E8F-EA82C40864D2} - System32\Tasks\Driver Booster SkipUAC (John) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-04-28] (IObit)
Task: {5735FCAC-6AB0-4CCC-A8F0-BB8876BDAB1D} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {657C46E8-E1D0-4B11-9849-617794F50335} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.)
Task: {67BD81B4-8B74-4E7F-8E17-49EBBA1DF51D} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-01] (Realtek Semiconductor)
Task: {779449F7-C3AE-44EC-9E13-BC62D65DDE3D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {7BE03AA7-A51E-42C9-A942-CE0742EFE516} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {7F518962-858E-4093-9F11-77704DC752A9} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe
Task: {8D9D4681-3AFC-4E67-B937-83B229A5C7E6} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {8F9F16BB-D9DA-4AEA-B91A-141463B5D939} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {9EA7833E-9B87-4492-B7AB-0A79E2E05960} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {9FC1A080-DB7D-4FFA-991F-55ADBECE55B3} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-05-18] (Realtek Semiconductor)
Task: {C1D137F5-E216-4BE5-8952-EEA542B3947D} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-04-28] (IObit)
Task: {D0F01351-B1F3-4DFD-9906-50383C7187EB} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {D72F700E-4DB1-4A86-91F3-7D4DF8D66927} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {D7BBC993-F685-402C-A281-7C43F52DC107} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {DA886514-C75A-412F-B149-35FCD5C42838} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: {DAE6D603-48D7-47BE-A26A-E40FE3E8B777} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {E5A5F62D-596C-444B-80B6-1ADB3876E6F3} - \Reimage Reminder No Task File <==== ATTENTION
Task: {F417A3A0-0274-4FB3-BF93-92FE4BA5C38F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-10] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_John.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe


==================== Loaded Modules (Whitelisted) ==============


2014-01-29 13:20 - 2014-01-29 13:20 - 00084800 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-06-17 08:32 - 2014-06-17 08:32 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-06-17 08:29 - 2014-06-17 08:29 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2014-06-17 08:35 - 2014-06-17 08:35 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2015-02-04 16:11 - 2015-02-04 16:11 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2015-05-10 22:01 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-05-13 03:41 - 2015-05-13 03:41 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\65ab5ad0d4eb2393fbe01f49897af024\PSIClient.ni.dll
2012-09-16 23:14 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00027968 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 01141056 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00059712 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00102720 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-06-09 21:34 - 2015-06-05 19:22 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libglesv2.dll
2015-06-09 21:34 - 2015-06-05 19:22 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.124\libegl.dll


==================== Alternate Data Streams (Whitelisted) =========


(If an entry is included in the fixlist, only the ADS will be removed.)


AlternateDataStreams: C:\Users\John\OneDrive:ms-properties


==================== Safe Mode (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)




==================== EXE Association (Whitelisted) ===============


(If an entry is included in the fixlist, the registry item will be restored to default or removed.)




==================== Internet Explorer trusted/restricted ===============


(If an entry is included in the fixlist, it will be removed from the registry.)


IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\100sexlinks.com -> 100sexlinks.com


There are 4788 more restricted sites.


==================== Other Areas ============================


(Currently there is no automatic fix for this section.)


HKU\S-1-5-21-2504187048-450917338-1780602940-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100


==================== MSCONFIG/TASK MANAGER disabled items ==


(Currently there is no automatic fix for this section.)


HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run: => "RtHDVCpl"
HKLM\...\StartupApproved\Run: => "RtsCM"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "RtsCM"
HKLM\...\StartupApproved\Run32: => "SynTPEnh"
HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"
HKU\S-1-5-21-2504187048-450917338-1780602940-1001\...\StartupApproved\Run: => "CCleaner Monitoring"


==================== FirewallRules (Whitelisted) ===============


(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C234263E-D14A-4E4E-A6A5-EEB2FB9814C8}] => (Allow) LPort=1900
FirewallRules: [{587D9BFD-DB53-4CA9-995F-91CF9D000565}] => (Allow) LPort=2869
FirewallRules: [{7456D188-9019-4779-A458-A1703B5A9624}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{66E69850-9F6C-496F-AF8A-D6A823886AC5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{90DAF844-86C2-41D3-977D-4E97A8DFECF0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{FFEAF7D2-1A62-4045-BC96-362755191BAE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe


==================== Faulty Device Manager Devices =============




==================== Event log errors: =========================


Application errors:
==================
Error: (06/15/2015 10:17:34 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


Error: (06/14/2015 10:57:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


Error: (06/14/2015 00:20:36 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)


Error: (06/13/2015 11:28:15 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider StorageWMI attempted to register query "select * from MSFT_StorageModificationEvent" whose target class "MSFT_StorageModificationEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider StorageWMI attempted to register query "select * from MSFT_StorageDepartureEvent" whose target class "MSFT_StorageDepartureEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider StorageWMI attempted to register query "select * from MSFT_StorageArrivalEvent" whose target class "MSFT_StorageArrivalEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider StorageWMI attempted to register query "select * from MSFT_StorageAlertEvent" whose target class "MSFT_StorageAlertEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from MSFT_StorageModificationEvent" whose target class "MSFT_StorageModificationEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider attempted to register query "select * from MSFT_StorageDepartureEvent" whose target class "MSFT_StorageDepartureEvent" in //./root/Microsoft/Windows/Storage namespace does not exist. The query will be ignored.




System errors:
=============
Error: (06/14/2015 04:22:13 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Error: (06/14/2015 04:22:13 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Error: (06/14/2015 04:22:13 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Error: (06/14/2015 04:22:13 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Error: (06/13/2015 08:41:05 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Error: (06/13/2015 08:41:05 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Error: (06/13/2015 03:12:13 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Error: (06/13/2015 03:12:13 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Error: (06/13/2015 03:12:13 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Error: (06/13/2015 03:12:13 AM) (Source: DCOM) (EventID: 10010) (User: DADS)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}




Microsoft Office:
=========================
Error: (06/15/2015 10:17:34 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


Error: (06/14/2015 10:57:21 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


Error: (06/14/2015 00:20:36 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d


Error: (06/13/2015 11:28:15 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: StorageWMIselect * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: StorageWMIselect * from MSFT_StorageDepartureEventMSFT_StorageDepartureEvent//./root/Microsoft/Windows/Storage


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: StorageWMIselect * from MSFT_StorageArrivalEventMSFT_StorageArrivalEvent//./root/Microsoft/Windows/Storage


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: StorageWMIselect * from MSFT_StorageAlertEventMSFT_StorageAlertEvent//./root/Microsoft/Windows/Storage


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: select * from MSFT_StorageModificationEventMSFT_StorageModificationEvent//./root/Microsoft/Windows/Storage


Error: (06/13/2015 02:29:02 AM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: select * from MSFT_StorageDepartureEventMSFT_StorageDepartureEvent//./root/Microsoft/Windows/Storage




==================== Memory info ===========================


Processor: Intel(R) Core(TM) i7-3630QM CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8083.65 MB
Available physical RAM: 5969.75 MB
Total Pagefile: 10259.66 MB
Available Pagefile: 6230.29 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB


==================== Drives ================================


Drive c: () (Fixed) (Total:905.89 GB) (Free:862.22 GB) NTFS


==================== MBR & Partition Table ==================


========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 4CE32CDB)


Partition: GPT Partition Type.


==================== End of log ============================

 

[BrianDrab]

Thanks for your information. The first programs that are highly suspect are the ones from IObit. The vendor is untrustworthy and deemed a rogue within the Anti-Malware community as a whole. I've personally seen these programs cause all sorts of issues as well. To continue with your issue please uninstall the following programs. If you really want to use these programs then I ask that you install them after your issue is resolved. Thank you.

Uninstall the Following IOBit Programs
Driver Booster 2.3
IObit Uninstaller
Surfing Protection

In addition, please uninstall the following three programs
CCleaner
Wise Registry Cleaner 8.61
PriceMinus


I see you are using Registry Cleaners It's not a good idea to use registry cleaners/boosters.
The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid and erroneous entries does not affect system performance but it can result in "unpredictable results". Unless you have a particular problem that requires a registry edit to correct it, (and you are expert in the registry), I would suggest you leave the registry alone.

Further Information
miekiemoes' Blog: Registry Cleaners and System Tweaking Tools
Answers to common security questions - Best Practices - Anti-Virus and Anti-Malware Software

 

[wavly]

Hi

I've uninstalled

Driver Booster 2.3
IObit Uninstaller

I can't find anything called Surfing Protection in my computer and its not something I'm aware of installing.

I've uninstalled

CCleaner
Wise Registry Cleaner 8.61

which I installed as part of my attempts to resolve this issue.

PriceMinus - I don't know where this came from or what its for. I did see it a while ago and thought I'd removed it.

In the Program Files X86 folder I still have an IObit file despite uninstalling all IObit programs. I thought clicking and deleting files caused problems and was not to be done but I don't know how else to remove unwanted folders. I've just opened this folder and it has 4 files including Surfing Protection. How do I correctly remove this folder and find and remove PriceMinus?

Thanks, wavly

 

[BrianDrab]

We'll clean up those folders shortly. First, please change your Windows Update settings and see if they now stick. Thanks.

 

[wavly]

Changed the updates setting. It stayed for about 6 re-boots then changed back.

 

[BrianDrab]

Please do the following.

License Information (Windows 8)

1. Right click on the
   
   button
2. Click on Command prompt =>
3. Inside the Command Prompt windows copy and paste the following command
   licensingdiag.exe -report "%userprofile%\Desktop\report.txt" -log "%userprofile%\Desktop\repfiles.cab"
   
4. Once finished please go to your desktop -> You will see two files report.txt and repfiles.cab -> Please select both files and add them into a zip file
5. Upload this zip file to your next reply

 

[wavly]

You're testing me now. I think I've zipped the 2 files you asked for and I think I've managed to attach them to this reply.

 

[BrianDrab]

When the update setting changes back, don't fix it and just let me know when this happens. Thanks.

 

[wavly]

Hi,

I've not been changing the update settings unless you told me. When I received your last message the settings were still at 'let me choose'. I changed them to 'automatic' and re-booted. On re-boot they were back at 'let me choose'. I won't alter this setting or download updates until you say to do.

My update screen is showing 9 important and 18 optional updates available and I require to select the 'install updates' for them to be installed.

Thanks - I do appreciate your help.

 

[BrianDrab]

Thanks for the confirmation that you are not changing the setting unless I ask. That's helpful.

Can you double-click on QueryInfo2.bat again and post the results of that? The file should still be on your desktop or you can re-download from the previous post. Thanks.

 

[wavly]

Sorry Brian, I thought I'd posted the file you asked for but it was only when I didn't get a response I checked the forum and noticed I hadn't submitted it. Here is the contents of QueryInfo2.bat.



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
SusClientId REG_SZ e0a6eefb-d0d4-4ac1-ab4a-82f7f0584e3a
SusClientIdValidation REG_BINARY 060228011C1C53003200520051004A0039004600430041003000330035003800360020002000200020002000200006B888E3FC0FED31003200330034003900300045004E0034003000300030003100350031003200330034003900300045004E00340030003000300031003500
LastTaskOperationHandle REG_DWORD 0x14b
AUOptions REG_DWORD 0x4
CachedAUOptions REG_DWORD 0x4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
IsOOBEInProgress REG_DWORD 0x0
AUOptions REG_DWORD 0x2
ElevateNonAdmins REG_DWORD 0x1
ForcedReboot REG_DWORD 0x2
IncludeRecommendedUpdates REG_DWORD 0x1
NonFirmwareUpdatesAvailableForInstall REG_DWORD 0x0
NextDetectionTime REG_SZ 2015-06-21 16:59:21
DownloadExpirationTime REG_SZ 2015-06-22 02:12:46
CachedAUOptions REG_DWORD 0x2
InstallInProgress REG_DWORD 0x0
UpdatesAvailableForDownloadLogon REG_DWORD 0x1
UpdatesAvailableForInstallLogon REG_DWORD 0x0
UpdatesAvailableWithUiOrEulaLogon REG_DWORD 0x0
UpdatesAvailableWithUiLogon REG_DWORD 0x0
FirmwareUpdatesNotDownloaded REG_DWORD 0x0
FirmwareUpdatesNotInstalled REG_DWORD 0x0
OldestSpecialImportanceUpdateNotInstalledTimestampShutdown REG_SZ 2015-06-13 02:22:40


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Power
ContinueInstallAtShutdown-Final REG_DWORD 0xa
Firmware-Final REG_DWORD 0x1e
FirmwareForcedInstall-Final REG_DWORD 0x23
OfferInstallAtShutdown-Final REG_DWORD 0x28


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\117cab2d-82b1-4b5a-a08c-4d62dbee7782


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\9482f4b4-e343-43b6-b170-9a65bc822c77


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
LastSuccessTime REG_SZ 2015-06-20 21:57:46
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
LastSuccessTime REG_SZ 2015-06-20 02:14:52
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
LastSuccessTime REG_SZ 2015-06-13 02:25:29
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS
UpdateCount REG_DWORD 0x0
NotifiedCbsAboutUAS REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Volatile
PostRebootResultsProcessed REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade
ReservationsAllowed REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
BatchFlushAge REG_DWORD 0xe39
SamplingValue2 REG_DWORD 0x1c4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\9482f4b4-e343-43b6-b170-9a65bc822c77
CurrentCacheFile REG_SZ C:\WINDOWS\SoftwareDistribution\EventCache.v2\{6938E810-DE6E-4ED3-AA31-A0F15E2BDF9A}.bin
FlushCacheFiles REG_MULTI_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\117cab2d-82b1-4b5a-a08c-4d62dbee7782
RegisteredWithAU REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\9482f4b4-e343-43b6-b170-9a65bc822c77
RedirRefresh REG_SZ 2015-05-11 13:20:00


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending
ValidatedPreWsus3RegistrationRequests REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup
SelfUpdateStatus REG_DWORD 0x0
SelfupdateUnmanaged REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS
ClientHash2 REG_DWORD 0xfa


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS\{117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}
ResponseHash REG_BINARY EE2F5756D2AE0E3F034418E054625B4C0AD29AEEE9A78DAD311C79EC6BCA5D95
ResponseMarker REG_QWORD 0x1d08c07040e3662


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS\{9482F4B4-E343-43B6-B170-9A65BC822C77}
ResponseHash REG_BINARY 2495965A6A172A40039C27CC74DE0AE1F2ADA88CB1EB4C107257F3A15C48C26A
ResponseMarker REG_QWORD 0x1d08c0652a03a86

Thanks, wavly

 

[BrianDrab]

Thanks for the info. I still have a few options/ideas left to try. Please do the following.

Step#1 - SFCFix Script
Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

1. Download SFCFix.exe (by niemiro) and save this to your Desktop. If you still have this on your desktop from downloading previously, you don't need to re-download.
2. Download the file below, SFCScript.txt, and save this to your Desktop.
3. Save any open documents and close all open windows.
4. On your Desktop, you should see two files: SFCFix.exe and SFCScript.txt.
5. Drag the file SFCScript.txt onto the file SFCFix.exe and release it.
6. SFCFix will now process the script.
7. Upon completion, a file should be created on your Desktop: SFCFix.txt.
8. Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this file into your next post for me to analyse please

Step#2 - Gather Registry Info Again
1. Reboot your machine.
2. Then double-click on QueryInfo2.bat again and post the results.

---

Items for your next post
1. SFCFix.txt
2. QueryInfo2 contents

 

[wavly]

Thanks. Here are the files requested.

SFCFix version 2.4.5.0 by niemiro.
Start time: 2015-06-21 03:41:10.054
Microsoft Windows 8.1 Update 3 - amd64
Using .txt script file at C:\Users\John\Downloads\SFCScript.txt [0]








RegistryScript::
Successfully took ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate.


Successfully imported registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate.


Successfully restored ownership and permissions for registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate.
RegistryScript:: directive completed successfully.








Successfully processed all directives.
SFCFix version 2.4.5.0 by niemiro has completed.
Currently storing 1 datablocks.
Finish time: 2015-06-21 03:41:10.289
Script hash: SGRjjFtgUGkxSoYCJIXhU4MwiZR4phtnh5jQpGlAd7Y=
----------------------EOF-----------------------

QueryInfo2.bat:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
SusClientId REG_SZ e0a6eefb-d0d4-4ac1-ab4a-82f7f0584e3a
SusClientIdValidation REG_BINARY 060228011C1C53003200520051004A0039004600430041003000330035003800360020002000200020002000200006B888E3FC0FED31003200330034003900300045004E0034003000300030003100350031003200330034003900300045004E00340030003000300031003500
LastTaskOperationHandle REG_DWORD 0x124


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
IsOOBEInProgress REG_DWORD 0x0
AUOptions REG_DWORD 0x2
ElevateNonAdmins REG_DWORD 0x1
ForcedReboot REG_DWORD 0x2
IncludeRecommendedUpdates REG_DWORD 0x1
NonFirmwareUpdatesAvailableForInstall REG_DWORD 0x0
NextDetectionTime REG_SZ 2015-06-21 16:59:21
ScheduledInstallAttemptTime REG_SZ 2015-06-23 01:56:58
CachedAUOptions REG_DWORD 0x2
InstallInProgress REG_DWORD 0x0
UpdatesAvailableForDownloadLogon REG_DWORD 0x0
UpdatesAvailableForInstallLogon REG_DWORD 0x0
UpdatesAvailableWithUiOrEulaLogon REG_DWORD 0x0
UpdatesAvailableWithUiLogon REG_DWORD 0x0
FirmwareUpdatesNotDownloaded REG_DWORD 0x0
FirmwareUpdatesNotInstalled REG_DWORD 0x0
OldestSpecialImportanceUpdateNotInstalledTimestampShutdown REG_SZ 2015-06-13 02:22:40


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Power
ContinueInstallAtShutdown-Final REG_DWORD 0xa
Firmware-Final REG_DWORD 0x1e
FirmwareForcedInstall-Final REG_DWORD 0x23
OfferInstallAtShutdown-Final REG_DWORD 0x28


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\117cab2d-82b1-4b5a-a08c-4d62dbee7782


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\9482f4b4-e343-43b6-b170-9a65bc822c77


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
LastSuccessTime REG_SZ 2015-06-20 21:57:46
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
LastSuccessTime REG_SZ 2015-06-21 01:57:44
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
LastSuccessTime REG_SZ 2015-06-13 02:25:29
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS
UpdateCount REG_DWORD 0x2
NotifiedCbsAboutUAS REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Volatile
PostRebootResultsProcessed REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade
ReservationsAllowed REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
BatchFlushAge REG_DWORD 0xe39
SamplingValue2 REG_DWORD 0x1c4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\9482f4b4-e343-43b6-b170-9a65bc822c77
CurrentCacheFile REG_SZ C:\WINDOWS\SoftwareDistribution\EventCache.v2\{9A58748C-BD19-4C50-BAFB-5702A988BD9F}.bin
FlushCacheFiles REG_MULTI_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\117cab2d-82b1-4b5a-a08c-4d62dbee7782
RegisteredWithAU REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\9482f4b4-e343-43b6-b170-9a65bc822c77
RedirRefresh REG_SZ 2015-05-11 13:20:00


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending
ValidatedPreWsus3RegistrationRequests REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup
SelfUpdateStatus REG_DWORD 0x0
SelfupdateUnmanaged REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS
ClientHash2 REG_DWORD 0xfa


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS\{117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}
ResponseHash REG_BINARY EE2F5756D2AE0E3F034418E054625B4C0AD29AEEE9A78DAD311C79EC6BCA5D95
ResponseMarker REG_QWORD 0x1d08c07040e3662


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS\{9482F4B4-E343-43B6-B170-9A65BC822C77}
ResponseHash REG_BINARY 2495965A6A172A40039C27CC74DE0AE1F2ADA88CB1EB4C107257F3A15C48C26A
ResponseMarker REG_QWORD 0x1d08c0652a03a86

wavly

 

[BrianDrab]

Thanks. Now set your Windows Update settings to the way you want them and then do the following again.

Gather Registry Info Again
1. Then double-click on QueryInfo2.bat again and post the results.

 

[wavly]

Thanks for that. I selected the recommended option to install updates automatically by clicking on the flag notification. I then had a look at update settings by clicking on system then windows update. It seems my choice has been registered as instead of telling me I had updates to install it said to restart my PC to finish installing updates and that my PC would automatically restart in one day if I didn't. I think you wanted the registry info before I re-booted so I've copied QueryInfo2.bat after I changed the settings. I haven't re-booted and will not do so until I hear further from you.



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
SusClientId REG_SZ e0a6eefb-d0d4-4ac1-ab4a-82f7f0584e3a
SusClientIdValidation REG_BINARY 060228011C1C53003200520051004A0039004600430041003000330035003800360020002000200020002000200006B888E3FC0FED31003200330034003900300045004E0034003000300030003100350031003200330034003900300045004E00340030003000300031003500
LastTaskOperationHandle REG_DWORD 0xbc


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
IsOOBEInProgress REG_DWORD 0x0
AUOptions REG_DWORD 0x4
ElevateNonAdmins REG_DWORD 0x1
ForcedReboot REG_DWORD 0x2
IncludeRecommendedUpdates REG_DWORD 0x1
NonFirmwareUpdatesAvailableForInstall REG_DWORD 0x0
NextDetectionTime REG_SZ 2015-06-22 14:19:58
CachedAUOptions REG_DWORD 0x4
InstallInProgress REG_DWORD 0x0
UpdatesAvailableForDownloadLogon REG_DWORD 0x0
UpdatesAvailableForInstallLogon REG_DWORD 0x0
UpdatesAvailableWithUiOrEulaLogon REG_DWORD 0x0
UpdatesAvailableWithUiLogon REG_DWORD 0x0
FirmwareUpdatesNotDownloaded REG_DWORD 0x0
FirmwareUpdatesNotInstalled REG_DWORD 0x0
ScheduledInstallAttemptTime REG_SZ 2015-06-23 17:50:41


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Power
ContinueInstallAtShutdown-Final REG_DWORD 0xa
Firmware-Final REG_DWORD 0x1e
FirmwareForcedInstall-Final REG_DWORD 0x23
OfferInstallAtShutdown-Final REG_DWORD 0x28


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\117cab2d-82b1-4b5a-a08c-4d62dbee7782


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\9482f4b4-e343-43b6-b170-9a65bc822c77


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
LastSuccessTime REG_SZ 2015-06-21 17:42:01
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
LastSuccessTime REG_SZ 2015-06-21 17:50:40
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
LastSuccessTime REG_SZ 2015-06-21 17:49:43
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
SecurityUpdatesRebootRequiredNotificationTime REG_SZ 2015-06-23 03:20:27
RebootRequiredNotificationFlags REG_DWORD 0x0
RebootRequiredSince REG_SZ 2015-06-21 03:18:54
767f9e6f-3cc2-47c8-a982-e74ad0f90474 REG_DWORD 0x1
1854d022-bedb-40e5-954f-7642e8fc0297 REG_DWORD 0x1
1e843700-aaef-4670-830c-2e18b10f921d REG_DWORD 0x1
45356226-fb1c-4c2d-9e69-23b3a824c46d REG_DWORD 0x1
2802e533-71d6-43eb-874d-2ee619159d9a REG_DWORD 0x1
0414b53c-08ef-4ad4-b066-ff921796a96f REG_DWORD 0x1
b01a4e2a-56e7-4d3c-8115-aa66045dab77 REG_DWORD 0x1
cde5337e-6617-42ae-ab13-65d897a4a64a REG_DWORD 0x1
2b9761d6-a2e4-4903-bc1c-53932d4808e8 REG_DWORD 0x1
9a701e98-8a09-49d4-8d82-893e2838dda7 REG_DWORD 0x1
4f3956d4-8cd3-4079-b988-73c658ed9b70 REG_DWORD 0x1
69e9bde5-695e-422e-9b82-5a22cf5c91d5 REG_DWORD 0x1
AULastForcedRebootType REG_DWORD 0x4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS
UpdateCount REG_DWORD 0x1
NotifiedCbsAboutUAS REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Volatile
PostRebootResultsProcessed REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade
ReservationsAllowed REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
BatchFlushAge REG_DWORD 0xe39
SamplingValue2 REG_DWORD 0x1c4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\117cab2d-82b1-4b5a-a08c-4d62dbee7782
CurrentCacheFile REG_SZ C:\WINDOWS\SoftwareDistribution\EventCache.v2\{96161BA8-AA67-4F3C-B6D0-005E79AF4AE0}.bin
FlushCacheFiles REG_MULTI_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy\9482f4b4-e343-43b6-b170-9a65bc822c77
CurrentCacheFile REG_SZ C:\WINDOWS\SoftwareDistribution\EventCache.v2\{75BE5016-ACB8-400C-93BE-FAA6F6B2CEAB}.bin
FlushCacheFiles REG_MULTI_SZ


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\DontExpirePolledEvents


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootNotCompleted


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\117cab2d-82b1-4b5a-a08c-4d62dbee7782
RegisteredWithAU REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\9482f4b4-e343-43b6-b170-9a65bc822c77
RedirRefresh REG_SZ 2015-05-11 13:20:00


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending
ValidatedPreWsus3RegistrationRequests REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup
SelfUpdateStatus REG_DWORD 0x0
SelfupdateUnmanaged REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS
ClientHash2 REG_DWORD 0xfa


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS\{117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}
ResponseHash REG_BINARY EE2F5756D2AE0E3F034418E054625B4C0AD29AEEE9A78DAD311C79EC6BCA5D95
ResponseMarker REG_QWORD 0x1d08c07040e3662


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS\{9482F4B4-E343-43B6-B170-9A65BC822C77}
ResponseHash REG_BINARY 2495965A6A172A40039C27CC74DE0AE1F2ADA88CB1EB4C107257F3A15C48C26A
ResponseMarker REG_QWORD 0x1d08c0652a03a86

wavly

 

[BrianDrab]

Perfect. Go ahead and reboot. See if it continues to stick with the correct setting.

 

[wavly]

Aarrgh!! I thought the problem had been fixed. I re-booted and computer automatically installed updates. I checked update settings after it had finished and the message screen was different and said I would be notified when Windows 10 upgrade was ready to be installed. When I right clicked on the newly installed updates I had an option to uninstall them which I didn't have with earlier updates. The flag came up and said there were no issues requiring attention. I was sure the issue had been resolved but I shut down and turned machine on. This time the flag signal came up with the message 'solve PC issues: 1 message' - Change Windows Update settings. The window opens up to offer me to update automatically or let me choose. If I look at Windows Update via System and Security it now shows the message about Windows 10, where previously it was asking me to choose an install option.

I'm guessing you might want a look at QueryInfo2.bat so have pasted here.



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
SusClientId REG_SZ e0a6eefb-d0d4-4ac1-ab4a-82f7f0584e3a
SusClientIdValidation REG_BINARY 060228011C1C53003200520051004A0039004600430041003000330035003800360020002000200020002000200006B888E3FC0FED31003200330034003900300045004E0034003000300030003100350031003200330034003900300045004E00340030003000300031003500
LastTaskOperationHandle REG_DWORD 0x52


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
IsOOBEInProgress REG_DWORD 0x0
AUOptions REG_DWORD 0x2
ElevateNonAdmins REG_DWORD 0x1
IncludeRecommendedUpdates REG_DWORD 0x1
NonFirmwareUpdatesAvailableForInstall REG_DWORD 0x0
NextDetectionTime REG_SZ 2015-06-22 14:19:58
CachedAUOptions REG_DWORD 0x4
InstallInProgress REG_DWORD 0x0
UpdatesAvailableForDownloadLogon REG_DWORD 0x0
UpdatesAvailableForInstallLogon REG_DWORD 0x0
UpdatesAvailableWithUiOrEulaLogon REG_DWORD 0x0
UpdatesAvailableWithUiLogon REG_DWORD 0x0
FirmwareUpdatesNotDownloaded REG_DWORD 0x0
FirmwareUpdatesNotInstalled REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Power
ContinueInstallAtShutdown-Final REG_DWORD 0xa
Firmware-Final REG_DWORD 0x1e
FirmwareForcedInstall-Final REG_DWORD 0x23
OfferInstallAtShutdown-Final REG_DWORD 0x28


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\117cab2d-82b1-4b5a-a08c-4d62dbee7782


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\9482f4b4-e343-43b6-b170-9a65bc822c77


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
LastSuccessTime REG_SZ 2015-06-21 17:42:01
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
LastSuccessTime REG_SZ 2015-06-21 17:50:40
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
LastSuccessTime REG_SZ 2015-06-21 19:06:23
LastError REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\UAS
UpdateCount REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\OSUpgrade
ReservationsAllowed REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
BatchFlushAge REG_DWORD 0xe39
SamplingValue2 REG_DWORD 0x1c4


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache.v2\Legacy


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\RebootWatch


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\117cab2d-82b1-4b5a-a08c-4d62dbee7782
RegisteredWithAU REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\9482f4b4-e343-43b6-b170-9a65bc822c77
RedirRefresh REG_SZ 2015-05-11 13:20:00


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending
ValidatedPreWsus3RegistrationRequests REG_DWORD 0x1


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup
SelfUpdateStatus REG_DWORD 0x0
SelfupdateUnmanaged REG_DWORD 0x0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS
ClientHash2 REG_DWORD 0xfa


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS\{117CAB2D-82B1-4B5A-A08C-4D62DBEE7782}
ResponseHash REG_BINARY EE2F5756D2AE0E3F034418E054625B4C0AD29AEEE9A78DAD311C79EC6BCA5D95
ResponseMarker REG_QWORD 0x1d08c07040e3662


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\SLS\{9482F4B4-E343-43B6-B170-9A65BC822C77}
ResponseHash REG_BINARY 2495965A6A172A40039C27CC74DE0AE1F2ADA88CB1EB4C107257F3A15C48C26A
ResponseMarker REG_QWORD 0x1d08c0652a03a86

wavly