[ghartmann]

I have a problem where my internet connection is being cut off by a proxy server that I cannot disable. When I uncheck the box, it resets the settings back immediately after. I can only think that this is because of some program I accidentally installed. I've run malwarebytes but that hasn't fixed the problem.

 

Here's my OTL log:

 

OTL logfile created on: 9/12/2014 4:32:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gabriele\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17031)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.89 Gb Total Physical Memory | 2.74 Gb Available Physical Memory | 70.34% Memory free
5.26 Gb Paging File | 3.96 Gb Available in Paging File | 75.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.56 Gb Total Space | 37.11 Gb Free Space | 66.80% Space Free | Partition Type: NTFS
Drive E: | 14.91 Gb Total Space | 14.91 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
 
Computer Name: GABI | User Name: Gabriele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/12 16:32:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gabriele\Downloads\OTL.exe
PRC - [2014/09/12 13:20:04 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/18 00:07:50 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gabriele\AppData\Local\Akamai\netsession_win.exe
PRC - [2011/12/14 20:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
PRC - [2011/12/14 20:53:44 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/12 13:19:57 | 003,716,720 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/14 20:55:40 | 008,453,376 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe
MOD - [2011/12/14 13:43:04 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/14 03:24:04 | 000,324,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2014/08/12 03:56:36 | 002,428,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/18 06:13:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/03/18 06:13:37 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2014/03/18 06:13:26 | 000,710,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2014/03/18 06:13:25 | 000,530,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2014/03/18 06:13:20 | 000,366,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2014/03/18 06:13:18 | 003,394,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/03/18 06:13:18 | 001,576,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2014/03/18 06:13:15 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2014/03/18 06:13:14 | 000,399,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2014/03/18 06:13:14 | 000,269,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2014/03/18 06:13:13 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2014/03/18 06:13:09 | 001,306,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/03/18 06:13:09 | 000,201,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 08:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 08:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 07:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 07:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 07:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 07:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 07:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 06:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 06:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 06:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 05:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 05:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 05:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 05:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 05:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 05:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 05:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 05:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 05:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV - [2014/09/12 13:20:04 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/08/14 03:24:08 | 000,276,808 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/18 06:13:02 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 08:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 23:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 22:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2011/12/14 20:53:44 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/09/12 16:31:04 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/08/14 03:23:50 | 004,786,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/07/28 15:48:49 | 000,038,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2014/07/28 15:48:49 | 000,027,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2014/05/12 07:26:14 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/18 06:13:59 | 000,157,528 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2014/03/18 06:13:47 | 000,054,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2014/03/18 06:13:20 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2014/03/18 06:13:19 | 000,924,504 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2014/03/18 06:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/03/18 06:13:15 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2014/03/18 06:13:02 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2014/03/18 06:13:01 | 000,384,856 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/03/18 06:13:01 | 000,236,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2014/03/18 06:13:01 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/03/18 06:13:01 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2014/03/18 06:13:01 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2014/03/18 06:13:01 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2014/03/18 06:13:00 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2014/03/18 06:13:00 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/03/18 06:13:00 | 000,189,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2014/03/18 06:13:00 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2014/03/18 05:45:47 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2014/03/18 05:45:41 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/08/22 09:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 09:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 08:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 08:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 08:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 08:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 08:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 08:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 08:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 08:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 08:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 08:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 08:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 08:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 08:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 08:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 08:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 08:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 08:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 08:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 08:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 08:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 08:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 08:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 08:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 08:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 08:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 08:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 08:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 08:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 08:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 08:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 08:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 07:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 07:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 07:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 07:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 07:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 07:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 07:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 07:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 07:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 07:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 07:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 07:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 07:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 07:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 07:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 07:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 07:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 07:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 07:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 07:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 07:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 07:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 04:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 19:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 20:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/30 14:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 15:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/06/18 10:46:17 | 000,591,360 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011/04/19 12:52:20 | 001,254,464 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2010/02/03 14:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2007/01/19 21:24:24 | 000,025,312 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49167;https=127.0.0.1:49167
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49167;https=127.0.0.1:49167
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 64 6C B7 7C CC CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Trovi search"
FF - prefs.js..browser.search.selectedEngine: "Trovi search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/09/09 18:48:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriele\AppData\Roaming\Mozilla\Extensions
[2014/09/09 18:59:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gabriele\AppData\Roaming\Mozilla\Firefox\Profiles\2fsrf22w.default\extensions
[2014/09/12 13:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/12 13:20:04 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/08/22 09:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gabriele\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Driver Support] C:\Program Files (x86)\Driver Support\Driver Support\DriverSupport.exe (PC Drivers Headquarters)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\SearchScopes present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{122E2B6B-4271-48B2-9869-E661E3219605}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD739BE0-D5A4-4569-BE59-DB9424B9981B}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/12 16:15:44 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/12 16:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/12 16:15:33 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/12 16:15:33 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/12 16:15:33 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/12 16:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/12 16:15:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/12 16:05:56 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2014/09/12 16:05:56 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\PC_Drivers_Headquarters
[2014/09/12 16:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Support
[2014/09/12 16:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Support
[2014/09/12 16:04:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Driver Support
[2014/09/12 15:16:26 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\Documents\Custom Office Templates
[2014/09/12 15:10:05 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\Microsoft Help
[2014/09/12 13:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/10 19:03:37 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\OneDrive
[2014/09/10 19:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft OneDrive
[2014/09/10 19:03:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/09/10 18:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2014/09/10 18:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014/09/10 18:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15
[2014/09/10 18:05:54 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\Akamai
[2014/09/10 17:25:47 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\Diagnostics
[2014/09/10 09:32:12 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2014/09/10 08:50:26 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\AppData\Local\EmieUserList
[2014/09/10 08:50:26 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\AppData\Local\EmieSiteList
[2014/09/10 08:39:55 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/09/10 08:39:55 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Searches
[2014/09/10 08:39:55 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Contacts
[2014/09/10 08:39:55 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/09/10 08:39:55 | 000,000,000 | -H-D | C] -- C:\Users\Gabriele\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/09/10 08:39:54 | 000,000,000 | --SD | C] -- C:\Users\Gabriele\AppData\Roaming\Microsoft
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Videos
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Saved Games
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Pictures
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Music
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Links
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Favorites
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Downloads
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Documents
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\Desktop
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/09/10 08:39:54 | 000,000,000 | R--D | C] -- C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\AppData\Local\Temporary Internet Files
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\Templates
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\Start Menu
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\SendTo
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\Recent
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\PrintHood
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\NetHood
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\Documents\My Videos
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\Documents\My Pictures
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\Documents\My Music
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\My Documents
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\Local Settings
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\AppData\Local\History
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\Cookies
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\Application Data
[2014/09/10 08:39:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\AppData\Local\Application Data
[2014/09/10 08:39:54 | 000,000,000 | -H-D | C] -- C:\Users\Gabriele\AppData
[2014/09/10 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\VirtualStore
[2014/09/10 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\Temp
[2014/09/10 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\Packages
[2014/09/10 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\Microsoft
[2014/09/10 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/09/10 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Roaming\Adobe
[2014/09/10 08:39:51 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/09/10 08:32:45 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2014/09/10 08:32:35 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2014/09/09 19:30:54 | 000,000,000 | -HSD | C] -- C:\Users\Gabriele\IntelGraphicsProfiles
[2014/09/09 18:48:52 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\ElevatedDiagnostics
[2014/09/09 18:47:34 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Roaming\OpenSoftwareUpdater
[2014/09/09 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Roaming\Mozilla
[2014/09/09 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\Mozilla
[2014/09/09 18:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/09/09 18:45:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/09/09 18:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\pastaleads
[2014/09/09 18:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2014/09/09 18:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2014/09/09 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2014/09/09 18:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2014/09/09 18:43:27 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Roaming\Systweak
[2014/09/09 18:43:26 | 000,020,312 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2014/09/09 18:43:21 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Local\Programs
[2014/09/09 18:25:44 | 000,025,312 | R--- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\SCMNdisP.sys
[2014/09/09 18:25:29 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\wpcap.dll
[2014/09/09 18:25:29 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysWow64\Packet.dll
[2014/09/09 18:25:29 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\Windows\SysNative\drivers\npf.sys
[2014/09/09 18:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Genie
[2014/09/09 18:25:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR
[2014/09/09 18:25:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2014/09/09 18:25:11 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Roaming\InstallShield
[2014/09/09 18:23:45 | 000,000,000 | ---D | C] -- C:\Users\Gabriele\AppData\Roaming\Macromedia
[2014/09/09 18:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2014/09/09 18:22:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2014/09/09 18:22:31 | 000,082,432 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2014/09/09 18:22:31 | 000,074,752 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2014/09/09 18:22:31 | 000,000,000 | ---D | C] -- C:\Temp
[2014/09/09 18:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2014/09/09 18:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2014/09/09 18:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2014/09/09 18:22:26 | 000,000,000 | ---D | C] -- C:\Intel
[2014/08/14 03:24:12 | 000,082,432 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\Intel_OpenCL_ICD64.dll
[2014/08/14 03:24:12 | 000,074,752 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\Intel_OpenCL_ICD32.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/12 16:31:04 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/12 16:30:13 | 000,863,592 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/12 16:30:13 | 000,730,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/12 16:30:13 | 000,135,520 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/12 16:25:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/12 16:23:24 | 016,777,216 | -HS- | M] () -- C:\swapfile.sys
[2014/09/12 16:23:23 | 3340,271,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/12 16:05:50 | 000,002,317 | ---- | M] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/09/12 15:08:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/09/12 15:07:29 | 000,474,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/10 18:10:26 | 806,676,480 | ---- | M] () -- C:\Users\Gabriele\Documents\OfficeProfessionalPlus_x64_en-us.img
[2014/09/10 17:20:40 | 000,139,488 | ---- | M] () -- C:\Windows\SysWow64\XMLOperations.xml
[2014/09/10 08:49:55 | 000,001,436 | ---- | M] () -- C:\Users\Gabriele\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/10 08:33:18 | 000,047,137 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2014/09/10 08:33:18 | 000,047,137 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2014/09/09 19:35:14 | 000,000,144 | ---- | M] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/09/09 19:35:02 | 000,021,976 | ---- | M] () -- C:\Windows\SysNative\drivers\SPPD.sys
[2014/09/09 19:30:51 | 000,000,510 | ---- | M] () -- C:\Windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[2014/09/09 18:45:10 | 000,001,159 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/09/09 18:34:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/09/09 18:25:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01005.Wdf
[2014/09/09 18:25:22 | 000,000,962 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
[2014/09/09 18:25:22 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Genie.lnk
[2014/09/09 18:23:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2014/08/14 03:24:34 | 000,212,660 | ---- | M] () -- C:\Windows\SysNative\resTHA.cui
[2014/08/14 03:24:34 | 000,203,812 | ---- | M] () -- C:\Windows\SysNative\resELL.cui
[2014/08/14 03:24:34 | 000,199,652 | ---- | M] () -- C:\Windows\SysNative\resRUS.cui
[2014/08/14 03:24:34 | 000,182,356 | ---- | M] () -- C:\Windows\SysNative\resARA.cui
[2014/08/14 03:24:34 | 000,181,828 | ---- | M] () -- C:\Windows\SysNative\resJPN.cui
[2014/08/14 03:24:34 | 000,181,364 | ---- | M] () -- C:\Windows\SysNative\resHEB.cui
[2014/08/14 03:24:34 | 000,176,116 | ---- | M] () -- C:\Windows\SysNative\resFRA.cui
[2014/08/14 03:24:34 | 000,176,052 | ---- | M] () -- C:\Windows\SysNative\resHUN.cui
[2014/08/14 03:24:34 | 000,174,340 | ---- | M] () -- C:\Windows\SysNative\resKOR.cui
[2014/08/14 03:24:34 | 000,174,004 | ---- | M] () -- C:\Windows\SysNative\resDEU.cui
[2014/08/14 03:24:34 | 000,173,748 | ---- | M] () -- C:\Windows\SysNative\resITA.cui
[2014/08/14 03:24:34 | 000,173,492 | ---- | M] () -- C:\Windows\SysNative\resROM.cui
[2014/08/14 03:24:34 | 000,173,460 | ---- | M] () -- C:\Windows\SysNative\resESN.cui
[2014/08/14 03:24:34 | 000,173,444 | ---- | M] () -- C:\Windows\SysNative\resSKY.cui
[2014/08/14 03:24:34 | 000,173,044 | ---- | M] () -- C:\Windows\SysNative\resPLK.cui
[2014/08/14 03:24:34 | 000,172,676 | ---- | M] () -- C:\Windows\SysNative\resNLD.cui
[2014/08/14 03:24:34 | 000,171,876 | ---- | M] () -- C:\Windows\SysNative\resPTB.cui
[2014/08/14 03:24:34 | 000,171,860 | ---- | M] () -- C:\Windows\SysNative\resTRK.cui
[2014/08/14 03:24:34 | 000,171,796 | ---- | M] () -- C:\Windows\SysNative\resCSY.cui
[2014/08/14 03:24:34 | 000,171,332 | ---- | M] () -- C:\Windows\SysNative\resPTG.cui
[2014/08/14 03:24:34 | 000,171,156 | ---- | M] () -- C:\Windows\SysNative\resFIN.cui
[2014/08/14 03:24:34 | 000,170,548 | ---- | M] () -- C:\Windows\SysNative\resHRV.cui
[2014/08/14 03:24:34 | 000,170,020 | ---- | M] () -- C:\Windows\SysNative\resSLV.cui
[2014/08/14 03:24:34 | 000,170,004 | ---- | M] () -- C:\Windows\SysNative\resSVE.cui
[2014/08/14 03:24:34 | 000,168,788 | ---- | M] () -- C:\Windows\SysNative\resNOR.cui
[2014/08/14 03:24:34 | 000,168,132 | ---- | M] () -- C:\Windows\SysNative\resDAN.cui
[2014/08/14 03:24:34 | 000,166,660 | ---- | M] () -- C:\Windows\SysNative\resENU.cui
[2014/08/14 03:24:34 | 000,164,836 | ---- | M] () -- C:\Windows\SysNative\resCHT.cui
[2014/08/14 03:24:34 | 000,163,652 | ---- | M] () -- C:\Windows\SysNative\resCHS.cui
[2014/08/14 03:24:12 | 000,082,432 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.DLL
[2014/08/14 03:24:12 | 000,082,432 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\Intel_OpenCL_ICD64.dll
[2014/08/14 03:24:12 | 000,074,752 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.DLL
[2014/08/14 03:24:12 | 000,074,752 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\Intel_OpenCL_ICD32.dll
[2014/08/14 03:24:08 | 000,044,025 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2014/08/14 03:24:08 | 000,043,816 | ---- | M] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2014/08/14 03:24:08 | 000,043,298 | ---- | M] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2014/08/14 03:24:08 | 000,043,256 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2014/08/14 03:24:08 | 000,042,079 | ---- | M] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2014/08/14 03:24:08 | 000,003,920 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/08/14 03:24:06 | 002,813,952 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.cpa
[2014/08/14 03:24:06 | 000,453,448 | ---- | M] () -- C:\Windows\SysNative\igfxTray.exe
[2014/08/14 03:24:06 | 000,043,494 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2014/08/14 03:24:06 | 000,005,120 | ---- | M] ( ) -- C:\Windows\SysNative\igfxLHMLibv2_0.dll
[2014/08/14 03:24:06 | 000,005,120 | ---- | M] ( ) -- C:\Windows\SysNative\igfxLHMLib.dll
[2014/08/14 03:24:06 | 000,001,125 | ---- | M] () -- C:\Windows\SysNative\iglhxa64.vp
[2014/08/14 03:24:04 | 000,254,976 | ---- | M] () -- C:\Windows\SysNative\igfxCPL.cpl
[2014/08/14 03:24:04 | 000,069,632 | ---- | M] () -- C:\Windows\SysNative\igfxCUIServicePS.dll
[2014/08/14 03:24:04 | 000,069,632 | ---- | M] ( ) -- C:\Windows\SysNative\igfxDHLibv2_0.dll
[2014/08/14 03:24:04 | 000,058,880 | ---- | M] ( ) -- C:\Windows\SysNative\igfxDHLib.dll
[2014/08/14 03:24:04 | 000,010,752 | ---- | M] ( ) -- C:\Windows\SysNative\igfxDILib.dll
[2014/08/14 03:24:04 | 000,010,240 | ---- | M] ( ) -- C:\Windows\SysNative\igfxEMLibv2_0.dll
[2014/08/14 03:24:04 | 000,010,240 | ---- | M] ( ) -- C:\Windows\SysNative\igfxEMLib.dll
[2014/08/14 03:24:04 | 000,010,240 | ---- | M] ( ) -- C:\Windows\SysNative\igfxDILibv2_0.dll
[2014/08/14 03:23:42 | 000,225,792 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2014/08/14 03:23:42 | 000,186,368 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2014/08/14 03:23:40 | 013,199,432 | ---- | M] () -- C:\Windows\SysNative\igd11dxva64.dll
[2014/08/14 03:23:38 | 012,728,192 | ---- | M] () -- C:\Windows\SysWow64\igd11dxva32.dll
[2014/08/14 03:23:28 | 000,094,208 | ---- | M] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2014/08/14 03:23:28 | 000,000,889 | ---- | M] () -- C:\Windows\SysNative\Gfxv4_0.exe.config
[2014/08/14 03:23:26 | 000,000,895 | ---- | M] () -- C:\Windows\SysNative\Gfxv2_0.exe.config
[2014/08/14 03:23:26 | 000,000,895 | ---- | M] () -- C:\Windows\SysNative\DPTopologyAppv2_0.exe.config
[2014/08/14 03:23:26 | 000,000,889 | ---- | M] () -- C:\Windows\SysNative\DPTopologyApp.exe.config
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/12 16:05:50 | 000,002,317 | ---- | C] () -- C:\Users\Public\Desktop\Driver Support.lnk
[2014/09/12 15:08:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2014/09/10 18:06:50 | 806,676,480 | ---- | C] () -- C:\Users\Gabriele\Documents\OfficeProfessionalPlus_x64_en-us.img
[2014/09/10 17:20:40 | 000,139,488 | ---- | C] () -- C:\Windows\SysWow64\XMLOperations.xml
[2014/09/10 08:49:55 | 000,001,436 | ---- | C] () -- C:\Users\Gabriele\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/10 08:39:54 | 000,001,442 | ---- | C] () -- C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/09/10 08:39:54 | 000,000,369 | ---- | C] () -- C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
[2014/09/10 08:39:54 | 000,000,369 | ---- | C] () -- C:\Users\Gabriele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
[2014/09/10 08:39:54 | 000,000,352 | ---- | C] () -- C:\Users\Gabriele\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/09/10 08:39:54 | 000,000,334 | ---- | C] () -- C:\Users\Gabriele\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/09/10 08:33:38 | 3340,271,616 | -HS- | C] () -- C:\hiberfil.sys
[2014/09/10 08:32:35 | 016,777,216 | -HS- | C] () -- C:\swapfile.sys
[2014/09/09 19:35:14 | 000,000,144 | ---- | C] () -- C:\Windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/09/09 19:35:02 | 000,021,976 | ---- | C] () -- C:\Windows\SysNative\drivers\SPPD.sys
[2014/09/09 19:30:51 | 000,000,510 | ---- | C] () -- C:\Windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[2014/09/09 18:45:10 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/09/09 18:45:10 | 000,001,159 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/09/09 18:34:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LocationProvider_01_11_00.Wdf
[2014/09/09 18:25:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01005.Wdf
[2014/09/09 18:25:29 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2014/09/09 18:25:22 | 000,000,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk
[2014/09/09 18:25:22 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Genie.lnk
[2014/09/09 18:23:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
[2014/08/14 03:24:34 | 000,212,660 | ---- | C] () -- C:\Windows\SysNative\resTHA.cui
[2014/08/14 03:24:34 | 000,203,812 | ---- | C] () -- C:\Windows\SysNative\resELL.cui
[2014/08/14 03:24:34 | 000,199,652 | ---- | C] () -- C:\Windows\SysNative\resRUS.cui
[2014/08/14 03:24:34 | 000,182,356 | ---- | C] () -- C:\Windows\SysNative\resARA.cui
[2014/08/14 03:24:34 | 000,181,828 | ---- | C] () -- C:\Windows\SysNative\resJPN.cui
[2014/08/14 03:24:34 | 000,181,364 | ---- | C] () -- C:\Windows\SysNative\resHEB.cui
[2014/08/14 03:24:34 | 000,176,116 | ---- | C] () -- C:\Windows\SysNative\resFRA.cui
[2014/08/14 03:24:34 | 000,176,052 | ---- | C] () -- C:\Windows\SysNative\resHUN.cui
[2014/08/14 03:24:34 | 000,174,340 | ---- | C] () -- C:\Windows\SysNative\resKOR.cui
[2014/08/14 03:24:34 | 000,174,004 | ---- | C] () -- C:\Windows\SysNative\resDEU.cui
[2014/08/14 03:24:34 | 000,173,748 | ---- | C] () -- C:\Windows\SysNative\resITA.cui
[2014/08/14 03:24:34 | 000,173,492 | ---- | C] () -- C:\Windows\SysNative\resROM.cui
[2014/08/14 03:24:34 | 000,173,460 | ---- | C] () -- C:\Windows\SysNative\resESN.cui
[2014/08/14 03:24:34 | 000,173,444 | ---- | C] () -- C:\Windows\SysNative\resSKY.cui
[2014/08/14 03:24:34 | 000,173,044 | ---- | C] () -- C:\Windows\SysNative\resPLK.cui
[2014/08/14 03:24:34 | 000,172,676 | ---- | C] () -- C:\Windows\SysNative\resNLD.cui
[2014/08/14 03:24:34 | 000,171,876 | ---- | C] () -- C:\Windows\SysNative\resPTB.cui
[2014/08/14 03:24:34 | 000,171,860 | ---- | C] () -- C:\Windows\SysNative\resTRK.cui
[2014/08/14 03:24:34 | 000,171,796 | ---- | C] () -- C:\Windows\SysNative\resCSY.cui
[2014/08/14 03:24:34 | 000,171,332 | ---- | C] () -- C:\Windows\SysNative\resPTG.cui
[2014/08/14 03:24:34 | 000,171,156 | ---- | C] () -- C:\Windows\SysNative\resFIN.cui
[2014/08/14 03:24:34 | 000,170,548 | ---- | C] () -- C:\Windows\SysNative\resHRV.cui
[2014/08/14 03:24:34 | 000,170,020 | ---- | C] () -- C:\Windows\SysNative\resSLV.cui
[2014/08/14 03:24:34 | 000,170,004 | ---- | C] () -- C:\Windows\SysNative\resSVE.cui
[2014/08/14 03:24:34 | 000,168,788 | ---- | C] () -- C:\Windows\SysNative\resNOR.cui
[2014/08/14 03:24:34 | 000,168,132 | ---- | C] () -- C:\Windows\SysNative\resDAN.cui
[2014/08/14 03:24:34 | 000,166,660 | ---- | C] () -- C:\Windows\SysNative\resENU.cui
[2014/08/14 03:24:34 | 000,164,836 | ---- | C] () -- C:\Windows\SysNative\resCHT.cui
[2014/08/14 03:24:34 | 000,163,652 | ---- | C] () -- C:\Windows\SysNative\resCHS.cui
[2014/08/14 03:24:08 | 000,044,025 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2014/08/14 03:24:08 | 000,043,816 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2014/08/14 03:24:08 | 000,043,298 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2014/08/14 03:24:08 | 000,043,256 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2014/08/14 03:24:08 | 000,042,079 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp
[2014/08/14 03:24:08 | 000,003,920 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2014/08/14 03:24:06 | 002,813,952 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2014/08/14 03:24:06 | 000,453,448 | ---- | C] () -- C:\Windows\SysNative\igfxTray.exe
[2014/08/14 03:24:06 | 000,043,494 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2014/08/14 03:24:06 | 000,005,120 | ---- | C] ( ) -- C:\Windows\SysNative\igfxLHMLibv2_0.dll
[2014/08/14 03:24:06 | 000,005,120 | ---- | C] ( ) -- C:\Windows\SysNative\igfxLHMLib.dll
[2014/08/14 03:24:06 | 000,001,125 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2014/08/14 03:24:04 | 000,254,976 | ---- | C] () -- C:\Windows\SysNative\igfxCPL.cpl
[2014/08/14 03:24:04 | 000,069,632 | ---- | C] () -- C:\Windows\SysNative\igfxCUIServicePS.dll
[2014/08/14 03:24:04 | 000,069,632 | ---- | C] ( ) -- C:\Windows\SysNative\igfxDHLibv2_0.dll
[2014/08/14 03:24:04 | 000,058,880 | ---- | C] ( ) -- C:\Windows\SysNative\igfxDHLib.dll
[2014/08/14 03:24:04 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\igfxDILib.dll
[2014/08/14 03:24:04 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysNative\igfxEMLibv2_0.dll
[2014/08/14 03:24:04 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysNative\igfxEMLib.dll
[2014/08/14 03:24:04 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysNative\igfxDILibv2_0.dll
[2014/08/14 03:23:42 | 000,225,792 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2014/08/14 03:23:42 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/08/14 03:23:40 | 013,199,432 | ---- | C] () -- C:\Windows\SysNative\igd11dxva64.dll
[2014/08/14 03:23:38 | 012,728,192 | ---- | C] () -- C:\Windows\SysWow64\igd11dxva32.dll
[2014/08/14 03:23:28 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2014/08/14 03:23:28 | 000,000,889 | ---- | C] () -- C:\Windows\SysNative\Gfxv4_0.exe.config
[2014/08/14 03:23:26 | 000,000,895 | ---- | C] () -- C:\Windows\SysNative\Gfxv2_0.exe.config
[2014/08/14 03:23:26 | 000,000,895 | ---- | C] () -- C:\Windows\SysNative\DPTopologyAppv2_0.exe.config
[2014/08/14 03:23:26 | 000,000,889 | ---- | C] () -- C:\Windows\SysNative\DPTopologyApp.exe.config
[2014/03/18 06:13:28 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2014/03/18 06:13:03 | 000,103,936 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/22 11:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/22 11:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 10:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 03:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/21 23:32:36 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2013/08/21 19:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/21 19:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== ZeroAccess Check ==========
 
[2014/09/09 18:46:35 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/18 06:13:24 | 021,230,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/18 06:13:35 | 018,682,288 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 05:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 22:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 05:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/09/09 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\Gabriele\AppData\Roaming\OpenSoftwareUpdater
[2014/09/12 16:22:59 | 000,000,000 | ---D | M] -- C:\Users\Gabriele\AppData\Roaming\Systweak
 
========== Purity Check ==========
 
 

< End of report >

[Advertisements]

Greetings ghartmann and

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.
 

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

First...

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.
 

• Right click to run as administrator. When the tool opens click Yes to the disclaimer.
• Ensure that the following are ticked as in the image below
  
  Drivers MD5
  Addition.txt
  
  
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Next...

ASWmbr Scan

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection. When it offers to download the virus database allow that as well



On completion of the scan click Save Log, save it to your desktop and post in your next reply



The tool will also produce a copy of the mbrdump labeled MBR.dat. Please do not delete this file, it wil lbe removed in our cleanup at the end.

Items I need to see in your next post:

 

• FRST and Addition Log
• ASWmbr Log

[ruggie_uk]

Greetings ghartmann and

My nickname is Ruggie and I will be assisting you in cleaning your computer.
Please be aware I am currently in the final stages of training right now and all my work will be checked by an instructor so there may be a slight delay between posts. The added benefit to this is that you will have 2 sets of eyes looking at your problem so you can be assured you will get the best possible help.
 

• Malware removal can be a long process and will at times get complicated with multiple steps to perform to ensure that your system is no longer infected.
• When we start the process, the list of instructions must be followed closely, it may seem difficult at times but it is important that you stay with me until your computer is declared clean.
• If you are receiving help elsewhere, please let me know so we can close this thread and help someone else.

Before going any further, I recommend that you print out (or save to a file) these guidelines and also the instructions when I post them, as part of the repair process may involve going into safe mode and therefore you will not have internet access.

The following guidelines are important but the ones highlighted in RED are of the highest importance and must not be skipped.

Please be aware, the fixes we perform are specific to this machine, at this moment in time. They must not be used on another computer or unsupervised at another time. This can render your computer unbootable.

If at all possible, Make backups of all your important files, whilst we will do our best to ensure that no files are lost or damaged, sometimes things can go wrong.

I will do everything in my power to ensure that this clean is successful, but occasionally failure hits us all. In this event, please have your original installation disks to hand and be prepared to have to format and reinstall your computer.

Refrain from using any tool that hasn't been instructed as it could alter the process that we are working through and cause further problems. Also only use the tools I instruct in the manner provided as they are very powerful and if not used properly can cause even more problems. It is best if you can avoid using the computer at all, apart from to perform the cleaning steps to ensure that any infections aren't spread.

Please stick with me until the end. malware removal is difficult and time consuming. We have to analyse hundreds of lines in log files. This takes time which we give freely so I ask that you do us the courtesy of seeing it through.

Only paste the contents of log files into your reply, DO NOT attach any log files unless requested to do so.

If you have any questions or get stuck, stop and ask....I am here to help you make this go as smoothly as possible.

If you do not reply within 3 days, your topic will be closed. It can be reopened if you ask. But if you plan on being gone for a longer period, just let me know and I will hold it open for you.

Ready? Now lets get to work

First...

Initial FRST Scan

Please download Farbar Recovery Scan Tool and save it to your Desktop. There will be 2 versions offered, if you know which version is the one you need, download that one, if not, download both, only one will work on your computer, that is the one you need.
 

• Right click to run as administrator. When the tool opens click Yes to the disclaimer.
• Ensure that the following are ticked as in the image below
  
  Drivers MD5
  Addition.txt
  
  
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• This will also generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Next...

ASWmbr Scan

Download aswMBR.exe ( 511KB ) to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection. When it offers to download the virus database allow that as well



On completion of the scan click Save Log, save it to your desktop and post in your next reply



The tool will also produce a copy of the mbrdump labeled MBR.dat. Please do not delete this file, it wil lbe removed in our cleanup at the end.

Items I need to see in your next post:

 

• FRST and Addition Log
• ASWmbr Log