Windows Update will not download updates

[ev47715]

Scans with Malwarebytes and Avast show nothing.  However, I'm unable to download and install Windows 7 updates.  Any help is appreciated!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-03-2016

Ran by admin (administrator) on ADMIN-PC (03-03-2016 15:31:17)

Running from C:\Users\admin\Downloads

Loaded Profiles: admin (Available Profiles: admin)

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 9 (Default browser: FF)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.2.241.0\BBSvc.EXE

(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(CANON INC.) C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

(Hewlett-Packard Company) C:\Program Files\PictureMover\Bin\PictureMover.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-28] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-20] (Synaptics Incorporated)

HKLM\...\Run: [iJNetworkScanUtility] => C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.)

HKLM\...\Run: [Windows Mobile Device Center] => C:\windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)

HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)

HKLM\...\Run: [Carbonite Backup] => C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1016464 2011-09-08] (Carbonite, Inc.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6108752 2015-11-13] (AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-07-22] (AVAST Software)

ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2011-09-08] (Carbonite, Inc.)

ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2011-09-08] (Carbonite, Inc.)

ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2011-09-08] (Carbonite, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-02-13]

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk [2013-12-07]

ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{5F4D49A4-0C59-43A3-B2BB-461DFA693CFA}: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{98F0A2DD-7FA4-4F1B-BD5E-0044E33B8CD4}: [DhcpNameServer] 192.168.1.1

 

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-3709177842-1407763618-372791389-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

HKU\S-1-5-21-3709177842-1407763618-372791389-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

SearchScopes: HKLM -> {0EF3D5EE-B833-43EC-8265-E0B5C71D50AB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

SearchScopes: HKU\S-1-5-21-3709177842-1407763618-372791389-1000 -> DefaultScope {0EF3D5EE-B833-43EC-8265-E0B5C71D50AB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS358

SearchScopes: HKU\S-1-5-21-3709177842-1407763618-372791389-1000 -> {0EF3D5EE-B833-43EC-8265-E0B5C71D50AB} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS358

BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)

BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)

BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-07-22] (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)

BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-01] (Sun Microsystems, Inc.)

BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.2.241.0\BingExt.dll [2013-07-23] (Microsoft Corporation.)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)

Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\joorn68q.default

FF Homepage: hxxp://www.google.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-21] ()

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)

FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)

FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-02-13] [not signed]

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-15]

FF HKU\S-1-5-21-3709177842-1407763618-372791389-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

 

Chrome: 

=======

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\gcswf32.dll => No File

CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll => No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.140.8) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U14) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll => No File

CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll => No File

CHR Plugin: (Microsoft Office 2003) - C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File

CHR Plugin: (MSN® Toolbar) - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll => No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll => No File

CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Chrome Web Store Payments) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-14]

CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-07-22]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-07-22] (AVAST Software)

R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-07-22] (Avast Software)

R2 CarboniteService; C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe [3908752 2011-09-08] (Carbonite, Inc. (www.carbonite.com))

R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)

R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)

R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)

R2 hasplms; C:\windows\system32\hasplms.exe [4665168 2015-09-24] (SafeNet Inc.)

S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]

R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]

R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)

S3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [51512 2009-08-17] (TOSHIBA Corporation)

R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-11] (TOSHIBA Corporation)

S3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-09-17] (TOSHIBA Corporation)

S3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 aksfridge; C:\windows\System32\DRIVERS\aksfridge.sys [438640 2015-09-24] (SafeNet Inc.)

S3 akshasp; C:\windows\System32\DRIVERS\akshasp.sys [238208 2012-06-15] (Aladdin Knowledge Systems Ltd.)

S3 akshhl; C:\windows\System32\DRIVERS\akshhl.sys [46720 2012-06-15] (SafeNet Inc.)

S3 aksusb; C:\windows\System32\DRIVERS\aksusb.sys [289152 2012-06-15] (SafeNet Inc.)

R2 aswHwid; C:\windows\system32\drivers\aswHwid.sys [24016 2015-07-22] (AVAST Software)

R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [76000 2015-07-22] (AVAST Software)

R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [81728 2015-07-22] (AVAST Software)

R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49776 2015-07-22] (AVAST Software)

R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [794952 2015-11-13] (AVAST Software)

R1 aswSP; C:\windows\system32\drivers\aswSP.sys [435464 2015-11-13] (AVAST Software)

R2 aswStm; C:\windows\system32\drivers\aswStm.sys [113592 2015-07-22] (AVAST Software)

R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [208664 2015-07-22] (AVAST Software)

R2 hardlock; C:\windows\system32\drivers\hardlock.sys [618352 2015-09-24] (SafeNet Inc.)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)

R0 ngvss; C:\windows\system32\Drivers\ngvss.sys [95112 2015-07-22] (AVAST Software)

R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)

R3 RTL8187Se; C:\windows\System32\DRIVERS\RTL8187Se.sys [372736 2009-08-13] (Realtek Semiconductor Corporation                           )

S3 ssrangdr; C:\windows\System32\DRIVERS\ssrangdr.sys [2560 2009-11-06] (SupportSoft Inc.)

R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)

R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-07-22] (Avast Software)

U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)

S3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [X]

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-03 15:31 - 2016-03-03 15:32 - 00018614 _____ C:\Users\admin\Downloads\FRST.txt

2016-03-03 15:30 - 2016-03-03 15:31 - 00000000 ____D C:\FRST

2016-03-03 15:30 - 2016-03-03 15:30 - 01722368 _____ (Farbar) C:\Users\admin\Downloads\FRST.exe

2016-03-02 16:40 - 2016-03-02 16:40 - 00347816 _____ (Microsoft Corporation) C:\Users\admin\Downloads\MicrosoftFixit.wu.MATSKB.Run.exe

2016-03-02 16:35 - 2016-03-02 16:35 - 00302011 _____ C:\Users\admin\Downloads\WindowsUpdateDiagnostic (2).diagcab

2016-03-02 16:31 - 2016-03-02 16:34 - 239126136 _____ C:\Users\admin\Downloads\Windows6.1-KB947821-v34-x86.msu

2016-03-02 14:41 - 2016-03-02 14:41 - 00012872 _____ (SurfRight B.V.) C:\windows\system32\bootdelete.exe

2016-03-02 14:12 - 2016-03-02 14:43 - 00000000 ____D C:\ProgramData\HitmanPro

2016-03-02 14:11 - 2016-03-02 14:12 - 10457272 _____ (SurfRight B.V.) C:\Users\admin\Downloads\HitmanPro.exe

2016-03-02 14:06 - 2016-03-02 14:06 - 00302011 _____ C:\Users\admin\Downloads\WindowsUpdateDiagnostic (1).diagcab

2016-03-02 13:55 - 2016-03-02 13:55 - 00302011 _____ C:\Users\admin\Downloads\WindowsUpdateDiagnostic.diagcab

2016-03-02 13:18 - 2016-03-02 13:18 - 00012006 _____ C:\ComboFix.txt

2016-03-01 15:08 - 2016-03-01 15:08 - 00000000 ____D C:\Program Files\Common Files\SafeNet Sentinel

2016-03-01 15:07 - 2015-09-24 05:17 - 00208328 _____ (Aladdin Knowledge Systems Ltd.) C:\windows\system32\hlvdd.dll

2016-03-01 15:01 - 2016-03-01 15:05 - 15442136 _____ C:\Users\admin\Downloads\Sentinel_LDK_Run-time_setup.zip

2016-02-21 13:58 - 2016-03-02 11:13 - 00000000 ____D C:\Program Files\Mozilla Firefox

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-03 15:28 - 2009-12-25 10:31 - 00000882 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-03 15:27 - 2009-12-25 10:31 - 00000886 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-03 15:26 - 2009-07-13 22:53 - 00000006 ____H C:\windows\Tasks\SA.DAT

2016-03-03 15:14 - 2013-01-21 18:20 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2016-03-02 18:51 - 2009-07-13 22:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2016-03-02 18:51 - 2009-07-13 22:34 - 00015792 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2016-03-02 16:42 - 2009-07-13 20:37 - 00000000 ____D C:\windows\system32\NDF

2016-03-02 14:06 - 2011-03-13 16:09 - 00000000 ____D C:\Users\admin\AppData\Local\ElevatedDiagnostics

2016-03-02 13:18 - 2014-09-06 09:46 - 00000000 ____D C:\Qoobox

2016-03-02 13:16 - 2009-07-13 20:04 - 00000215 _____ C:\windows\system.ini

2016-03-02 12:59 - 2014-09-06 11:12 - 00000000 ____D C:\AdwCleaner

2016-03-02 12:59 - 2009-09-01 23:32 - 00726316 _____ C:\windows\system32\PerfStringBackup.INI

2016-03-02 12:59 - 2009-07-13 20:37 - 00000000 ____D C:\windows\inf

2016-03-02 12:57 - 2014-09-06 09:42 - 00001420 _____ C:\Users\admin\Desktop\Rkill.txt

2016-03-02 11:20 - 2014-09-06 12:50 - 00170200 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2016-03-02 11:19 - 2014-09-06 12:50 - 00001031 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-03-02 11:19 - 2014-09-06 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-03-02 11:19 - 2014-09-06 12:50 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware

2016-03-02 11:13 - 2012-10-29 18:38 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service

2016-03-01 15:06 - 2009-07-13 20:37 - 00000000 ____D C:\windows\system32\Setup

2016-03-01 13:42 - 2010-01-02 12:33 - 00000000 ____D C:\Program Files\BERNINA

2016-03-01 13:42 - 2009-09-01 23:30 - 00000000 ___HD C:\Program Files\InstallShield Installation Information

2016-03-01 13:41 - 2010-01-02 12:37 - 00000000 ____D C:\My Designs - Embroidery Software 6

2016-02-21 13:39 - 2013-01-21 18:20 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe

2016-02-21 13:39 - 2011-07-10 13:58 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl

2016-02-21 13:31 - 2012-05-14 18:07 - 00002129 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-02-21 13:31 - 2012-05-14 18:07 - 00002100 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-02-21 13:24 - 2009-07-13 22:52 - 00000000 ____D C:\windows\system32\FxsTmp

2016-02-03 18:03 - 2011-02-13 22:20 - 00000000 ____D C:\Users\admin\AppData\LocalLow\HPAppData

 

==================== Files in the root of some directories =======

 

2015-05-06 07:42 - 2015-05-06 07:42 - 0004096 ____H () C:\Users\admin\AppData\Local\keyfile3.drm

2011-02-13 17:29 - 2011-03-13 16:15 - 0001604 _____ () C:\ProgramData\hpzinstall.log

2010-01-02 12:42 - 2014-11-14 10:42 - 0000952 ___SH () C:\ProgramData\KGyGaAvL.sys

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\windows\explorer.exe => File is digitally signed

C:\windows\system32\winlogon.exe => File is digitally signed

C:\windows\system32\wininit.exe => File is digitally signed

C:\windows\system32\svchost.exe => File is digitally signed

C:\windows\system32\services.exe => File is digitally signed

C:\windows\system32\User32.dll => File is digitally signed

C:\windows\system32\userinit.exe => File is digitally signed

C:\windows\system32\rpcss.dll => File is digitally signed

C:\windows\system32\dnsapi.dll => File is digitally signed

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-12-25 00:52

 

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:02-03-2016

Ran by admin (2016-03-03 15:33:08)

Running from C:\Users\admin\Downloads

Microsoft Windows 7 Home Premium  Service Pack 1 (X86) (2009-12-14 19:33:07)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

admin (S-1-5-21-3709177842-1407763618-372791389-1000 - Administrator - Enabled) => C:\Users\admin

Administrator (S-1-5-21-3709177842-1407763618-372791389-500 - Administrator - Disabled)

Guest (S-1-5-21-3709177842-1407763618-372791389-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3709177842-1407763618-372791389-1002 - Limited - Enabled)

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden

Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)

Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)

Adobe Reader 9.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.0 - Adobe Systems Incorporated)

ATI Catalyst Install Manager (HKLM\...\{B4BB4CF2-F475-FB20-7AFA-F8AED032BFF8}) (Version: 3.0.732.0 - ATI Technologies, Inc.)

Avast Free Antivirus (HKLM\...\avast) (Version: 10.3.2223 - AVAST Software)

BERNINA Universal Communication Server (HKLM\...\{CF27C964-3902-4CA3-9C71-B0EAEB302AB5}) (Version: 1.1.2 - BERNINA)

Bing Bar (HKLM\...\{D322A9E3-758B-4D60-A7C4-65C88FD378D0}) (Version: 7.2.241.0 - Microsoft Corporation)

BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden

C310 (Version: 140.0.304.000 - Hewlett-Packard) Hidden

Canon IJ Network Scan Utility (HKLM\...\Canon_IJ_Network_Scan_UTILITY) (Version:  - )

Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version:  - )

Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )

Carbonite (HKLM\...\Carbonite Backup) (Version: 4.1.1 build 406 (Sep-08-2011) - Carbonite)

ccc-core-static (Version: 2009.0729.2238.38827 - ATI) Hidden

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

CorelDRAW Essentials 4 - Content (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Draw (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Extra Content (HKLM\...\_{806422F8-8E0A-494A-A369-0F34F1B89160}) (Version:  - Corel Corporation)

CorelDRAW Essentials 4 - Extra Content (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Filters (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - ICA (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - IPM - VBA (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang BR (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang DE (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang EN (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang ES (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang FR (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang IT (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang JP (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Lang NL (Version: 4.0 - Uw bedrijfsnaam) Hidden

CorelDRAW Essentials 4 - PHOTO-PAINT (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - VBA (Version: 4.0 - Corel Corporation) Hidden

CorelDRAW Essentials 4 - Windows Shell Extension (HKLM\...\_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}) (Version:  - Corel Corporation)

CorelDRAW Essentials 4 - Windows Shell Extension (Version: 1.1 - Corel Corporation) Hidden

CorelDRAW Essentials 4 (HKLM\...\_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}) (Version:  - Corel Corporation)

CorelDRAW Essentials 4 (Version: 4.0 - Corel Corporation) Hidden

Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden

DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)

Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version:  - )

EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON WorkForce 545 Series Printer Uninstall (HKLM\...\EPSON WorkForce 545 Series) (Version:  - SEIKO EPSON Corporation)

EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)

Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden

GoToMeeting 4.5.0.457 (HKU\S-1-5-21-3709177842-1407763618-372791389-1000\...\GoToMeeting) (Version:  - )

GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)

HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)

HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

HP Update (HKLM\...\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}) (Version: 5.002.002.002 - Hewlett-Packard)

HPAppStudio (Version: 140.0.95.000 - Hewlett-Packard) Hidden

HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden

HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden

HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden

Java 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)

Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Label@Once 1.0 (HKLM\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)

LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)

Mozilla Firefox 43.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MyToshiba (HKLM\...\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}) (Version: 2.2.0.3 - Toshiba)

Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden

NetZero Launcher (HKLM\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)

PictureMover (HKLM\...\{6B074646-5977-4a00-A942-8E51B675EEB6}) (Version: 3.6.0.6 - Hewlett-Packard Company)

PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

PS_AIO_07_C310_SW_Min (Version: 140.0.304.000 - Hewlett-Packard) Hidden

QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden

Realtek Ethernet Controller  Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)

Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)

Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden

Sentinel Runtime (HKLM\...\{84D2090E-5F36-491F-8D57-D8D01E2D7EB5}) (Version: 7.41.1.56613 - SafeNet Inc.)

Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)

Skype Launcher (HKLM\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)

SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden

Software Updater (HKLM\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION)

SolutionCenter (Version: 140.0.214.000 - Hewlett-Packard) Hidden

Status (Version: 140.0.256.000 - Hewlett-Packard) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)

Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden

Toshiba Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.0.9 - Toshiba)

TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.11 - TOSHIBA)

TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.21 - TOSHIBA Corporation)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)

TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)

TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.7.0 - TOSHIBA Corporation)

TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - TOSHIBA Corporation)

TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)

TOSHIBA Hardware Setup (HKLM\...\{D0387727-C89D-4774-B643-B9333EAA09DE}) (Version: 2.00.11 - TOSHIBA Corporation)

TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.2 - TOSHIBA Corporation)

TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.01 - TOSHIBA Corporation)

Toshiba Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.35 - Toshiba)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.0 - TOSHIBA Corporation)

Toshiba Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.001.0000 - Toshiba)

TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.2 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)

TOSHIBA Speech System Applications (HKLM\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )

TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version:  - )

TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version:  - )

TOSHIBA Supervisor Password (HKLM\...\{A208044D-A88B-4ACF-AE95-E4F213E6EDC0}) (Version: 2.00.09 - TOSHIBA Corporation)

TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.26 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)

ToshibaRegistration (HKLM\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)

TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)

WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden

Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)

Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-3709177842-1407763618-372791389-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\457\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0951AA77-FED9-4659-AC02-0BC94C8A92F9} - System32\Tasks\Ad-Aware Update (Daily 1) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

Task: {0F5F9705-E97C-4471-AF9E-85971F7829AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)

Task: {152F4F4F-581B-4BA9-91DB-CFD301EFEF94} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-21] (Adobe Systems Incorporated)

Task: {398CA71F-0EDD-4C25-916B-ED624CC240D9} - System32\Tasks\Ad-Aware Update (Daily 4) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

Task: {431CBDD0-E60A-46AA-BF66-8935B1090FB2} - System32\Tasks\{29E38B0A-ECB7-4FA3-8F7C-AF56018269B5} => C:\Program Files\BERNINA\Embroidery Software 6\BIN\DESLOADR.EXE

Task: {4B7CCBE4-768A-4E11-83A1-AF8AF7FF22E7} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-13] (TOSHIBA CORPORATION)

Task: {55AB36CC-6568-471B-BD5A-0377AA5B7805} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)

Task: {6BD66DAD-673D-4F06-B502-A09852CA53F9} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

Task: {73CACA19-6F15-4A8B-98CA-F86ED24DC2B8} - System32\Tasks\{72DF3AF1-879B-47FC-A0AC-88B3E7900273} => C:\Program Files\BERNINA\Embroidery Software 6\BIN\DESLOADR.EXE

Task: {74B5B0D6-DF01-48A4-BD8D-9204BBD5CE1A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-07-22] (AVAST Software)

Task: {93093D2D-CCBE-4295-B361-75C452BA40B5} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-02-21] (AVAST Software)

Task: {AAB2649D-DEBA-451B-B50D-6F915D80F225} - System32\Tasks\Ad-Aware Update (Daily 3) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

Task: {BBFDC0DE-5ABB-48AA-8F69-A4CFE4A93146} - System32\Tasks\{0340498A-F6C9-4E5E-B21C-345B98B5FB50} => pcalua.exe -a C:\Users\admin\Desktop\HASPUserSetup.exe -d C:\Users\admin\Desktop

Task: {E9009972-3363-4241-83A8-B6D18B58131B} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

Task: {F2FC3CE3-D7C2-49C3-B2F6-F63110E5C949} - System32\Tasks\{BC49AA86-D30B-4F7B-9E31-6AE191D1C685} => C:\Program Files\BERNINA\Embroidery Software 6\BIN\DESLOADR.EXE

Task: {F921280C-5D71-4B92-B699-996CA367B06C} - System32\Tasks\Ad-Aware Update (Daily 2) => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-07-22 17:50 - 2015-07-22 17:50 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll

2015-07-22 17:49 - 2015-07-22 17:49 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-03-03 15:15 - 2016-03-03 15:15 - 02838016 _____ () C:\Program Files\AVAST Software\Avast\defs\16030301\algo.dll

2015-07-22 17:50 - 2015-07-22 17:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2013-12-07 16:41 - 2012-02-16 15:01 - 12290432 _____ () C:\Users\admin\AppData\Roaming\PictureMover\Bin\Core.dll

2009-07-13 15:03 - 2009-07-13 19:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll

2013-12-07 16:41 - 2012-02-16 15:09 - 01699200 _____ () C:\Users\admin\AppData\Roaming\PictureMover\EN-US\Presentation.dll

2016-02-21 13:30 - 2016-02-17 22:14 - 01630360 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.116\libglesv2.dll

2016-02-21 13:30 - 2016-02-17 22:14 - 00085656 _____ () C:\Program Files\Google\Chrome\Application\48.0.2564.116\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2009-07-13 20:04 - 2014-09-06 10:56 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-3709177842-1407763618-372791389-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

MSCONFIG\startupreg: EPLTarget => 

MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe"

MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"

MSCONFIG\startupreg: LtMoh => C:\Program Files\ltmoh\Ltmoh.exe

MSCONFIG\startupreg: MyTOSHIBA => "C:\Program Files\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO

MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED

MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

MSCONFIG\startupreg: StartCCC => "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

MSCONFIG\startupreg: TosWaitSrv => %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

MSCONFIG\startupreg: TWebCamera => "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{4C04F02E-01D6-4B04-8EC2-A3DE3763BF13}] => (Allow) C:\Program Files\Windows Live\Messenger\wlcsdk.exe

FirewallRules: [{A324DA70-2623-42DF-8B3F-DBC2404A1C06}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [{EEF08182-FF23-46DE-A90B-560A9D3E1F30}] => (Allow) svchost.exe

FirewallRules: [{6684ABBE-2F13-4560-BBC4-712006BE97ED}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [TCP Query User{B53697F0-67A0-46D4-9B87-F52710F5F3A8}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe

FirewallRules: [uDP Query User{2F11A705-29D1-42F4-8855-F8122DDB268A}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe

FirewallRules: [{4FE4FE06-DA5B-436B-A394-56AD9A9C09FE}] => (Allow) D:\setup\hpznui01.exe

FirewallRules: [{21B36C9E-3E2B-4B41-9D96-7ABED81181C3}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

FirewallRules: [{EFADD345-2004-4DC4-BBFE-2B05DBE90750}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

FirewallRules: [{0B22C0D1-DB93-4F79-AD1B-93A097393155}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe

FirewallRules: [{3DFAF124-54F1-492D-8725-381A854C379C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe

FirewallRules: [{3D225D50-1EBF-4A01-B993-65C9805C0348}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe

FirewallRules: [{A94CF39E-FF23-41CE-9A17-CFF55CA9CBCC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe

FirewallRules: [{6F432DFB-5EB2-48A6-B101-49EAAB3BDC11}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe

FirewallRules: [{611EF59E-14FE-47D3-B470-FA2DC8703856}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe

FirewallRules: [{83BA7677-6B47-44AE-836E-18D01CB1C5C8}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

FirewallRules: [{2E4B55A1-2999-4DB3-816E-7BBB2AEB03FD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe

FirewallRules: [{B5B50149-4E84-4B17-8D82-BB870544237C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe

FirewallRules: [{6790CF26-3F41-472B-ACE1-9FC85994FB8A}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe

FirewallRules: [{C367907D-C07C-41A6-8114-A401A90575A8}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe

FirewallRules: [{31BA08D8-3788-4DB1-9112-DAA7A076E16A}] => (Allow) C:\Windows\System32\hasplms.exe

FirewallRules: [{69B58F7B-5C67-4880-B45C-6A616BF13AF5}] => (Allow) C:\Windows\System32\hasplms.exe

FirewallRules: [{91569241-6381-40E1-A636-98D8958027AA}] => (Allow) C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe

FirewallRules: [{63CC79D6-A5AE-43F0-906B-BB5F249DBF9B}] => (Allow) C:\Users\admin\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe

FirewallRules: [{662664AA-01B8-451C-B325-F7E3834990FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{8C88DA73-D440-4BAF-BB07-B0B448EF23FE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{8222E36D-74B7-4800-B6AB-D169AA05C265}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [uDP Query User{F1E7A273-7F23-4D4E-AC14-373F89B82E8D}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe

FirewallRules: [{BFBBE943-5C0D-4ED0-A937-378520F5A6CC}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{52B24D84-9077-4FDA-90D3-85D195BFE607}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

FirewallRules: [{15183D6A-7B5D-4A7F-9BD3-AE5753DCB60A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{7B18D5A8-3B40-42CD-B8D8-290974860CCC}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

FirewallRules: [{D088A90E-9C33-463B-B88D-CD2E6B3D38EC}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

FirewallRules: [{0E388663-D65F-4215-A8D9-2BD6493EEAEF}] => (Allow) C:\windows\system32\hasplms.exe

 

==================== Restore Points =========================

 

01-03-2016 13:40:52 Removed BERNINA Embroidery Software

01-03-2016 15:06:33 Installed Sentinel Runtime

02-03-2016 14:40:11 Checkpoint by HitmanPro

02-03-2016 14:41:16 Checkpoint by HitmanPro

 

==================== Faulty Device Manager Devices =============

 

Name: Officejet 6500 E710n-z

Description: Officejet 6500 E710n-z

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/02/2016 04:44:24 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000224,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,008AEC9C.64).  hr = 0x80070005, Access is denied.

.

 

Error: (03/02/2016 04:44:24 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000224,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,008AEC9C.64).  hr = 0x80070005, Access is denied.

.

 

Error: (03/02/2016 04:35:55 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000894,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssapiPublisher,0,REG_BINARY,06B3FD34.64).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (03/02/2016 04:35:55 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000298,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,0090F3D0.64).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (03/02/2016 04:35:55 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000298,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,0090F3D0.64).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (03/02/2016 04:35:55 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000224,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0090F378.64).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (03/02/2016 04:35:55 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000224,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0090F378.64).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (03/02/2016 04:35:55 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000298,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,0090F3D4.64).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (03/02/2016 04:35:53 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000298,SYSTEM\CurrentControlSet\Services\VSS\Diag\SwProvider_{b5946137-7b9f-4925-af80-51abd60b20d5},0,REG_BINARY,0090F3D4.64).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

Error: (03/02/2016 04:35:53 PM) (Source: VSS) (EventID: 8193) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000224,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0090F378.64).  hr = 0x80070005, Access is denied.

.

 

 

Operation:

   Executing Asynchronous Operation

 

Context:

   Current State: DoSnapshotSet

 

 

System errors:

=============

Error: (03/03/2016 03:27:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

 

Error: (03/03/2016 03:27:38 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.

 

Error: (03/03/2016 03:26:21 PM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active

 

Error: (03/03/2016 03:26:21 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

Error: (03/03/2016 03:25:19 PM) (Source: Service Control Manager) (EventID: 7043) (User: )

Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

 

Error: (03/03/2016 03:14:49 PM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active

 

Error: (03/02/2016 08:15:40 PM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active

 

Error: (03/02/2016 06:51:31 PM) (Source: atapi) (EventID: 11) (User: )

Description: The driver detected a controller error on \Device\Ide\IdePort1.

 

Error: (03/02/2016 06:42:50 PM) (Source: atikmdag) (EventID: 10261) (User: )

Description: Display is not active

 

Error: (03/02/2016 06:42:50 PM) (Source: atikmdag) (EventID: 19468) (User: )

Description: CPLIB :: General - Invalid Parameter

 

 

==================== Memory info =========================== 

 

Processor: AMD Turion II Dual-Core Mobile M500

Percentage of memory in use: 46%

Total physical RAM: 2812.17 MB

Available physical RAM: 1492.58 MB

Total Virtual: 5622.63 MB

Available Virtual: 4262.43 MB

 

==================== Drives ================================

 

Drive c: (TI103426W0D) (Fixed) (Total:288.71 GB) (Free:243.98 GB) NTFS ==>[system with boot components (obtained from drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 89E6579C)

Partition 1: (Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Not Active) - (Size=288.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=7.9 GB) - (Type=17)

 

==================== End of Addition.txt ============================

 

[TwinHeadedEagle]

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

• We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
• Note that we may live in totally different time zones, what may cause some delays between answers.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
• Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 

---

Has it always been a problem or started recently?

---

[ev47715]

This is my mothers laptop.  The last time updates were installed was 2012.. lol.  She has been complaining that it been "slow" for some time now. 

[TwinHeadedEagle]

Let's try this:
 
 
Check Disk

chkdsk C: /r

• Press the + R on your keyboard at the same time. Type cmd and click OK.
• Copy/Enter the command below and press Enter:
• You should get a message to schedule Check Disk at next system restart. Please type Y and press Enter.
• All you should do now is to restart your PC and let the Check Disk process finish uninterrupted.

Check Disk report:

• Press the + R on your keyboard at the same time. Type eventvwr and click OK.
• In the left panel, expand Windows Logs and then click on Application.
• Now, on the right side, click on Filter Current Log.
• Under Event Sources, check only Wininit and click OK.
• Now you'll be presented with one or multiple Wininit logs.
• Click on an entry corresponding to the date and time of the disk check.
• On the top main menu, click Action > Copy > Copy Details as Text.
• Paste the contents into your next reply.

[ev47715]

This is the message that I get when the laptop tries to perform a chkdsk after reboot.

 

Cannot open volume for direct access. Autochk cannot run due to an error caused by a recently installed software package.

 

Use the system restore feature from the control panel to restore the system to a point prior to the recent software package installation.

 

An unspecified error occured (766f6c756d652e63 3f1).

[TwinHeadedEagle]

Can you perform System Restore to some previous time?

[ev47715]

I wish it was that easy.  There are no restore points listed except for the ones I created a few days ago, which won't help.

[TwinHeadedEagle]

Okay, let's try this first. We will clean some temporary files. This will also empty browsers cache and history. If you have something that should be saved, please do it. It won't delete your bookmarks.
 
 
Fix with Farbar Recovery Scan Tool
 

This fix was created for this user for use on that particular machine.
Running it on another one may cause damage and render the system unstable.

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on icon and select Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please upload it to your reply.

fixlist.txt

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!