This past Saturday, November 28, I clicked on an item on my Amazon.com shopping cart. I was concerned as the price jumped $15 overnight, with no notice from Amazon, and thought I would find some info on the sales page. It opened fine, but then a number of popup windows opened, a large one with items supposedly related to the product I added to my shopping cart, although I could tell it was not from Amazon, and several smaller popup windows along the bottom of the screen. At first I thought it was a problem with Amazon, but later in the day I got the same problem on every site I opened, including Malwareremoval.com. It was also opening full sites which all asked me to register and enter my personal information. I used Malwarebytes and AdwCleaner to remove the problem files, and though they removed several files, I continued to get attacked. Malwarebytes kept blocking the sites, but apparently some got through and continued to open windows and pages. including a game site named Piercing Blow. Other sites are Internet Influences.com, player-update.com, a.mktngadvert.com and reimageplus.com
I had been away since Sunday and could not access the computer until now. The "attacks" began as soon as I opened my browser. I am currently using Chrome so I don't know if the problem will continue if I switch to Firefox.
Also, the onslaught has been slowing down my computer so much I could not type this message on the computer but instead needed to use my main computer.
Here are the files from the FRST scan I performed on the computer a few minutes ago:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by user (administrator) on USER-PC (02-12-2015 13:16:10)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [EPSON_UD_START] => C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [534664 2011-11-17] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [USB2Check] => RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-10-09] ()
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\Hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: F - F:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {0f458b28-6858-11e4-97c8-0016d3296595} - F:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {3fb76f0e-2be8-11e5-adb4-0016d3296595} - E:\StormF1.exe
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {3fb7701a-2be8-11e5-adb4-0016d3296595} - E:\StormF1.exe
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {3fb7701e-2be8-11e5-adb4-0016d3296595} - E:\StormF1.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-22] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-06-05]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-11-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TabUserW.exe.lnk [2015-06-05]
ShortcutTarget: TabUserW.exe.lnk -> C:\Windows\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{57B789C4-6AF9-43DD-8929-7EEC91B8F2F1}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-08] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-617073521-755056118-2606118670-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-02] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-28] [not signed]
FF HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-11-06]
CHR Extension: (Video Downloader professional) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-12-02]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3219136 2015-10-22] (Avast Software)
R2 EMP_UDSA; C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-10-09] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-09-01] (Ellora Assets Corp.) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-07-18] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-10-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-10-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-10-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115640 2015-10-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-10-22] (AVAST Software)
R3 EMP_MIRRUD; C:\Windows\System32\DRIVERS\EMP_MirrUD.sys [3712 2011-11-17] (Windows (R) Codename Longhorn DDK provider)
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [17664 2011-11-17] (SEIKO EPSON CORPORATION)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-10-22] (AVAST Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 PinnacleMarvinAVS; C:\Windows\System32\DRIVERS\MarvinAVS.sys [434176 2007-05-09] (Pinnacle a division of Avid Technology, Inc.)
R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [51816 2012-09-21] (AuthenTec, Inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [658560 2013-08-09] (eMPIA Technology Corp.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [1327616 2013-08-09] (eMPIA Technology Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-10-22] (Avast Software)
R3 WacomVHidPen; C:\Windows\System32\DRIVERS\wacomvhidpen.sys [9216 2004-10-29] (Wacom Technology) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-02 13:16 - 2015-12-02 13:17 - 00018105 _____ C:\Users\user\Desktop\FRST.txt
2015-12-02 13:15 - 2015-12-02 13:16 - 00000000 ____D C:\FRST
2015-12-02 13:13 - 2015-12-02 13:13 - 01721344 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2015-11-28 20:55 - 2015-12-02 12:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-28 20:54 - 2015-11-28 20:54 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-28 20:54 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-28 20:54 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-28 20:54 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-28 20:36 - 2015-11-28 20:37 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-28 18:44 - 2015-11-28 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-28 18:44 - 2015-11-28 20:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-28 18:44 - 2015-11-28 18:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 09:51 - 2015-11-28 09:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2015-11-28 09:51 - 2015-11-28 09:51 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-11-27 20:11 - 2015-10-29 12:49 - 00295936 ____N (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-27 20:10 - 2015-10-19 19:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00655360 ____N (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00552960 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00400896 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00259584 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00251392 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00223232 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00172032 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-27 20:10 - 2015-10-19 19:45 - 00065536 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00038912 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00036864 ____N (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00017408 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-27 20:10 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-27 20:07 - 2015-10-30 17:42 - 02279936 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-27 20:07 - 2015-10-30 16:51 - 02011136 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-27 20:07 - 2015-10-30 16:48 - 01311744 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-27 20:06 - 2015-09-23 08:09 - 00251000 ____N (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-27 20:05 - 2015-10-20 12:46 - 00566784 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-27 20:05 - 2015-10-20 12:46 - 00030208 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-06 18:15 - 2015-11-06 20:27 - 00236708 _____ C:\Users\user\Documents\66_Rockwel_Place_Open_Market_Waiting_List_Application Completed.pdf
2015-11-06 18:03 - 2015-11-06 18:03 - 00000963 _____ C:\Users\user\Desktop\66_Rockwel_Place_Open_Market_Waiting_List_Application - Shortcut.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-12-02 13:17 - 2014-10-29 16:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-02 13:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows
2015-12-02 13:05 - 2014-10-29 14:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 12:59 - 2009-07-13 23:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-02 12:59 - 2009-07-13 23:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-02 12:52 - 2014-10-29 16:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-12-02 12:51 - 2014-10-29 14:41 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 12:51 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-02 12:49 - 2015-02-22 14:10 - 00000000 ____D C:\AdwCleaner
2015-11-28 21:31 - 2010-11-20 16:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-28 21:31 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2015-11-28 21:11 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-11-28 20:45 - 2014-11-18 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuarkXPress 10
2015-11-28 20:45 - 2014-11-02 15:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Yahoo!
2015-11-28 20:45 - 2014-11-02 15:54 - 00000000 ____D C:\Program Files\Yahoo!
2015-11-28 20:26 - 2015-04-05 02:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-28 20:26 - 2011-04-11 21:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-28 20:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-11-28 20:25 - 2015-06-25 22:39 - 00000000 ____D C:\Program Files\Common Files\Freemake Shared
2015-11-28 20:25 - 2015-04-19 08:06 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-28 20:25 - 2015-04-15 06:12 - 00000000 ___RD C:\Program Files\Skype
2015-11-28 20:25 - 2015-04-15 06:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-28 20:25 - 2015-04-15 06:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-11-28 20:25 - 2015-04-10 19:00 - 00000000 ____D C:\Users\user\AppData\LocalLow\Oracle
2015-11-28 20:25 - 2015-01-10 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-28 20:25 - 2014-11-26 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-11-28 20:25 - 2014-11-23 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-11-28 20:25 - 2014-11-23 20:15 - 00000000 ____D C:\Program Files\QuickTime
2015-11-28 20:25 - 2014-11-08 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-28 20:25 - 2014-11-02 15:46 - 00000000 ____D C:\ProgramData\HP
2015-11-28 20:25 - 2014-10-31 12:55 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-11-28 20:25 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-28 20:23 - 2014-11-23 20:15 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-28 19:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SchCache
2015-11-27 20:39 - 2014-10-29 14:52 - 00000000 ____D C:\Windows\system32\MRT
2015-11-27 14:17 - 2014-10-29 16:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-27 14:17 - 2014-10-29 16:34 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-27 14:13 - 2014-10-29 14:43 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-06 20:00 - 2014-10-29 14:41 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-06 20:00 - 2014-10-29 14:41 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
==================== Files in the root of some directories =======
2014-12-23 18:24 - 2015-10-30 01:34 - 0016896 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-15 16:08 - 2015-02-15 16:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-02 15:46 - 2014-11-02 16:04 - 0001258 _____ () C:\ProgramData\hpzinstall.log
Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\user\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\VideoConverter.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-11-28 18:15
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by user (2015-12-02 13:18:17)
Running from C:\Users\user\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-10-29 19:08:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-617073521-755056118-2606118670-500 - Administrator - Disabled)
Guest (S-1-5-21-617073521-755056118-2606118670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-617073521-755056118-2606118670-1002 - Limited - Enabled)
user (S-1-5-21-617073521-755056118-2606118670-1000 - Administrator - Enabled) => C:\Users\user
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe PhotoDeluxe Home Edition 4.0 (HKLM\...\Adobe PhotoDeluxe Home Edition 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
Avery Design & Print (HKLM\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
AVS Audio Converter version 6.3 (HKLM\...\AVS Audio Converter 6.3_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C3100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (Version: 82.0.256.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Painter Essentials 2 (HKLM\...\{B946D46E-1302-48B4-84EE-B74C3191D975}) (Version: 4.0 - Corel Corporation)
CyberLink PowerDirector 10 (HKLM\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.0925 - CyberLink Corp.)
CyberLink WaveEditor (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
Epson USB Display (HKLM\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.60.000 - SEIKO EPSON CORPORATION)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Freemake Video Converter version 4.1.7 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
honestech VHS to DVD 3.0 Deluxe (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech)
honestech VHS to DVD 3.0 Deluxe (Version: 3.0 - Honest Technology) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kastor - All Video Downloader V 5.9.3 (HKLM\...\{CB84FEF5-C573-4328-B9AF-B28568A4E10E}_is1) (Version: 5.9.3.0 - KastorSoft)
Kazoo Player (HKLM\...\Kazoo Player) (Version: - )
Knoll Light Factory EZ Studio (HKLM\...\Knoll Light Factory EZ Studio) (Version: - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.21 - )
Magic Bullet Looks Studio (HKLM\...\Magic Bullet Looks Studio) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MGI VideoWave 5 (HKLM\...\{3C030509-F7E8-4919-B7E9-2DF65CA1C1E6}) (Version: 5.0.888.0 - MGI Software Corp.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Pinnacle Studio 14 (HKLM\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Studio Ultimate Collection Plugins (HKLM\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Quark Update (HKLM\...\{82154114-943B-4A6F-9B20-073C9573E93E}) (Version: 1.0.0.2 - Quark, Inc.)
QuarkXPress (HKLM\...\{EACCA5D3-5E48-4181-B953-1842BA6FED32}) (Version: 10.0.0.1 - Quark Software Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Red Giant ToonIt Studio (HKLM\...\Red Giant ToonIt Studio) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SlimCleaner (HKLM\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trapcode 3DStroke Studio (HKLM\...\Trapcode 3DStroke Studio) (Version: - )
Trapcode Particular Studio (HKLM\...\Trapcode Particular Studio) (Version: - )
Trapcode Shine Studio (HKLM\...\Trapcode Shine Studio) (Version: - )
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIDBOX Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.1 - honestech)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebPage version 4.2 (HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\{2D05A87F-C01D-4DE5-9119-2B87A070EF82}_is1) (Version: 4.2 - Trellian Softwares)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
==================== Restore Points =========================
29-10-2015 18:12:55 Windows Update
06-11-2015 18:07:37 Windows Update
27-11-2015 20:00:06 Windows Update
27-11-2015 20:16:37 Windows Update
28-11-2015 19:44:21 Restore Operation
28-11-2015 19:57:01 avast! antivirus system restore point
28-11-2015 20:19:32 Restore Operation
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {118814B6-BF6F-4CAF-B2F0-771A60E23C15} - System32\Tasks\{AAFEC5A3-4E2D-417B-96DD-FD45A7DB7DB4} => pcalua.exe -a C:\MAGIX\playR_jukebox\playR.exe -d C:\MAGIX\playR_jukebox
Task: {2344F4F1-3F48-480F-887A-E206F59B9E91} - System32\Tasks\{4B3987F3-BA28-43FC-83AC-AECF02687505} => C:\Users\user\Downloads\trial_videoprox6_dlm.exe
Task: {24C7202F-BAA6-4477-9E0B-62BD1110F41B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {2B62D15B-9DB8-4955-ACD9-BF014262ABD5} - System32\Tasks\{54127FE2-21C0-4930-B9FE-7B9C5C8F814F} => D:\start.exe
Task: {32244191-A44F-41EF-B254-DBA071E59AB3} - System32\Tasks\{4AF49534-2A46-4133-89CE-379655117B6E} => D:\start.exe
Task: {47ED653A-87CB-4217-B5D1-3A1B7B9E9BFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5A381EE5-3A9E-4461-990F-EB982EFAE6E5} - System32\Tasks\{089BE52C-68CC-4ED2-B639-C678A12F7F3A} => D:\start.exe
Task: {5FEE488D-4A5F-4729-B09F-C15D6BE82F04} - System32\Tasks\{7CC7D66F-3AC4-4875-8ACD-491249B9EEC6} => pcalua.exe -a C:\Users\user\Downloads\movie_edit_pro_12_92mb_us{1}.exe -d C:\Users\user\Downloads
Task: {60F1761B-3A15-4760-B3ED-4181EA9E2AF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-22] (AVAST Software)
Task: {70D2EE51-36E2-40C6-86F8-D2EC30B5D287} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {79D224C2-364A-43B9-B3AD-0FA582CC5BF8} - System32\Tasks\{4323D0E1-F631-4D41-92C7-269507BBAFC5} => D:\start.exe
Task: {954A9D47-B6CD-423C-B116-96B66CCBAA4F} - System32\Tasks\{F3D67462-D0B2-4A80-9E15-7531B91896DC} => pcalua.exe -a C:\MAGIX\video_deLuxe\videodeLuxe.exe -d C:\MAGIX\video_deLuxe
Task: {9A5FBDCD-EB5F-4C1F-8F0E-7DAA33068B9F} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9B262D95-AB78-4AF8-8329-0A53B13C0FE0} - System32\Tasks\{24E01DD9-E4AD-49EF-8803-A1E6E833474E} => D:\start.exe
Task: {A1241D0F-FAA0-4F62-96DD-6DB0D3960964} - System32\Tasks\avastBCLRestartS-1-5-21-617073521-755056118-2606118670-1000 => Chrome.exe
Task: {A143FA3E-ADFB-41EB-8B86-1284DBDF1558} - System32\Tasks\{64A16546-5066-42E1-ACC0-BD954DD5B750} => D:\start.exe
Task: {B0EBEE18-D313-4C66-8A29-0935661784F4} - System32\Tasks\{D18DFD51-9B84-4BFE-A876-F66B72A8F26F} => D:\start.exe
Task: {C8344F9D-DE7E-482F-B7E3-30067E886F32} - System32\Tasks\{20709CE4-7A47-4200-BF26-159EC2946415} => D:\start.exe
Task: {C97BF528-BCAD-46AA-B476-C46F73F72CA2} - System32\Tasks\{87C6F9F3-6F40-459B-9805-32B69F3F5394} => D:\start.exe
Task: {D66A1FAF-5C72-4716-B76D-BF625380F070} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {DCC828EB-9351-4115-A6A1-60BFA590D8E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-27] (Adobe Systems Incorporated)
Task: {E663490C-99C2-4929-99CA-EA0138779822} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F0CE685F-0F52-4D01-BA19-30EDB3AF5C77} - System32\Tasks\{8FCE7656-7164-4FEE-A456-8C13EB7E6049} => D:\start.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-22 18:24 - 2015-10-22 18:24 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-22 18:23 - 2015-10-22 18:23 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-02 12:28 - 2015-12-02 12:28 - 02813440 _____ () C:\Program Files\AVAST Software\Avast\defs\15120201\algo.dll
2015-06-05 18:58 - 2011-09-08 16:48 - 00962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-30 15:28 - 2010-08-19 04:43 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2015-10-22 18:24 - 2015-10-22 18:24 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-25 22:39 - 2015-10-09 15:56 - 00071680 _____ () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-10-30 16:01 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-30 16:01 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-11-27 14:12 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-617073521-755056118-2606118670-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{1FB9BBAB-9568-4259-9ABD-7ADE949612F0}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D8075B61-1278-49B2-A2D2-0B66D9F6072F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F1E6AE2-2FCC-4634-BB01-EB06BF0E827C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A60279D8-8E4F-4958-B915-B18A6E8D3A24}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{01E48C95-1F4B-4D0D-BDE2-9E13A92C6793}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C2E0C8BF-2561-4E78-A28D-9BC33458904C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8C114617-4082-43A9-B1B7-C7AF0AC3FF05}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{951C2996-8C54-4999-80FD-4B6C0974619B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DD5795CB-AAE7-4B35-A6DA-733E8E363C54}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D5001D08-9857-46C6-B99A-F30D6DE9C81F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6BFF6488-7CA8-48C0-84E2-1BD7CA6A4DCF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4A69CD31-A138-4B9D-9C22-81B4CBE2E25B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{40089543-266B-458E-B5F2-C6C46085015D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A3E6C67B-D6AA-4A27-8F3E-BA3640A56DD0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{14996F64-FAAC-4F8B-892A-9BDD8AD4610B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{8506B658-727C-465C-ACCA-1ACB990A3418}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{CADBABEA-1ECB-4D59-A92E-0B2E92999A90}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6D2DC9F9-F350-43EF-BDC7-6270C7F8E111}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{33956D88-443C-414E-8A50-B3993FE20AC4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{06F42ADC-892A-4D7C-B29D-14AB7CAC030A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{269FACB0-65A5-4701-B812-8A71D3512B31}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{1B331242-E823-40F7-91B7-9A6459339AC1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{6C958D85-99FD-496E-B7F2-8B36EACEEA87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BBAB5409-4686-4E0A-AE57-8655CFE83A37}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8A38FB2A-6466-4B54-9C86-C9A5A2475301}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{63088C72-46A1-4596-9B00-660E10301149}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FC25D05F-5393-40A6-B7C2-12294FAB2400}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{B0BC287F-E073-43A4-B74E-85347DABFB01}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C3F8EBDF-18C5-47A5-8459-41D3B17C6DE6}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe
FirewallRules: [{99E0BEC6-AA24-413C-BD5D-C2898A649BA1}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe
FirewallRules: [{088A7DE1-5A99-47AD-AB6A-0C164550A184}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe
FirewallRules: [{8A774150-2854-4AA9-A98E-E28829B0DF12}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe
FirewallRules: [{0765F99D-D211-4659-9843-93B071733583}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe
FirewallRules: [{2C255D84-CC5F-4D9C-9D1B-0C393981FE9C}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe
FirewallRules: [{18EA9493-7EDF-4054-B905-81592793CEA9}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{395C11F1-2AD8-467B-8885-EA3F857741ED}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{3111081E-5052-4224-B6B8-61FE46F8119D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{9AED51E8-FD88-420F-89F5-7CE57326F5F4}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{E492174D-C3E8-4321-80CF-A6416E8BC8A1}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{17C28730-90F7-47DF-A869-E480B05EFACE}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{49321ED3-94D2-458E-B038-0D9E513244B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{242E3029-A457-4E29-810B-7705F7AD607D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{92F93626-CB55-4EC7-8206-915211C11488}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7947677B-F398-44DF-9317-68A89FDB4176}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F177E1CE-4072-47FD-B771-74257228BDC6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CB7E275D-BDA7-4526-8458-08E0AAA44887}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5E744014-7F56-49AF-825F-E1F0301B1BE8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/02/2015 01:17:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.
Error: (12/02/2015 00:59:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.
Error: (12/02/2015 00:59:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.
Error: (12/02/2015 00:59:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.
Error: (12/02/2015 00:59:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.
Error: (12/02/2015 00:58:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.
Error: (12/02/2015 00:57:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: The specified server cannot perform the requested operation.
.
Error: (12/02/2015 00:57:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.
Error: (12/02/2015 00:57:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.
Error: (12/02/2015 00:57:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.
System errors:
=============
Error: (11/28/2015 09:25:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (11/28/2015 09:14:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
Error: (11/27/2015 08:14:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (11/06/2015 09:12:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
Error: (11/06/2015 07:59:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
Error: (11/01/2015 07:00:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (11/01/2015 06:46:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
Error: (10/30/2015 09:59:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
Error: (10/30/2015 02:47:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (10/29/2015 07:24:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.
==================== Memory info ===========================
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of memory in use: 89%
Total physical RAM: 3062.49 MB
Available physical RAM: 333.7 MB
Total Virtual: 6123.3 MB
Available Virtual: 2667.52 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:169.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 465.8 GB) (Disk ID: FFBEFFBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
I can also supply screenshots if requested.
I am surprised that I was not able to find any news about this problem anywhere online. I am sure I am not the only person to have this problem.
I hope you will be able to help me with this problem. I have been avoiding Amazon ever since it's happened.
I look forward to hearing from you soon. Thank you!