Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help! Amazon dumped tons of annoying malware on my laptop!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help! Amazon dumped tons of annoying malware on my laptop!

Unread postby zintar » December 2nd, 2015, 2:58 pm

Hello,
This past Saturday, November 28, I clicked on an item on my Amazon.com shopping cart. I was concerned as the price jumped $15 overnight, with no notice from Amazon, and thought I would find some info on the sales page. It opened fine, but then a number of popup windows opened, a large one with items supposedly related to the product I added to my shopping cart, although I could tell it was not from Amazon, and several smaller popup windows along the bottom of the screen. At first I thought it was a problem with Amazon, but later in the day I got the same problem on every site I opened, including Malwareremoval.com. It was also opening full sites which all asked me to register and enter my personal information. I used Malwarebytes and AdwCleaner to remove the problem files, and though they removed several files, I continued to get attacked. Malwarebytes kept blocking the sites, but apparently some got through and continued to open windows and pages. including a game site named Piercing Blow. Other sites are Internet Influences.com, player-update.com, a.mktngadvert.com and reimageplus.com

I had been away since Sunday and could not access the computer until now. The "attacks" began as soon as I opened my browser. I am currently using Chrome so I don't know if the problem will continue if I switch to Firefox.

Also, the onslaught has been slowing down my computer so much I could not type this message on the computer but instead needed to use my main computer.

Here are the files from the FRST scan I performed on the computer a few minutes ago:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by user (administrator) on USER-PC (02-12-2015 13:16:10)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [EPSON_UD_START] => C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [534664 2011-11-17] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [USB2Check] => RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-10-09] ()
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\Hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: F - F:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {0f458b28-6858-11e4-97c8-0016d3296595} - F:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {3fb76f0e-2be8-11e5-adb4-0016d3296595} - E:\StormF1.exe
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {3fb7701a-2be8-11e5-adb4-0016d3296595} - E:\StormF1.exe
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {3fb7701e-2be8-11e5-adb4-0016d3296595} - E:\StormF1.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-22] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-06-05]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-11-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TabUserW.exe.lnk [2015-06-05]
ShortcutTarget: TabUserW.exe.lnk -> C:\Windows\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{57B789C4-6AF9-43DD-8929-7EEC91B8F2F1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-08] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-617073521-755056118-2606118670-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-02] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-28] [not signed]
FF HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-11-06]
CHR Extension: (Video Downloader professional) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-12-02]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3219136 2015-10-22] (Avast Software)
R2 EMP_UDSA; C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-10-09] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-09-01] (Ellora Assets Corp.) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-07-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-10-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-10-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-10-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115640 2015-10-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-10-22] (AVAST Software)
R3 EMP_MIRRUD; C:\Windows\System32\DRIVERS\EMP_MirrUD.sys [3712 2011-11-17] (Windows (R) Codename Longhorn DDK provider)
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [17664 2011-11-17] (SEIKO EPSON CORPORATION)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-10-22] (AVAST Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 PinnacleMarvinAVS; C:\Windows\System32\DRIVERS\MarvinAVS.sys [434176 2007-05-09] (Pinnacle a division of Avid Technology, Inc.)
R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [51816 2012-09-21] (AuthenTec, Inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [658560 2013-08-09] (eMPIA Technology Corp.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [1327616 2013-08-09] (eMPIA Technology Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-10-22] (Avast Software)
R3 WacomVHidPen; C:\Windows\System32\DRIVERS\wacomvhidpen.sys [9216 2004-10-29] (Wacom Technology) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-02 13:16 - 2015-12-02 13:17 - 00018105 _____ C:\Users\user\Desktop\FRST.txt
2015-12-02 13:15 - 2015-12-02 13:16 - 00000000 ____D C:\FRST
2015-12-02 13:13 - 2015-12-02 13:13 - 01721344 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2015-11-28 20:55 - 2015-12-02 12:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-28 20:54 - 2015-11-28 20:54 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-28 20:54 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-28 20:54 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-28 20:54 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-28 20:36 - 2015-11-28 20:37 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-28 18:44 - 2015-11-28 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-28 18:44 - 2015-11-28 20:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-28 18:44 - 2015-11-28 18:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 09:51 - 2015-11-28 09:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2015-11-28 09:51 - 2015-11-28 09:51 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-11-27 20:11 - 2015-10-29 12:49 - 00295936 ____N (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-27 20:10 - 2015-10-19 19:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00655360 ____N (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00552960 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00400896 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00259584 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00251392 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00223232 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00172032 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-27 20:10 - 2015-10-19 19:45 - 00065536 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00038912 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00036864 ____N (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00017408 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-27 20:10 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-27 20:07 - 2015-10-30 17:42 - 02279936 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-27 20:07 - 2015-10-30 16:51 - 02011136 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-27 20:07 - 2015-10-30 16:48 - 01311744 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-27 20:06 - 2015-09-23 08:09 - 00251000 ____N (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-27 20:05 - 2015-10-20 12:46 - 00566784 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-27 20:05 - 2015-10-20 12:46 - 00030208 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-06 18:15 - 2015-11-06 20:27 - 00236708 _____ C:\Users\user\Documents\66_Rockwel_Place_Open_Market_Waiting_List_Application Completed.pdf
2015-11-06 18:03 - 2015-11-06 18:03 - 00000963 _____ C:\Users\user\Desktop\66_Rockwel_Place_Open_Market_Waiting_List_Application - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-02 13:17 - 2014-10-29 16:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-02 13:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows
2015-12-02 13:05 - 2014-10-29 14:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 12:59 - 2009-07-13 23:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-02 12:59 - 2009-07-13 23:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-02 12:52 - 2014-10-29 16:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-12-02 12:51 - 2014-10-29 14:41 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 12:51 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-02 12:49 - 2015-02-22 14:10 - 00000000 ____D C:\AdwCleaner
2015-11-28 21:31 - 2010-11-20 16:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-28 21:31 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2015-11-28 21:11 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-11-28 20:45 - 2014-11-18 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuarkXPress 10
2015-11-28 20:45 - 2014-11-02 15:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Yahoo!
2015-11-28 20:45 - 2014-11-02 15:54 - 00000000 ____D C:\Program Files\Yahoo!
2015-11-28 20:26 - 2015-04-05 02:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-28 20:26 - 2011-04-11 21:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-28 20:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-11-28 20:25 - 2015-06-25 22:39 - 00000000 ____D C:\Program Files\Common Files\Freemake Shared
2015-11-28 20:25 - 2015-04-19 08:06 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-28 20:25 - 2015-04-15 06:12 - 00000000 ___RD C:\Program Files\Skype
2015-11-28 20:25 - 2015-04-15 06:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-28 20:25 - 2015-04-15 06:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-11-28 20:25 - 2015-04-10 19:00 - 00000000 ____D C:\Users\user\AppData\LocalLow\Oracle
2015-11-28 20:25 - 2015-01-10 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-28 20:25 - 2014-11-26 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-11-28 20:25 - 2014-11-23 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-11-28 20:25 - 2014-11-23 20:15 - 00000000 ____D C:\Program Files\QuickTime
2015-11-28 20:25 - 2014-11-08 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-28 20:25 - 2014-11-02 15:46 - 00000000 ____D C:\ProgramData\HP
2015-11-28 20:25 - 2014-10-31 12:55 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-11-28 20:25 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-28 20:23 - 2014-11-23 20:15 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-28 19:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SchCache
2015-11-27 20:39 - 2014-10-29 14:52 - 00000000 ____D C:\Windows\system32\MRT
2015-11-27 14:17 - 2014-10-29 16:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-27 14:17 - 2014-10-29 16:34 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-27 14:13 - 2014-10-29 14:43 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-06 20:00 - 2014-10-29 14:41 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-06 20:00 - 2014-10-29 14:41 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

==================== Files in the root of some directories =======

2014-12-23 18:24 - 2015-10-30 01:34 - 0016896 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-15 16:08 - 2015-02-15 16:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-02 15:46 - 2014-11-02 16:04 - 0001258 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\user\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\VideoConverter.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-28 18:15

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by user (2015-12-02 13:18:17)
Running from C:\Users\user\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-10-29 19:08:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-617073521-755056118-2606118670-500 - Administrator - Disabled)
Guest (S-1-5-21-617073521-755056118-2606118670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-617073521-755056118-2606118670-1002 - Limited - Enabled)
user (S-1-5-21-617073521-755056118-2606118670-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe PhotoDeluxe Home Edition 4.0 (HKLM\...\Adobe PhotoDeluxe Home Edition 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
Avery Design & Print (HKLM\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
AVS Audio Converter version 6.3 (HKLM\...\AVS Audio Converter 6.3_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C3100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (Version: 82.0.256.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Painter Essentials 2 (HKLM\...\{B946D46E-1302-48B4-84EE-B74C3191D975}) (Version: 4.0 - Corel Corporation)
CyberLink PowerDirector 10 (HKLM\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.0925 - CyberLink Corp.)
CyberLink WaveEditor (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
Epson USB Display (HKLM\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.60.000 - SEIKO EPSON CORPORATION)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Freemake Video Converter version 4.1.7 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
honestech VHS to DVD 3.0 Deluxe (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech)
honestech VHS to DVD 3.0 Deluxe (Version: 3.0 - Honest Technology) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kastor - All Video Downloader V 5.9.3 (HKLM\...\{CB84FEF5-C573-4328-B9AF-B28568A4E10E}_is1) (Version: 5.9.3.0 - KastorSoft)
Kazoo Player (HKLM\...\Kazoo Player) (Version: - )
Knoll Light Factory EZ Studio (HKLM\...\Knoll Light Factory EZ Studio) (Version: - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.21 - )
Magic Bullet Looks Studio (HKLM\...\Magic Bullet Looks Studio) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MGI VideoWave 5 (HKLM\...\{3C030509-F7E8-4919-B7E9-2DF65CA1C1E6}) (Version: 5.0.888.0 - MGI Software Corp.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Pinnacle Studio 14 (HKLM\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Studio Ultimate Collection Plugins (HKLM\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Quark Update (HKLM\...\{82154114-943B-4A6F-9B20-073C9573E93E}) (Version: 1.0.0.2 - Quark, Inc.)
QuarkXPress (HKLM\...\{EACCA5D3-5E48-4181-B953-1842BA6FED32}) (Version: 10.0.0.1 - Quark Software Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Red Giant ToonIt Studio (HKLM\...\Red Giant ToonIt Studio) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SlimCleaner (HKLM\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trapcode 3DStroke Studio (HKLM\...\Trapcode 3DStroke Studio) (Version: - )
Trapcode Particular Studio (HKLM\...\Trapcode Particular Studio) (Version: - )
Trapcode Shine Studio (HKLM\...\Trapcode Shine Studio) (Version: - )
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIDBOX Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.1 - honestech)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebPage version 4.2 (HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\{2D05A87F-C01D-4DE5-9119-2B87A070EF82}_is1) (Version: 4.2 - Trellian Softwares)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)

==================== Restore Points =========================

29-10-2015 18:12:55 Windows Update
06-11-2015 18:07:37 Windows Update
27-11-2015 20:00:06 Windows Update
27-11-2015 20:16:37 Windows Update
28-11-2015 19:44:21 Restore Operation
28-11-2015 19:57:01 avast! antivirus system restore point
28-11-2015 20:19:32 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {118814B6-BF6F-4CAF-B2F0-771A60E23C15} - System32\Tasks\{AAFEC5A3-4E2D-417B-96DD-FD45A7DB7DB4} => pcalua.exe -a C:\MAGIX\playR_jukebox\playR.exe -d C:\MAGIX\playR_jukebox
Task: {2344F4F1-3F48-480F-887A-E206F59B9E91} - System32\Tasks\{4B3987F3-BA28-43FC-83AC-AECF02687505} => C:\Users\user\Downloads\trial_videoprox6_dlm.exe
Task: {24C7202F-BAA6-4477-9E0B-62BD1110F41B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {2B62D15B-9DB8-4955-ACD9-BF014262ABD5} - System32\Tasks\{54127FE2-21C0-4930-B9FE-7B9C5C8F814F} => D:\start.exe
Task: {32244191-A44F-41EF-B254-DBA071E59AB3} - System32\Tasks\{4AF49534-2A46-4133-89CE-379655117B6E} => D:\start.exe
Task: {47ED653A-87CB-4217-B5D1-3A1B7B9E9BFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5A381EE5-3A9E-4461-990F-EB982EFAE6E5} - System32\Tasks\{089BE52C-68CC-4ED2-B639-C678A12F7F3A} => D:\start.exe
Task: {5FEE488D-4A5F-4729-B09F-C15D6BE82F04} - System32\Tasks\{7CC7D66F-3AC4-4875-8ACD-491249B9EEC6} => pcalua.exe -a C:\Users\user\Downloads\movie_edit_pro_12_92mb_us{1}.exe -d C:\Users\user\Downloads
Task: {60F1761B-3A15-4760-B3ED-4181EA9E2AF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-22] (AVAST Software)
Task: {70D2EE51-36E2-40C6-86F8-D2EC30B5D287} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {79D224C2-364A-43B9-B3AD-0FA582CC5BF8} - System32\Tasks\{4323D0E1-F631-4D41-92C7-269507BBAFC5} => D:\start.exe
Task: {954A9D47-B6CD-423C-B116-96B66CCBAA4F} - System32\Tasks\{F3D67462-D0B2-4A80-9E15-7531B91896DC} => pcalua.exe -a C:\MAGIX\video_deLuxe\videodeLuxe.exe -d C:\MAGIX\video_deLuxe
Task: {9A5FBDCD-EB5F-4C1F-8F0E-7DAA33068B9F} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9B262D95-AB78-4AF8-8329-0A53B13C0FE0} - System32\Tasks\{24E01DD9-E4AD-49EF-8803-A1E6E833474E} => D:\start.exe
Task: {A1241D0F-FAA0-4F62-96DD-6DB0D3960964} - System32\Tasks\avastBCLRestartS-1-5-21-617073521-755056118-2606118670-1000 => Chrome.exe
Task: {A143FA3E-ADFB-41EB-8B86-1284DBDF1558} - System32\Tasks\{64A16546-5066-42E1-ACC0-BD954DD5B750} => D:\start.exe
Task: {B0EBEE18-D313-4C66-8A29-0935661784F4} - System32\Tasks\{D18DFD51-9B84-4BFE-A876-F66B72A8F26F} => D:\start.exe
Task: {C8344F9D-DE7E-482F-B7E3-30067E886F32} - System32\Tasks\{20709CE4-7A47-4200-BF26-159EC2946415} => D:\start.exe
Task: {C97BF528-BCAD-46AA-B476-C46F73F72CA2} - System32\Tasks\{87C6F9F3-6F40-459B-9805-32B69F3F5394} => D:\start.exe
Task: {D66A1FAF-5C72-4716-B76D-BF625380F070} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {DCC828EB-9351-4115-A6A1-60BFA590D8E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-27] (Adobe Systems Incorporated)
Task: {E663490C-99C2-4929-99CA-EA0138779822} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F0CE685F-0F52-4D01-BA19-30EDB3AF5C77} - System32\Tasks\{8FCE7656-7164-4FEE-A456-8C13EB7E6049} => D:\start.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-22 18:24 - 2015-10-22 18:24 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-22 18:23 - 2015-10-22 18:23 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-02 12:28 - 2015-12-02 12:28 - 02813440 _____ () C:\Program Files\AVAST Software\Avast\defs\15120201\algo.dll
2015-06-05 18:58 - 2011-09-08 16:48 - 00962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-30 15:28 - 2010-08-19 04:43 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2015-10-22 18:24 - 2015-10-22 18:24 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-25 22:39 - 2015-10-09 15:56 - 00071680 _____ () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-10-30 16:01 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-30 16:01 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-11-27 14:12 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-617073521-755056118-2606118670-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1FB9BBAB-9568-4259-9ABD-7ADE949612F0}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D8075B61-1278-49B2-A2D2-0B66D9F6072F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F1E6AE2-2FCC-4634-BB01-EB06BF0E827C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A60279D8-8E4F-4958-B915-B18A6E8D3A24}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{01E48C95-1F4B-4D0D-BDE2-9E13A92C6793}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C2E0C8BF-2561-4E78-A28D-9BC33458904C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8C114617-4082-43A9-B1B7-C7AF0AC3FF05}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{951C2996-8C54-4999-80FD-4B6C0974619B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DD5795CB-AAE7-4B35-A6DA-733E8E363C54}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D5001D08-9857-46C6-B99A-F30D6DE9C81F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6BFF6488-7CA8-48C0-84E2-1BD7CA6A4DCF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4A69CD31-A138-4B9D-9C22-81B4CBE2E25B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{40089543-266B-458E-B5F2-C6C46085015D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A3E6C67B-D6AA-4A27-8F3E-BA3640A56DD0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{14996F64-FAAC-4F8B-892A-9BDD8AD4610B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{8506B658-727C-465C-ACCA-1ACB990A3418}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{CADBABEA-1ECB-4D59-A92E-0B2E92999A90}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6D2DC9F9-F350-43EF-BDC7-6270C7F8E111}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{33956D88-443C-414E-8A50-B3993FE20AC4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{06F42ADC-892A-4D7C-B29D-14AB7CAC030A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{269FACB0-65A5-4701-B812-8A71D3512B31}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{1B331242-E823-40F7-91B7-9A6459339AC1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{6C958D85-99FD-496E-B7F2-8B36EACEEA87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BBAB5409-4686-4E0A-AE57-8655CFE83A37}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8A38FB2A-6466-4B54-9C86-C9A5A2475301}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{63088C72-46A1-4596-9B00-660E10301149}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FC25D05F-5393-40A6-B7C2-12294FAB2400}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{B0BC287F-E073-43A4-B74E-85347DABFB01}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C3F8EBDF-18C5-47A5-8459-41D3B17C6DE6}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe
FirewallRules: [{99E0BEC6-AA24-413C-BD5D-C2898A649BA1}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe
FirewallRules: [{088A7DE1-5A99-47AD-AB6A-0C164550A184}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe
FirewallRules: [{8A774150-2854-4AA9-A98E-E28829B0DF12}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe
FirewallRules: [{0765F99D-D211-4659-9843-93B071733583}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe
FirewallRules: [{2C255D84-CC5F-4D9C-9D1B-0C393981FE9C}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe
FirewallRules: [{18EA9493-7EDF-4054-B905-81592793CEA9}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{395C11F1-2AD8-467B-8885-EA3F857741ED}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{3111081E-5052-4224-B6B8-61FE46F8119D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{9AED51E8-FD88-420F-89F5-7CE57326F5F4}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{E492174D-C3E8-4321-80CF-A6416E8BC8A1}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{17C28730-90F7-47DF-A869-E480B05EFACE}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{49321ED3-94D2-458E-B038-0D9E513244B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{242E3029-A457-4E29-810B-7705F7AD607D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{92F93626-CB55-4EC7-8206-915211C11488}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7947677B-F398-44DF-9317-68A89FDB4176}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F177E1CE-4072-47FD-B771-74257228BDC6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CB7E275D-BDA7-4526-8458-08E0AAA44887}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5E744014-7F56-49AF-825F-E1F0301B1BE8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2015 01:17:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:59:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:59:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.

Error: (12/02/2015 00:59:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.

Error: (12/02/2015 00:59:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:58:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:57:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: The specified server cannot perform the requested operation.
.

Error: (12/02/2015 00:57:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:57:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.

Error: (12/02/2015 00:57:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.


System errors:
=============
Error: (11/28/2015 09:25:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/28/2015 09:14:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (11/27/2015 08:14:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/06/2015 09:12:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (11/06/2015 07:59:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (11/01/2015 07:00:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/01/2015 06:46:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (10/30/2015 09:59:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (10/30/2015 02:47:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (10/29/2015 07:24:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of memory in use: 89%
Total physical RAM: 3062.49 MB
Available physical RAM: 333.7 MB
Total Virtual: 6123.3 MB
Available Virtual: 2667.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:169.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FFBEFFBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

I can also supply screenshots if requested.

I am surprised that I was not able to find any news about this problem anywhere online. I am sure I am not the only person to have this problem.

I hope you will be able to help me with this problem. I have been avoiding Amazon ever since it's happened.

I look forward to hearing from you soon. Thank you!
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm
Advertisement
Register to Remove

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby wannabeageek » December 3rd, 2015, 8:44 pm

Hello zintar, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.


I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

Note: Save or Move all downloaded files to your Desktop.
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby wannabeageek » December 4th, 2015, 11:54 am

Hello <NAME>,

Note: I notice that you ran several tools prior to posting here. I understand that you want to get rid of this infection as soon as possible, however I must ask you to refrain from doing so while we work together. Certain tools are created to target specific infections and the tools you are using will not get rid of the problem. If you keep using them while I ask you to run additional scans, they could impede my ability to provide a proper diagnosis of your computer.


Step 1.
License issue with Microsoft Office Enterprise 2007
The Microsoft Office Enterprise 2007 is not sold to individual home computer users and hence is not generally legal on any home computer.

Per our policy concerning illegally licensed software, I can offer you no further assistance as long as you have Microsoft Office Enterprise 2007 installed.

I strongly recommend that you uninstall Microsoft Office Enterprise 2007 however that choice is up to you.
  • If you choose NOT to remove this program, please indicate that in your next reply and ignore the remaining steps.
  • If you choose to remove this program then perform the following steps:
    1. Click on Start, then click the Start Search box on the Start Menu.
    2. Copy and paste the value below without the word Code: into the open text entry box:
      Code: Select all
       appwiz.cpl 
      and press Enter - the Uninstall or change a program list will be opened.
    3. Right-click the MS Office Enterprise 2007 entry, choose Uninstall/Change and give permission to Continue.
  • Reboot (restart) your computer.


Step 2.
TSG - SysInfo utility
  • Right mouse click on this link:SysInfo utility
  • Select from the pop up box:
    "Save link as..."
  • From the left panel of the pop up box, scroll up and select desktop.
  • Click the "Save" button.
From your desktop:
  • Right Mouse click SysInfo.exe, select "Run As Administrator" to run it... if UAC prompts, please allow it.
  • Right click, select copy and then paste in your next post.



Step 3.
Download and run MGA Diagnostic Tool
  1. Click here to download the MGA Diagnostics Tool from Microsoft and save it to your Desktop. The MGADiag.exe icon will appear on your Desktop.
  2. Right-click the MGADiag.exe icon on your Desktop and then select Run As Administrator from the popup menu.. The tools' window will be displayed.
  3. Click the Continue button. The scan will be performed. Once the scan is complete the report information will be displayed and a Copy button will be provided.
  4. Click the Copy button.
  5. Open Notepad and paste the contents of the report into the Notepad window.
  6. Save the report and paste the contents into your reply.



Step 4.
Run CKScanner
  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


What I need back from you:
Post each separately.
  1. Confirmation that Enterprise 2007 was removed.
  2. Contents of SysInfo report
  3. Contents of MGA Diagnostic report
  4. Contents of CKFiles.txt
  5. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 5th, 2015, 12:45 pm

Hello,
This is just a short note to thank you for responding to my post. I have not had a chance to read your instructions until today, and I'll start working your instructions ASAP.
Thank you again.
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 5th, 2015, 5:38 pm

Hi Wannabeageek,
Thank you again for your assistance. I was haven't had a chance to work the steps you sent me, but I hope to do so by tomorrow afternoon. I have no problem removing Office, and also not running any other security/anti-virus/malware programs.

Will keep in touch. Thank you again and have a great weekend.

Regards,
Zintar
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 7th, 2015, 12:23 pm

TSG

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 2
RAM: 3062 Mb
Graphics Card: EPSON Projector Support Driver for UD, 4 Mb
Hard Drives: C: Total - 476837 MB, Free - 170938 MB;
Motherboard: LENOVO, 945782U
Antivirus: avast! Antivirus, Updated and Enabled
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 7th, 2015, 12:27 pm

MGA Diagnostics

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-PJW6W-9GK29-TMPWP
Windows Product Key Hash: s96ZjOX/L18svs5JSfzs8eCl/m0=
Windows Product ID: 00426-OEM-8992662-00537
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {46BCF2CB-95D8-48FC-A02B-D99E30FB4597}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.151019-1254
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{46BCF2CB-95D8-48FC-A02B-D99E30FB4597}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TMPWP</PKey><PID>00426-OEM-8992662-00537</PID><PIDType>2</PIDType><SID>S-1-5-21-617073521-755056118-2606118670</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>945782U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7CET47WW (1.02 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20060411000000.000000+000</Date></BIOS><HWID>01E93907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-90 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600537-02-1033-7601.0000-3022014
Installation ID: 007380617526882855245424234571072094083272961851116542
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: TMPWP
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/7/2015 11:25:08 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:29:2015 22:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEAAwABAAMAAAACAAAAAgABAAEAeqh+Aef1Psb07kjkCoQMOVzQupTUFnIpbMWYGvRI

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-7C
FACP LENOVO TP-7C
HPET LENOVO TP-7C
BOOT LENOVO TP-7C
MCFG LENOVO TP-7C
SSDT LENOVO TP-7C
ECDT LENOVO TP-7C
TCPA LENOVO TP-7C
SSDT LENOVO TP-7C
SSDT LENOVO TP-7C
SLIC LENOVO TC-90
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 7th, 2015, 12:27 pm

MGA Diagnostics

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-PJW6W-9GK29-TMPWP
Windows Product Key Hash: s96ZjOX/L18svs5JSfzs8eCl/m0=
Windows Product ID: 00426-OEM-8992662-00537
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {46BCF2CB-95D8-48FC-A02B-D99E30FB4597}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.151019-1254
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{46BCF2CB-95D8-48FC-A02B-D99E30FB4597}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TMPWP</PKey><PID>00426-OEM-8992662-00537</PID><PIDType>2</PIDType><SID>S-1-5-21-617073521-755056118-2606118670</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>945782U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7CET47WW (1.02 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20060411000000.000000+000</Date></BIOS><HWID>01E93907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-90 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600537-02-1033-7601.0000-3022014
Installation ID: 007380617526882855245424234571072094083272961851116542
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: TMPWP
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/7/2015 11:25:08 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:29:2015 22:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEAAwABAAMAAAACAAAAAgABAAEAeqh+Aef1Psb07kjkCoQMOVzQupTUFnIpbMWYGvRI

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-7C
FACP LENOVO TP-7C
HPET LENOVO TP-7C
BOOT LENOVO TP-7C
MCFG LENOVO TP-7C
SSDT LENOVO TP-7C
ECDT LENOVO TP-7C
TCPA LENOVO TP-7C
SSDT LENOVO TP-7C
SSDT LENOVO TP-7C
SLIC LENOVO TC-90
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 7th, 2015, 12:27 pm

MGA Diagnostics

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-PJW6W-9GK29-TMPWP
Windows Product Key Hash: s96ZjOX/L18svs5JSfzs8eCl/m0=
Windows Product ID: 00426-OEM-8992662-00537
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {46BCF2CB-95D8-48FC-A02B-D99E30FB4597}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.151019-1254
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{46BCF2CB-95D8-48FC-A02B-D99E30FB4597}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TMPWP</PKey><PID>00426-OEM-8992662-00537</PID><PIDType>2</PIDType><SID>S-1-5-21-617073521-755056118-2606118670</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>945782U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7CET47WW (1.02 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20060411000000.000000+000</Date></BIOS><HWID>01E93907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-90 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600537-02-1033-7601.0000-3022014
Installation ID: 007380617526882855245424234571072094083272961851116542
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: TMPWP
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/7/2015 11:25:08 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:29:2015 22:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEAAwABAAMAAAACAAAAAgABAAEAeqh+Aef1Psb07kjkCoQMOVzQupTUFnIpbMWYGvRI

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-7C
FACP LENOVO TP-7C
HPET LENOVO TP-7C
BOOT LENOVO TP-7C
MCFG LENOVO TP-7C
SSDT LENOVO TP-7C
ECDT LENOVO TP-7C
TCPA LENOVO TP-7C
SSDT LENOVO TP-7C
SSDT LENOVO TP-7C
SLIC LENOVO TC-90
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 7th, 2015, 12:27 pm

MGA Diagnostics

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-PJW6W-9GK29-TMPWP
Windows Product Key Hash: s96ZjOX/L18svs5JSfzs8eCl/m0=
Windows Product ID: 00426-OEM-8992662-00537
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {46BCF2CB-95D8-48FC-A02B-D99E30FB4597}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.151019-1254
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{46BCF2CB-95D8-48FC-A02B-D99E30FB4597}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TMPWP</PKey><PID>00426-OEM-8992662-00537</PID><PIDType>2</PIDType><SID>S-1-5-21-617073521-755056118-2606118670</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>945782U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7CET47WW (1.02 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20060411000000.000000+000</Date></BIOS><HWID>01E93907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-90 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600537-02-1033-7601.0000-3022014
Installation ID: 007380617526882855245424234571072094083272961851116542
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: TMPWP
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/7/2015 11:25:08 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:29:2015 22:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEAAwABAAMAAAACAAAAAgABAAEAeqh+Aef1Psb07kjkCoQMOVzQupTUFnIpbMWYGvRI

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-7C
FACP LENOVO TP-7C
HPET LENOVO TP-7C
BOOT LENOVO TP-7C
MCFG LENOVO TP-7C
SSDT LENOVO TP-7C
ECDT LENOVO TP-7C
TCPA LENOVO TP-7C
SSDT LENOVO TP-7C
SSDT LENOVO TP-7C
SLIC LENOVO TC-90
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 7th, 2015, 12:27 pm

MGA Diagnostics

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-PJW6W-9GK29-TMPWP
Windows Product Key Hash: s96ZjOX/L18svs5JSfzs8eCl/m0=
Windows Product ID: 00426-OEM-8992662-00537
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {46BCF2CB-95D8-48FC-A02B-D99E30FB4597}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.151019-1254
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{46BCF2CB-95D8-48FC-A02B-D99E30FB4597}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TMPWP</PKey><PID>00426-OEM-8992662-00537</PID><PIDType>2</PIDType><SID>S-1-5-21-617073521-755056118-2606118670</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>945782U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7CET47WW (1.02 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20060411000000.000000+000</Date></BIOS><HWID>01E93907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-90 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600537-02-1033-7601.0000-3022014
Installation ID: 007380617526882855245424234571072094083272961851116542
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: TMPWP
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/7/2015 11:25:08 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:29:2015 22:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEAAwABAAMAAAACAAAAAgABAAEAeqh+Aef1Psb07kjkCoQMOVzQupTUFnIpbMWYGvRI

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-7C
FACP LENOVO TP-7C
HPET LENOVO TP-7C
BOOT LENOVO TP-7C
MCFG LENOVO TP-7C
SSDT LENOVO TP-7C
ECDT LENOVO TP-7C
TCPA LENOVO TP-7C
SSDT LENOVO TP-7C
SSDT LENOVO TP-7C
SLIC LENOVO TC-90
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 7th, 2015, 12:27 pm

MGA Diagnostics

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-PJW6W-9GK29-TMPWP
Windows Product Key Hash: s96ZjOX/L18svs5JSfzs8eCl/m0=
Windows Product ID: 00426-OEM-8992662-00537
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010100.1.0.001
ID: {46BCF2CB-95D8-48FC-A02B-D99E30FB4597}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Ultimate
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.151019-1254
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: B4D0AA8B-604-645_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{46BCF2CB-95D8-48FC-A02B-D99E30FB4597}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.001</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TMPWP</PKey><PID>00426-OEM-8992662-00537</PID><PIDType>2</PIDType><SID>S-1-5-21-617073521-755056118-2606118670</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>945782U</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7CET47WW (1.02 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20060411000000.000000+000</Date></BIOS><HWID>01E93907018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TC-90 </OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Ultimate edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 7cfd4696-69a9-4af7-af36-ff3d12b6b6c8
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00426-00178-926-600537-02-1033-7601.0000-3022014
Installation ID: 007380617526882855245424234571072094083272961851116542
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: TMPWP
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 12/7/2015 11:25:08 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 10:29:2015 22:00
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: NgAAAAEAAwABAAMAAAACAAAAAgABAAEAeqh+Aef1Psb07kjkCoQMOVzQupTUFnIpbMWYGvRI

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-7C
FACP LENOVO TP-7C
HPET LENOVO TP-7C
BOOT LENOVO TP-7C
MCFG LENOVO TP-7C
SSDT LENOVO TP-7C
ECDT LENOVO TP-7C
TCPA LENOVO TP-7C
SSDT LENOVO TP-7C
SSDT LENOVO TP-7C
SLIC LENOVO TC-90
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 7th, 2015, 1:11 pm

CKScanner

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.TQNAKZ
----- EOF -----
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby wannabeageek » December 7th, 2015, 2:08 pm

Hi zintar,

How did you obtain your copy of Windows Ultimate?
wannabeageek
MRU Master
MRU Master
 
Posts: 1773
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby zintar » December 7th, 2015, 2:17 pm

I took the unit to a local service shop when it broke down last year. They replaced the hard drive with Ultimate installed.

Did the scan results provide any information about the infections?
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware