melusina Posted October 29, 2014 ID:898636 Share Posted October 29, 2014 Hello, my computer is strange since some months. I think it behaves as a server for other PCs.In the past I tried to do several different things, but definitely I am not an expert, and usually it ends up with me installing again the OS from scratch. Very boring and not useful, because it takes too long to install all the updates again from Vista. Also, I think I never installed C++ or .NET, but these things maybe are connected to other programs that I installed. The farbar tool has produced two reports, one right after the other.I have saved both, will post only the first one here. The original language chosen at installation is English, the options are german, French, Italian (as normal in Switzerland). But my impression is that these three language packs that keep installing and disinstalling are not normal. Here is the scan result: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-10-2014 01Ran by presto (administrator) on TESTING on 29-10-2014 19:00:59Running from C:\Users\presto\DownloadsLoaded Profile: presto (Available profiles: federica & nuovo & presto & Guest)Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe(Hewlett-Packard Company) C:\WINDOWS\System32\hpservice.exe(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Swisscom (Schweiz) AG) C:\Program Files\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe() C:\WINDOWS\SMINST\BLService.exe() C:\Program Files\CyberLink\Shared Files\RichVideo.exe(Microsoft Corporation) C:\WINDOWS\System32\Locator.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Swisscom (Schweiz) AG) C:\Program Files\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Repair.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\WINDOWS\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2299176 2011-10-14] (Synaptics Incorporated)HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [202032 2008-03-14] ( Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [OnScreenDisplay] => C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [554288 2007-11-01] ( Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-04-15] (Intel Corporation)HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2007-11-20] (Hewlett-Packard Development Company, L.P.)HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-09] (Hewlett-Packard)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)HKLM\...\Run: [] => [X]HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)HKLM\...\Run: [My Swisscom Assistant] => C:\Program Files\Swisscom\My Swisscom Assistant\MySwisscomAssistant_Launcher.exe [10514352 2014-07-17] (Swisscom (Schweiz) AG)HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenterHKU\S-1-5-21-121182550-3569496195-3076372539-1004\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)HKU\S-1-5-21-121182550-3569496195-3076372539-1004\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)HKU\S-1-5-21-121182550-3569496195-3076372539-1004\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)HKU\S-1-5-21-121182550-3569496195-3076372539-1004\...\MountPoints2: {668ec84d-6745-11e3-bbe6-00238b263e0e} - G:\LaunchU3.exe -aHKU\S-1-5-21-121182550-3569496195-3076372539-1004\...\MountPoints2: {bd9d7b53-e971-11e1-80d7-00238b263e0e} - F:\setup_vmb_lite.exe /checkApplicationPresenceHKU\S-1-5-21-121182550-3569496195-3076372539-1004\...\MountPoints2: {bd9d7b62-e971-11e1-80d7-00238b263e0e} - F:\setup_vmb_lite.exe /checkApplicationPresenceCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.bluewin.ch/de/email/HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ch&c=83&bd=Pavilion&pf=cnnbHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ch&c=83&bd=Pavilion&pf=cnnbSearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {0470E62C-C97E-4317-81E5-0774D8CBF7B7} http://www.gfi.com/endpointscan/EndPointScan.cabDPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cabDPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-02-16]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-25] Chrome: =======CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHPCHR StartupUrls: Default -> "hxxp://www.google.com/", "hxxp://www.bluewin.ch/de/email/"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll ()CHR Plugin: (Conduit Chrome Plugin) - C:\Users\presto\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U5) - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\system32\npDeployJava1.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Profile: C:\Users\presto\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\presto\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-22]CHR Extension: (Skype Click to Call) - C:\Users\presto\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-25]CHR Extension: (Google Wallet) - C:\Users\presto\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-25]CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard) [File not signed]R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-02-26] (Hewlett-Packard Company) [File not signed]R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [341328 2008-03-26] ()R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)R2 VmbService; C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [9216 2011-04-19] (Vodafone) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 HpqRemHid; C:\Windows\System32\DRIVERS\HpqRemHid.sys [7168 2007-07-11] (Hewlett-Packard Development Company, L.P.)S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [85760 2011-04-18] (Huawei Technologies Co., Ltd.)S3 huawei_cdcecm; C:\Windows\System32\DRIVERS\ew_jucdcecm.sys [51456 2011-04-18] (Huawei Technologies Co., Ltd.)S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26496 2011-04-18] (Huawei Technologies Co., Ltd.)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-29] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)U1 eabfiltr; No ImagePathS3 IpInIp; system32\DRIVERS\ipinip.sys [X]S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 19:00 - 2014-10-29 19:01 - 00019537 _____ () C:\Users\presto\Downloads\FRST.txt2014-10-29 19:00 - 2014-10-29 19:01 - 00000000 ____D () C:\FRST2014-10-29 19:00 - 2014-10-29 19:00 - 01104896 _____ (Farbar) C:\Users\presto\Downloads\FRST.exe2014-10-26 19:51 - 2014-06-15 23:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-26 19:51 - 2014-06-13 19:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-26 19:51 - 2014-06-13 19:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-25 17:31 - 2014-10-28 20:32 - 00001274 _____ () C:\Windows\PFRO.log2014-10-25 15:44 - 2014-10-25 15:44 - 00000199 _____ () C:\Users\presto\Downloads\Britten_-_The_Turn_of_the_Screw_twelve-tone_theme_tetrachords.mid2014-10-25 14:58 - 2014-10-29 18:42 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-25 14:58 - 2014-10-25 14:59 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-10-25 14:58 - 2014-10-25 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-25 14:57 - 2014-10-25 14:59 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-10-25 14:57 - 2014-10-01 10:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-25 14:57 - 2014-10-01 10:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-25 14:57 - 2014-10-01 10:11 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-10-25 14:40 - 2014-10-25 14:41 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\presto\Downloads\mbam-setup-2.0.3.1025 (2).exe2014-10-25 14:40 - 2014-10-25 14:41 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\presto\Downloads\mbam-setup-2.0.3.1025 (1).exe2014-10-25 14:39 - 2014-10-25 14:40 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\presto\Downloads\mbam-setup-2.0.3.1025.exe2014-10-25 14:15 - 2014-10-25 14:15 - 00266065 _____ () C:\Users\presto\Downloads\dotnetfx_cleanup_tool.zip2014-10-25 12:51 - 2014-09-28 00:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-25 12:50 - 2014-09-16 17:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-25 12:49 - 2014-09-19 23:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-25 12:49 - 2014-09-19 23:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-25 12:49 - 2014-09-19 23:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-25 12:49 - 2014-09-19 23:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-25 12:49 - 2014-09-19 23:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-25 12:49 - 2014-09-19 23:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-25 12:49 - 2014-09-19 23:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-10-25 12:49 - 2014-09-19 23:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-25 12:49 - 2014-09-19 23:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-25 12:49 - 2014-09-19 23:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-25 12:49 - 2014-09-19 23:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-10-25 12:49 - 2014-09-19 23:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-25 12:49 - 2014-09-19 23:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-25 12:49 - 2014-09-19 23:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-10-25 12:49 - 2014-09-19 23:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-25 12:49 - 2014-09-19 23:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-25 12:49 - 2014-09-19 23:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-25 12:49 - 2014-09-19 23:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-25 12:49 - 2014-09-19 23:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-10-25 12:49 - 2014-09-19 23:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-10-25 12:49 - 2014-09-19 23:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-25 11:55 - 2014-09-05 00:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys2014-10-02 19:48 - 2014-10-02 19:49 - 00000132 _____ () C:\Users\presto\AppData\Roaming\wklnhst.dat2014-10-02 19:48 - 2014-10-02 19:48 - 00000000 ____D () C:\Users\presto\AppData\Roaming\Template2014-09-29 15:19 - 2014-09-29 15:21 - 143176848 _____ () C:\Users\presto\Downloads\DJ_AIO_03_F2220_Full_NonNet_WW_100_278.exe2014-09-29 15:10 - 2014-09-29 15:10 - 05152768 _____ () C:\Users\presto\Downloads\HPSupportSolutionsFramework.msi2014-09-29 15:10 - 2014-09-29 15:10 - 05152768 _____ () C:\Users\presto\Downloads\HPSupportSolutionsFramework (1).msi2014-09-29 14:27 - 2014-09-29 14:27 - 00000371 _____ () C:\Users\presto\Documents\Pictures - Shortcut.lnk ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-29 18:50 - 2012-07-22 17:00 - 02004051 _____ () C:\Windows\WindowsUpdate.log2014-10-29 18:49 - 2012-07-24 19:34 - 00000000 ____D () C:\Users\presto\AppData\Roaming\Skype2014-10-29 18:45 - 2008-07-07 06:07 - 00718610 _____ () C:\Windows\system32\perfh010.dat2014-10-29 18:45 - 2008-07-07 06:07 - 00147596 _____ () C:\Windows\system32\perfc010.dat2014-10-29 18:45 - 2006-11-02 11:33 - 03270228 _____ () C:\Windows\system32\PerfStringBackup.INI2014-10-29 18:40 - 2012-07-22 17:39 - 00226776 _____ () C:\ProgramData\nvModes.0012014-10-29 18:39 - 2014-03-01 09:20 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-10-29 18:39 - 2012-07-22 17:39 - 00226776 _____ () C:\ProgramData\nvModes.dat2014-10-29 18:39 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-10-29 18:39 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-10-29 18:39 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-10-28 21:43 - 2006-11-02 14:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-10-28 21:34 - 2014-03-23 21:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-10-28 21:26 - 2014-03-01 09:20 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-10-28 21:13 - 2013-04-06 17:56 - 00000000 ____D () C:\Users\presto\AppData\Local\swisscom2014-10-28 20:35 - 2013-09-01 20:03 - 00001356 _____ () C:\Users\presto\AppData\Local\d3d9caps.dat2014-10-26 23:31 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET2014-10-25 14:17 - 2013-07-13 22:10 - 00000000 ____D () C:\Windows\system32\MRT2014-10-25 14:09 - 2006-11-02 11:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe2014-10-25 13:17 - 2006-11-02 13:47 - 00313536 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-25 12:52 - 2012-07-22 18:15 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-02 19:52 - 2014-09-15 07:50 - 00000000 ____D () C:\Users\presto\Documents\Comprarcasa2014-10-01 19:23 - 2012-07-24 19:32 - 00073912 _____ () C:\Users\presto\AppData\Local\GDIPFONTCACHEV1.DAT2014-09-29 21:43 - 2013-12-25 15:28 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe2014-09-29 21:43 - 2013-12-25 15:28 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl2014-09-29 21:43 - 2012-09-09 10:14 - 00010345 _____ () C:\ProgramData\hpzinstall.log Files to move or delete:====================C:\ProgramData\ezsid.datC:\Users\Public\firefox.exeC:\Users\Public\iexplore.exeC:\Users\Public\mbam-chameleon.exeC:\Users\Public\rundll32.exeC:\Users\Public\svchost.exeC:\Users\Public\winlogon.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 18:46 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-10-2014 01Ran by presto at 2014-10-29 19:02:05Running from C:\Users\presto\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) HiddenActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) HiddenAdobe AIR (HKLM\...\Adobe AIR) (Version: 3.6.0.5970 - Adobe Systems Incorporated)Adobe Digital Editions 2.0 (HKLM\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Adobe Shockwave Player (HKLM\...\{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}) (Version: 10.2.0.023 - Adobe Systems, Inc.)Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.23.0 - Ask.com) <==== ATTENTIONATI Catalyst Install Manager (HKLM\...\{AF862EC3-CA8A-EC26-4F05-1FFA5241E520}) (Version: 3.0.704.0 - ATI Technologies, Inc.)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.79.5 - Broadcom Corporation)CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)CyberLink DVD Suite (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1519 - CyberLink Corp.)CyberLink YouCam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.0.1616 - CyberLink Corp.)D3DX10 (Version: 15.4.2368.0902 - Microsoft) HiddenDivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.5 - Google Inc.) HiddenHP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)HP Doc Viewer (HKLM\...\{082702D5-5DD8-4600-BCE5-48B15174687F}) (Version: 1.03.0001 - Hewlett-Packard)HP Easy Setup - Frontend (HKLM\...\{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}) (Version: 5.7.0.2630 - Hewlett-Packard)HP Help and Support (HKLM\...\{31216452-5540-4C96-B754-94890A63D5AB}) (Version: 2.0.10.0 - Hewlett-Packard)HP Photosmart A640 Series (HKLM\...\{0161FF91-D30C-4a7d-A87D-14B5ACC68C52}) (Version: 130.0.289.000 - Hewlett-Packard)HP Quick Launch Buttons 6.40 D1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 D1 - Hewlett-Packard)HP QuickTouch 1.00 D2 (HKLM\...\{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}) (Version: 1.0.9 - Hewlett-Packard)HP Support Solutions Framework (HKLM\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)HP User Guides 0102 (HKLM\...\{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}) (Version: 1.01.0000 - Hewlett-Packard)HP Wireless Assistant (HKLM\...\{A5CE7175-080D-49AC-B5A3-E7E3502428F5}) (Version: 3.00 I2 - Hewlett-Packard)HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) HiddenHPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) HiddeniCloud (HKLM\...\{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}) (Version: 2.1.3.25 - Apple Inc.)IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)Japanese Fonts Support For Adobe Reader X (HKLM\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)JMicron JMB38X Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenKyodai (HKLM\...\Kyodai 16.42 (Full package, re-release)_is1) (Version: - )LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.20.2719 - CyberLink Corp.)LightScribe System Software 1.12.33.2 (HKLM\...\{582287DA-0806-4AC0-BF19-C15E3A466034}) (Version: 1.12.33.2 - LightScribe)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)MSVCRT (Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)My Swisscom Assistant (HKLM\...\My Swisscom Assistant) (Version: 1.2.0.111 - Swisscom (Schweiz) AG)NAVIGON Fresh 3.5.1 (HKLM\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)NEF Codec (HKLM\...\{A89768CF-CD21-44FD-A723-16D5A8557415}) (Version: 1.00.0000 - Nikon)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation)Pegasus Mail (HKLM\...\Pegasus Mail) (Version: - David Harris)Pegasus Mail HTML Renderer 2.4.9.2 (HKLM\...\{A9F5E1E1-1281-4862-90B4-6CF8E6AF83CE}_is1) (Version: - Micha's Midnight Manufacture)Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3919 - CyberLink Corp.)PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2719 - CyberLink Corp.)PowerDirector (Version: 6.5.2719 - CyberLink Corp.) HiddenProtectSmart Hard Drive Protection (HKLM\...\{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}) (Version: 3.10 A7 - Hewlett-Packard)PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) HiddenQuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) HiddenSkype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Vodafone Mobile Broadband Lite (HKLM\...\{6C29152D-3FF9-43B2-84E4-9B35FC0BF5C2}) (Version: 10.2.103.31248 - Vodafone)Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Xirrus Wi-Fi Inspector (HKLM\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 21-09-2014 14:06:28 Windows Update21-09-2014 14:39:05 Windows Update22-09-2014 07:57:46 Language Pack Removal23-09-2014 18:34:12 Language Pack Removal27-09-2014 15:04:07 Windows Update28-09-2014 10:27:18 Language Pack Removal28-09-2014 15:15:45 Language Pack Removal29-09-2014 10:49:58 Language Pack Removal29-09-2014 13:40:19 Language Pack Removal29-09-2014 14:11:05 Installed HP Support Solutions Framework29-09-2014 14:24:40 HP Installation Restore Point01-10-2014 18:36:05 Language Pack Removal02-10-2014 18:07:46 Language Pack Removal03-10-2014 18:31:24 Language Pack Removal25-10-2014 10:26:56 Language Pack Removal25-10-2014 10:44:39 Windows Update25-10-2014 10:55:12 Windows Update25-10-2014 11:24:22 Language Pack Removal25-10-2014 11:49:44 Windows Update25-10-2014 12:33:34 Language Pack Removal25-10-2014 12:59:43 Windows Update25-10-2014 13:08:46 Windows Update25-10-2014 13:26:12 Windows Update25-10-2014 14:04:29 Language Pack Removal25-10-2014 16:47:55 Language Pack Removal26-10-2014 18:47:04 Windows Update28-10-2014 19:49:14 Language Pack Removal ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost::1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {41108A70-0C8E-4F8B-AC23-1E1D4A046912} - System32\Tasks\ExtendedServicePlan => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2008-04-15] ()Task: {43ED52A1-FBAC-4D8A-B34B-CC27CDC4EF41} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)Task: {4E7B2F1E-DBC3-4A5D-BF86-F378B1E7C560} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)Task: {5055865D-E077-4885-90DF-8BD140AF6F7B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-29] (Adobe Systems Incorporated)Task: {6E4C1286-8B9E-4B3B-A071-D008906E9093} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)Task: {7AD86F52-5FFB-491F-A2C0-0E53F90CB751} - System32\Tasks\4850 => Wscript.exe C:\Users\presto\AppData\Local\Temp\launchie.vbs //B <==== ATTENTIONTask: {886F22BA-8C8A-47DD-8979-935B50E1835A} - System32\Tasks\0 => Iexplore.exe <==== ATTENTIONTask: {8AA309DF-CC6B-4A8C-B9C8-DB3EDDF572B2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)Task: {9DF1B503-E596-451F-BF5E-C5D10FCB4DAC} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)Task: {BC33BBF7-DB35-4437-84FD-CF506CC74094} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2007-07-12 11:55 - 2007-07-12 11:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll2007-08-14 11:59 - 2007-08-14 11:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll2007-07-12 11:55 - 2007-07-12 11:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll2008-07-06 21:48 - 2008-03-26 14:26 - 00341328 _____ () C:\Windows\SMINST\BLService.exe2008-07-06 21:48 - 2006-09-13 12:54 - 00081920 _____ () C:\Windows\SMINST\STString.dll2008-07-06 21:48 - 2007-11-14 14:46 - 00126976 _____ () C:\Windows\SMINST\STWmiM.dll2008-07-06 21:43 - 2007-01-09 10:25 - 00272024 _____ () C:\Program Files\CyberLink\Shared Files\RichVideo.exe2008-07-06 21:04 - 2007-05-16 09:43 - 00677432 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe2014-09-27 16:33 - 2014-09-23 05:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll2014-09-27 16:33 - 2014-09-23 05:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll2014-09-27 16:33 - 2014-09-23 05:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\presto\Desktop\Re_ Re_ reservationVienna.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: HP Health Check Scheduler => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exeMSCONFIG\startupreg: MobileBroadband => C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silentMSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exeMSCONFIG\startupreg: UCam_Menu => "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenterMSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ========================= Accounts: ========================== Administrator (S-1-5-21-121182550-3569496195-3076372539-500 - Administrator - Disabled)federica (S-1-5-21-121182550-3569496195-3076372539-1000 - Limited - Enabled) => C:\Users\federicaGuest (S-1-5-21-121182550-3569496195-3076372539-501 - Limited - Enabled) => C:\Users\Guestnuovo (S-1-5-21-121182550-3569496195-3076372539-1003 - Limited - Enabled) => C:\Users\nuovopresto (S-1-5-21-121182550-3569496195-3076372539-1004 - Administrator - Enabled) => C:\Users\presto ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (10/29/2014 06:41:06 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/29/2014 06:40:42 PM) (Source: VmbService) (EventID: 0) (User: )Description: conflictManagerTypeValue Error: (10/28/2014 08:36:12 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application mbam.exe, version 1.0.1.711, time stamp 0x542b53ec, faulting module kernel32.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000142, fault offset 0x00009f5d,process id 0x1700, application start time 0xmbam.exe0. Error: (10/28/2014 08:34:29 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/28/2014 08:33:54 PM) (Source: VmbService) (EventID: 0) (User: )Description: conflictManagerTypeValue Error: (10/26/2014 08:39:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 542540 Error: (10/26/2014 08:39:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 542540 Error: (10/26/2014 08:39:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (10/26/2014 08:39:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 540419 Error: (10/26/2014 08:39:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 540419 System errors:=============Error: (10/29/2014 06:41:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (10/28/2014 08:50:28 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)Description: 0x800f0825it-IT Error: (10/28/2014 08:50:23 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)Description: 0x800f0825fr-FR Error: (10/28/2014 08:50:21 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)Description: 0x800f0825de-DE Error: (10/28/2014 08:35:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Adobe Flash Player Update Service%%1053 Error: (10/28/2014 08:35:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: 30000Adobe Flash Player Update Service Error: (10/28/2014 08:35:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Parallel port driver%%1058 Error: (10/26/2014 08:41:50 PM) (Source: VDS Dynamic Provider) (EventID: 10) (User: )Description: The provider failed while storing notifications from the driver. The Virtual Disk Service should be restarted. hr=80042505 Error: (10/26/2014 07:42:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: 30000MBAMScheduler Error: (10/25/2014 05:48:41 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1003) (User: NT AUTHORITY)Description: 0x800f0825it-IT Microsoft Office Sessions:========================= CodeIntegrity Errors:=================================== Date: 2014-10-29 19:01:48.027 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-29 19:01:47.805 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-29 19:01:47.552 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-29 19:01:47.328 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-29 19:01:46.935 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-29 19:01:46.704 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-29 19:01:46.452 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-29 19:01:46.229 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-29 19:01:21.017 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-29 19:01:20.470 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core2 Duo CPU T5800 @ 2.00GHzPercentage of memory in use: 48%Total physical RAM: 3038.27 MBAvailable physical RAM: 1577.59 MBTotal Pagefile: 6302.79 MBAvailable Pagefile: 4612.02 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1917.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:223.49 GB) (Free:110.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (HP_RECOVERY) (Fixed) (Total:9.39 GB) (Free:1.68 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 232.9 GB) (Disk ID: B48DE047)Partition 1: (Active) - (Size=223.5 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=9.4 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted January 3, 2015 Root Admin ID:925708 Share Posted January 3, 2015 We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you. Thank you and sorry we missed your topic. Link to post Share on other sites More sharing options...
Recommended Posts