Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help! Amazon dumped tons of annoying malware on my laptop!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help! Amazon dumped tons of annoying malware on my laptop!

Unread postby zintar » December 2nd, 2015, 2:58 pm

Hello,
This past Saturday, November 28, I clicked on an item on my Amazon.com shopping cart. I was concerned as the price jumped $15 overnight, with no notice from Amazon, and thought I would find some info on the sales page. It opened fine, but then a number of popup windows opened, a large one with items supposedly related to the product I added to my shopping cart, although I could tell it was not from Amazon, and several smaller popup windows along the bottom of the screen. At first I thought it was a problem with Amazon, but later in the day I got the same problem on every site I opened, including Malwareremoval.com. It was also opening full sites which all asked me to register and enter my personal information. I used Malwarebytes and AdwCleaner to remove the problem files, and though they removed several files, I continued to get attacked. Malwarebytes kept blocking the sites, but apparently some got through and continued to open windows and pages. including a game site named Piercing Blow. Other sites are Internet Influences.com, player-update.com, a.mktngadvert.com and reimageplus.com

I had been away since Sunday and could not access the computer until now. The "attacks" began as soon as I opened my browser. I am currently using Chrome so I don't know if the problem will continue if I switch to Firefox.

Also, the onslaught has been slowing down my computer so much I could not type this message on the computer but instead needed to use my main computer.

Here are the files from the FRST scan I performed on the computer a few minutes ago:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-12-2015
Ran by user (administrator) on USER-PC (02-12-2015 13:16:10)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Ellora Assets Corp.) C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Pinnacle Systems GmbH) C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\Hp\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6133520 2015-11-06] (AVAST Software)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [EPSON_UD_START] => C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [534664 2011-11-17] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [USB2Check] => RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController
HKLM\...\Run: [ProductUpdater] => C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-10-09] ()
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [28917376 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\Run: [HP Deskjet 3510 series (NET)] => C:\Program Files\Hp\HP Deskjet 3510 series\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: F - F:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {0f458b28-6858-11e4-97c8-0016d3296595} - F:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {3fb76f0e-2be8-11e5-adb4-0016d3296595} - E:\StormF1.exe
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {3fb7701a-2be8-11e5-adb4-0016d3296595} - E:\StormF1.exe
HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\MountPoints2: {3fb7701e-2be8-11e5-adb4-0016d3296595} - E:\StormF1.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-10-22] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-06-05]
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-11-02]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TabUserW.exe.lnk [2015-06-05]
ShortcutTarget: TabUserW.exe.lnk -> C:\Windows\System32\WTablet\TabUserW.exe (Wacom Technology, Corp.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{57B789C4-6AF9-43DD-8929-7EEC91B8F2F1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-08] (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-19] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files\TabletPlugins\npwacom.dll [2011-04-20] (Wacom, Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-617073521-755056118-2606118670-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2011-05-30] (Wacom)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-02] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-11-28] [not signed]
FF HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Adblock for Youtube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2015-11-06]
CHR Extension: (Video Downloader professional) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2015-12-02]
CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-22] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3219136 2015-10-22] (Avast Software)
R2 EMP_UDSA; C:\Program Files\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-10-09] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe [9216 2015-09-01] (Ellora Assets Corp.) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2010-08-19] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2014-07-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-13] (Microsoft Corporation)
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-10-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-10-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-10-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-10-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [794952 2015-11-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [435464 2015-11-06] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [115640 2015-10-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-10-22] (AVAST Software)
R3 EMP_MIRRUD; C:\Windows\System32\DRIVERS\EMP_MirrUD.sys [3712 2011-11-17] (Windows (R) Codename Longhorn DDK provider)
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [17664 2011-11-17] (SEIKO EPSON CORPORATION)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16440 2012-12-03] (Intel Corporation)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [170200 2015-12-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [107984 2015-10-22] (AVAST Software)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2011-02-11] (CACE Technologies, Inc.)
S3 PinnacleMarvinAVS; C:\Windows\System32\DRIVERS\MarvinAVS.sys [434176 2007-05-09] (Pinnacle a division of Avid Technology, Inc.)
R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [51816 2012-09-21] (AuthenTec, Inc.)
S3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [658560 2013-08-09] (eMPIA Technology Corp.)
S3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [1327616 2013-08-09] (eMPIA Technology Corp.)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-10-22] (Avast Software)
R3 WacomVHidPen; C:\Windows\System32\DRIVERS\wacomvhidpen.sys [9216 2004-10-29] (Wacom Technology) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-02 13:16 - 2015-12-02 13:17 - 00018105 _____ C:\Users\user\Desktop\FRST.txt
2015-12-02 13:15 - 2015-12-02 13:16 - 00000000 ____D C:\FRST
2015-12-02 13:13 - 2015-12-02 13:13 - 01721344 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2015-11-28 20:55 - 2015-12-02 12:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-28 20:54 - 2015-11-28 20:54 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-28 20:54 - 2015-10-05 09:50 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-28 20:54 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-28 20:54 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-28 20:36 - 2015-11-28 20:37 - 22908888 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-28 18:44 - 2015-11-28 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-28 18:44 - 2015-11-28 20:54 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-11-28 18:44 - 2015-11-28 18:44 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 09:51 - 2015-11-28 09:51 - 00000000 ____D C:\Users\user\AppData\Roaming\Sun
2015-11-28 09:51 - 2015-11-28 09:51 - 00000000 ____D C:\Users\user\.oracle_jre_usage
2015-11-27 20:11 - 2015-10-29 12:49 - 00295936 ____N (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-27 20:10 - 2015-10-19 19:48 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00655360 ____N (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00552960 ____N (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00400896 ____N (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00259584 ____N (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00251392 ____N (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00223232 ____N (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00172032 ____N (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-27 20:10 - 2015-10-19 19:45 - 00065536 ____N (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00038912 ____N (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00036864 ____N (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-27 20:10 - 2015-10-19 19:45 - 00017408 ____N (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-27 20:10 - 2015-10-19 19:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-27 20:07 - 2015-10-30 17:42 - 02279936 ____N (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-27 20:07 - 2015-10-30 16:51 - 02011136 ____N (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-27 20:07 - 2015-10-30 16:48 - 01311744 ____N (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-27 20:06 - 2015-09-23 08:09 - 00251000 ____N (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-27 20:05 - 2015-10-20 12:46 - 00566784 ____N (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-27 20:05 - 2015-10-20 12:46 - 00030208 ____N (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-06 18:15 - 2015-11-06 20:27 - 00236708 _____ C:\Users\user\Documents\66_Rockwel_Place_Open_Market_Waiting_List_Application Completed.pdf
2015-11-06 18:03 - 2015-11-06 18:03 - 00000963 _____ C:\Users\user\Desktop\66_Rockwel_Place_Open_Market_Waiting_List_Application - Shortcut.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-02 13:17 - 2014-10-29 16:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-02 13:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows
2015-12-02 13:05 - 2014-10-29 14:41 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-02 12:59 - 2009-07-13 23:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-02 12:59 - 2009-07-13 23:34 - 00026576 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-02 12:52 - 2014-10-29 16:13 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2015-12-02 12:51 - 2014-10-29 14:41 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-02 12:51 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-02 12:49 - 2015-02-22 14:10 - 00000000 ____D C:\AdwCleaner
2015-11-28 21:31 - 2010-11-20 16:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-28 21:31 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\inf
2015-11-28 21:11 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2015-11-28 20:45 - 2014-11-18 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuarkXPress 10
2015-11-28 20:45 - 2014-11-02 15:54 - 00000000 ____D C:\Users\user\AppData\Roaming\Yahoo!
2015-11-28 20:45 - 2014-11-02 15:54 - 00000000 ____D C:\Program Files\Yahoo!
2015-11-28 20:26 - 2015-04-05 02:01 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-28 20:26 - 2011-04-11 21:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-28 20:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2015-11-28 20:25 - 2015-06-25 22:39 - 00000000 ____D C:\Program Files\Common Files\Freemake Shared
2015-11-28 20:25 - 2015-04-19 08:06 - 00000000 ____D C:\Program Files\Common Files\Java
2015-11-28 20:25 - 2015-04-15 06:12 - 00000000 ___RD C:\Program Files\Skype
2015-11-28 20:25 - 2015-04-15 06:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-11-28 20:25 - 2015-04-15 06:12 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-11-28 20:25 - 2015-04-10 19:00 - 00000000 ____D C:\Users\user\AppData\LocalLow\Oracle
2015-11-28 20:25 - 2015-01-10 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-11-28 20:25 - 2014-11-26 17:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-11-28 20:25 - 2014-11-23 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-11-28 20:25 - 2014-11-23 20:15 - 00000000 ____D C:\Program Files\QuickTime
2015-11-28 20:25 - 2014-11-08 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-28 20:25 - 2014-11-02 15:46 - 00000000 ____D C:\ProgramData\HP
2015-11-28 20:25 - 2014-10-31 12:55 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2015-11-28 20:25 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-28 20:23 - 2014-11-23 20:15 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-28 19:23 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\SchCache
2015-11-27 20:39 - 2014-10-29 14:52 - 00000000 ____D C:\Windows\system32\MRT
2015-11-27 14:17 - 2014-10-29 16:34 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-11-27 14:17 - 2014-10-29 16:34 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-11-27 14:13 - 2014-10-29 14:43 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-06 20:00 - 2014-10-29 14:41 - 00794952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-11-06 20:00 - 2014-10-29 14:41 - 00435464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys

==================== Files in the root of some directories =======

2014-12-23 18:24 - 2015-10-30 01:34 - 0016896 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-15 16:08 - 2015-02-15 16:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-02 15:46 - 2014-11-02 16:04 - 0001258 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\FreemakeVideoConverterFull.exe
C:\Users\user\AppData\Local\Temp\FreemakeVideoDownloaderFull.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll
C:\Users\user\AppData\Local\Temp\VideoConverter.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-28 18:15

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version:01-12-2015
Ran by user (2015-12-02 13:18:17)
Running from C:\Users\user\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2014-10-29 19:08:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-617073521-755056118-2606118670-500 - Administrator - Disabled)
Guest (S-1-5-21-617073521-755056118-2606118670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-617073521-755056118-2606118670-1002 - Limited - Enabled)
user (S-1-5-21-617073521-755056118-2606118670-1000 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Flash Player 19 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe PhotoDeluxe Home Edition 4.0 (HKLM\...\Adobe PhotoDeluxe Home Edition 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Art Effects for PDR10 (HKLM\...\NewBlue Art Effects for PDR10) (Version: 2.0 - NewBlue)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.4.2233 - AVAST Software)
Avery Design & Print (HKLM\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
AVS Audio Converter version 6.3 (HKLM\...\AVS Audio Converter 6.3_is1) (Version: - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Bamboo (HKLM\...\Pen Tablet Driver) (Version: 5.2.5-5 - Wacom Technology Corp.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
C3100 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
c3100_Help (Version: 82.0.256.000 - Hewlett-Packard) Hidden
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Corel Painter Essentials 2 (HKLM\...\{B946D46E-1302-48B4-84EE-B74C3191D975}) (Version: 4.0 - Corel Corporation)
CyberLink PowerDirector 10 (HKLM\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.0925 - CyberLink Corp.)
CyberLink WaveEditor (HKLM\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 1.0.1.3320 - CyberLink Corp.)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
Epson USB Display (HKLM\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.60.000 - SEIKO EPSON CORPORATION)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Freemake Video Converter version 4.1.7 (HKLM\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM\...\Freemake Video Downloader_is1) (Version: 3.7.5 - Ellora Assets Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
honestech VHS to DVD 3.0 Deluxe (HKLM\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech)
honestech VHS to DVD 3.0 Deluxe (Version: 3.0 - Honest Technology) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet 3510 series Basic Device Software (HKLM\...\{9F1F6E90-519F-4217-9A4B-466632D5CCCB}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3510 series Help (HKLM\...\{97C1C98D-6AE5-4C71-9B00-EBBD9E014450}) (Version: 28.0.0 - Hewlett Packard)
HP Deskjet 3510 series Product Improvement Study (HKLM\...\{1006DA78-79A1-43AD-BEB9-7CDCDAEFD588}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. A (HKLM\...\{17016DA1-F040-4032-BD36-34DD317BC9D5}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Support Solutions Framework (HKLM\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Kastor - All Video Downloader V 5.9.3 (HKLM\...\{CB84FEF5-C573-4328-B9AF-B28568A4E10E}_is1) (Version: 5.9.3.0 - KastorSoft)
Kazoo Player (HKLM\...\Kazoo Player) (Version: - )
Knoll Light Factory EZ Studio (HKLM\...\Knoll Light Factory EZ Studio) (Version: - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.66.00.21 - )
Magic Bullet Looks Studio (HKLM\...\Magic Bullet Looks Studio) (Version: - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MGI VideoWave 5 (HKLM\...\{3C030509-F7E8-4919-B7E9-2DF65CA1C1E6}) (Version: 5.0.888.0 - MGI Software Corp.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero Burning ROM 10 (HKLM\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.2.11000.12.100 - Nero AG)
Nero Burning ROM 10 (HKLM\...\{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}) (Version: 10.5.10300 - Nero AG)
Nero BurnRights 10 (HKLM\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.2.10300.0.102 - Nero AG)
Nero Update (HKLM\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Pinnacle Studio 14 (HKLM\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Studio Ultimate Collection Plugins (HKLM\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Quark Update (HKLM\...\{82154114-943B-4A6F-9B20-073C9573E93E}) (Version: 1.0.0.2 - Quark, Inc.)
QuarkXPress (HKLM\...\{EACCA5D3-5E48-4181-B953-1842BA6FED32}) (Version: 10.0.0.1 - Quark Software Inc.)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Red Giant ToonIt Studio (HKLM\...\Red Giant ToonIt Studio) (Version: - )
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 7.5 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
SlimCleaner (HKLM\...\{6B8D6199-EE44-4FD7-813A-6D8C62C9B384}) (Version: 4.0.30878 - SlimWare Utilities, Inc.)
SmartSound Quicktracks 5 (HKLM\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (Version: 5.1.8 - SmartSound Software Inc.) Hidden
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Trapcode 3DStroke Studio (HKLM\...\Trapcode 3DStroke Studio) (Version: - )
Trapcode Particular Studio (HKLM\...\Trapcode Particular Studio) (Version: - )
Trapcode Shine Studio (HKLM\...\Trapcode Shine Studio) (Version: - )
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VIDBOX Driver (HKLM\...\{2758691A-2CDE-4942-A4AC-0E8F61FE2067}) (Version: 4.0.1 - honestech)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebPage version 4.2 (HKU\S-1-5-21-617073521-755056118-2606118670-1000\...\{2D05A87F-C01D-4DE5-9119-2B87A070EF82}_is1) (Version: 4.2 - Trellian Softwares)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WebTablet FB Plugin (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.0.0.1 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WinPcap 4.1.2 (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{5B004CDE-0211-469C-B9B5-0552E7E63917}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{77D8C8C7-6B46-4429-B876-DBC006C96EB1}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)
CustomCLSID: HKU\S-1-5-21-617073521-755056118-2606118670-1000_Classes\CLSID\{CD37ED08-860C-4B86-AD25-5587D8386587}\InprocServer32 -> C:\Program Files\Pinnacle\Shared Files\Filter\MarvinAVRenderer.ax (Pinnacle Systems GmbH)

==================== Restore Points =========================

29-10-2015 18:12:55 Windows Update
06-11-2015 18:07:37 Windows Update
27-11-2015 20:00:06 Windows Update
27-11-2015 20:16:37 Windows Update
28-11-2015 19:44:21 Restore Operation
28-11-2015 19:57:01 avast! antivirus system restore point
28-11-2015 20:19:32 Restore Operation

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {118814B6-BF6F-4CAF-B2F0-771A60E23C15} - System32\Tasks\{AAFEC5A3-4E2D-417B-96DD-FD45A7DB7DB4} => pcalua.exe -a C:\MAGIX\playR_jukebox\playR.exe -d C:\MAGIX\playR_jukebox
Task: {2344F4F1-3F48-480F-887A-E206F59B9E91} - System32\Tasks\{4B3987F3-BA28-43FC-83AC-AECF02687505} => C:\Users\user\Downloads\trial_videoprox6_dlm.exe
Task: {24C7202F-BAA6-4477-9E0B-62BD1110F41B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {2B62D15B-9DB8-4955-ACD9-BF014262ABD5} - System32\Tasks\{54127FE2-21C0-4930-B9FE-7B9C5C8F814F} => D:\start.exe
Task: {32244191-A44F-41EF-B254-DBA071E59AB3} - System32\Tasks\{4AF49534-2A46-4133-89CE-379655117B6E} => D:\start.exe
Task: {47ED653A-87CB-4217-B5D1-3A1B7B9E9BFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {5A381EE5-3A9E-4461-990F-EB982EFAE6E5} - System32\Tasks\{089BE52C-68CC-4ED2-B639-C678A12F7F3A} => D:\start.exe
Task: {5FEE488D-4A5F-4729-B09F-C15D6BE82F04} - System32\Tasks\{7CC7D66F-3AC4-4875-8ACD-491249B9EEC6} => pcalua.exe -a C:\Users\user\Downloads\movie_edit_pro_12_92mb_us{1}.exe -d C:\Users\user\Downloads
Task: {60F1761B-3A15-4760-B3ED-4181EA9E2AF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-22] (AVAST Software)
Task: {70D2EE51-36E2-40C6-86F8-D2EC30B5D287} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-04] (Google Inc.)
Task: {79D224C2-364A-43B9-B3AD-0FA582CC5BF8} - System32\Tasks\{4323D0E1-F631-4D41-92C7-269507BBAFC5} => D:\start.exe
Task: {954A9D47-B6CD-423C-B116-96B66CCBAA4F} - System32\Tasks\{F3D67462-D0B2-4A80-9E15-7531B91896DC} => pcalua.exe -a C:\MAGIX\video_deLuxe\videodeLuxe.exe -d C:\MAGIX\video_deLuxe
Task: {9A5FBDCD-EB5F-4C1F-8F0E-7DAA33068B9F} - System32\Tasks\HPCustParticipation HP Deskjet 3510 series => C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {9B262D95-AB78-4AF8-8329-0A53B13C0FE0} - System32\Tasks\{24E01DD9-E4AD-49EF-8803-A1E6E833474E} => D:\start.exe
Task: {A1241D0F-FAA0-4F62-96DD-6DB0D3960964} - System32\Tasks\avastBCLRestartS-1-5-21-617073521-755056118-2606118670-1000 => Chrome.exe
Task: {A143FA3E-ADFB-41EB-8B86-1284DBDF1558} - System32\Tasks\{64A16546-5066-42E1-ACC0-BD954DD5B750} => D:\start.exe
Task: {B0EBEE18-D313-4C66-8A29-0935661784F4} - System32\Tasks\{D18DFD51-9B84-4BFE-A876-F66B72A8F26F} => D:\start.exe
Task: {C8344F9D-DE7E-482F-B7E3-30067E886F32} - System32\Tasks\{20709CE4-7A47-4200-BF26-159EC2946415} => D:\start.exe
Task: {C97BF528-BCAD-46AA-B476-C46F73F72CA2} - System32\Tasks\{87C6F9F3-6F40-459B-9805-32B69F3F5394} => D:\start.exe
Task: {D66A1FAF-5C72-4716-B76D-BF625380F070} - System32\Tasks\SlimCleaner Run => C:\Program Files\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
Task: {DCC828EB-9351-4115-A6A1-60BFA590D8E7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-27] (Adobe Systems Incorporated)
Task: {E663490C-99C2-4929-99CA-EA0138779822} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F0CE685F-0F52-4D01-BA19-30EDB3AF5C77} - System32\Tasks\{8FCE7656-7164-4FEE-A456-8C13EB7E6049} => D:\start.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-22 18:24 - 2015-10-22 18:24 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-22 18:23 - 2015-10-22 18:23 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-02 12:28 - 2015-12-02 12:28 - 02813440 _____ () C:\Program Files\AVAST Software\Avast\defs\15120201\algo.dll
2015-06-05 18:58 - 2011-09-08 16:48 - 00962936 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-30 15:28 - 2010-08-19 04:43 - 00247152 ____N () C:\Program Files\CyberLink\Shared files\RichVideo.exe
2015-10-22 18:24 - 2015-10-22 18:24 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-06-25 22:39 - 2015-10-09 15:56 - 00071680 _____ () C:\Program Files\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2014-10-30 16:01 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-10-30 16:01 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\user\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
2015-11-27 14:12 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-617073521-755056118-2606118670-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{1FB9BBAB-9568-4259-9ABD-7ADE949612F0}] => (Allow) C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{D8075B61-1278-49B2-A2D2-0B66D9F6072F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9F1E6AE2-2FCC-4634-BB01-EB06BF0E827C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A60279D8-8E4F-4958-B915-B18A6E8D3A24}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{01E48C95-1F4B-4D0D-BDE2-9E13A92C6793}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{C2E0C8BF-2561-4E78-A28D-9BC33458904C}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{8C114617-4082-43A9-B1B7-C7AF0AC3FF05}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{951C2996-8C54-4999-80FD-4B6C0974619B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{DD5795CB-AAE7-4B35-A6DA-733E8E363C54}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D5001D08-9857-46C6-B99A-F30D6DE9C81F}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6BFF6488-7CA8-48C0-84E2-1BD7CA6A4DCF}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{4A69CD31-A138-4B9D-9C22-81B4CBE2E25B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{40089543-266B-458E-B5F2-C6C46085015D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{A3E6C67B-D6AA-4A27-8F3E-BA3640A56DD0}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{14996F64-FAAC-4F8B-892A-9BDD8AD4610B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{8506B658-727C-465C-ACCA-1ACB990A3418}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{CADBABEA-1ECB-4D59-A92E-0B2E92999A90}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{6D2DC9F9-F350-43EF-BDC7-6270C7F8E111}] => (Allow) C:\Program Files\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{33956D88-443C-414E-8A50-B3993FE20AC4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{06F42ADC-892A-4D7C-B29D-14AB7CAC030A}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{269FACB0-65A5-4701-B812-8A71D3512B31}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{1B331242-E823-40F7-91B7-9A6459339AC1}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{6C958D85-99FD-496E-B7F2-8B36EACEEA87}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{BBAB5409-4686-4E0A-AE57-8655CFE83A37}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{8A38FB2A-6466-4B54-9C86-C9A5A2475301}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{63088C72-46A1-4596-9B00-660E10301149}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{FC25D05F-5393-40A6-B7C2-12294FAB2400}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{B0BC287F-E073-43A4-B74E-85347DABFB01}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{C3F8EBDF-18C5-47A5-8459-41D3B17C6DE6}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe
FirewallRules: [{99E0BEC6-AA24-413C-BD5D-C2898A649BA1}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe
FirewallRules: [{088A7DE1-5A99-47AD-AB6A-0C164550A184}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe
FirewallRules: [{8A774150-2854-4AA9-A98E-E28829B0DF12}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe
FirewallRules: [{0765F99D-D211-4659-9843-93B071733583}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe
FirewallRules: [{2C255D84-CC5F-4D9C-9D1B-0C393981FE9C}] => (Allow) C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe
FirewallRules: [{18EA9493-7EDF-4054-B905-81592793CEA9}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{395C11F1-2AD8-467B-8885-EA3F857741ED}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [TCP Query User{3111081E-5052-4224-B6B8-61FE46F8119D}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{9AED51E8-FD88-420F-89F5-7CE57326F5F4}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{E492174D-C3E8-4321-80CF-A6416E8BC8A1}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\DeviceSetup.exe
FirewallRules: [{17C28730-90F7-47DF-A869-E480B05EFACE}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{49321ED3-94D2-458E-B038-0D9E513244B4}] => (Allow) C:\Program Files\HP\HP Deskjet 3510 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{242E3029-A457-4E29-810B-7705F7AD607D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{92F93626-CB55-4EC7-8206-915211C11488}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{7947677B-F398-44DF-9317-68A89FDB4176}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F177E1CE-4072-47FD-B771-74257228BDC6}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{CB7E275D-BDA7-4526-8458-08E0AAA44887}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{5E744014-7F56-49AF-825F-E1F0301B1BE8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2015 01:17:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:59:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:59:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.

Error: (12/02/2015 00:59:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.

Error: (12/02/2015 00:59:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:58:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:57:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: The specified server cannot perform the requested operation.
.

Error: (12/02/2015 00:57:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/039EEDB80BE7A03C6953893B20D2D9323A4C2AFD.crt> with error: This operation returned because the timeout period expired.
.

Error: (12/02/2015 00:57:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: The specified server cannot perform the requested operation.
.

Error: (12/02/2015 00:57:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.


System errors:
=============
Error: (11/28/2015 09:25:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/28/2015 09:14:37 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (11/27/2015 08:14:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/06/2015 09:12:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (11/06/2015 07:59:44 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (11/01/2015 07:00:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (11/01/2015 06:46:39 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (10/30/2015 09:59:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.

Error: (10/30/2015 02:47:46 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (10/29/2015 07:24:02 PM) (Source: cdrom) (EventID: 7) (User: )
Description: The device, \Device\CdRom0, has a bad block.


==================== Memory info ===========================

Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz
Percentage of memory in use: 89%
Total physical RAM: 3062.49 MB
Available physical RAM: 333.7 MB
Total Virtual: 6123.3 MB
Available Virtual: 2667.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:169.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: FFBEFFBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

I can also supply screenshots if requested.

I am surprised that I was not able to find any news about this problem anywhere online. I am sure I am not the only person to have this problem.

I hope you will be able to help me with this problem. I have been avoiding Amazon ever since it's happened.

I look forward to hearing from you soon. Thank you!
zintar
Regular Member
 
Posts: 16
Joined: December 2nd, 2015, 2:04 pm
Advertisement
Register to Remove

Re: Help! Amazon dumped tons of annoying malware on my lapto

Unread postby Gary R » December 2nd, 2015, 6:40 pm

viewtopic.php?f=11&t=64157

This is a Duplicate Post, and has therefore been closed.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 100 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware